How to completely ban the installation of APK from unknown sources on Xiaomi: 5 proven ways

Sideloading is one of the most common causes of Xiaomi smartphones getting infected with viruses, spyware and adware Trojans. APK-files knowingly, malware can enter a device through fake updates, hacked games or phishing sites. Unlike Google Play Protection, which scans apps from an official store, files from external sources are often left unchecked.

Xiaomi has built several layers of protection into the MIUI shell, but they are not always active by default. For example, some models (Redmi Note 12 Pro+, POCO X5 Pro) allow APK installation through a browser or file managers, which creates a loophole for attackers. In this article, we will discuss how to completely block installation from unknown sources, from standard Android settings to hidden MIUI functions and even editing system parameters for advanced users.

Why it’s important to disable APK installation from unknown sources

According to Kaspersky data for 2023, more than 30% of mobile viruses spread through manual installation of APK.

  • πŸ“± Stealing data: passwords, bank details, photos and correspondence (for example, the Cerberus Trojan, masquerading as an update for WhatsApp).
  • πŸ’Έ Sign up for paid services without your knowledge (Joker-type viruses are sent to you) SMS short-numbered).
  • πŸ”‹ Remove the battery and heat the processor with hidden cryptocurrency mining (e.g. HiddenMiner).
  • πŸ“Š Show irremovable ads over all windows (advertisements like Shuanet).

Devices with unlocked bootloader or root rights are particularly vulnerable. Even if you are confident of the APK source, an error in the application code can lead to data leakage or conflict with MIUI system processes. For example, the popular Nova Launcher launcher in the pirated version often contains backdoors for remote control of a smartphone.

⚠️ Attention: On Xiaomi smartphones with firmware MIUI Global (e.g. Redmi) 10C, POCO M5) default installation allowed APK This means that any downloaded file with the.apk extension can be run in one tap without additional confirmation!

πŸ“Š Have you ever installed APK From unknown sources to your Xiaomi?
Yeah, often.
Yeah, but rarely.
No, never.
I don't know what it is.

Method 1: Disconnect via standard Android settings

The easiest method is to use Android’s built-in security options, which work on all Xiaomi devices, regardless of the version. MIUI (Instructions are relevant for Redmi Note 11 Pro, Xiaomi 12T, POCO F4 GT others.

Steps:

  1. Open Settings β†’ Applications β†’ Special Access Rights.
  2. Select Install Unknown Applications.
  3. You will see a list of programs that are allowed to install APKs (e.g. Chrome, Files, Telegram).
  4. Slip on each application and move the slider to the position "Prohibit".

After that, no.apk file can be installed through these programs, but there is a caveat: some system applications (such as Software Update) may again request permission. To avoid this, use method 3 (lock through MIUI Security).

β˜‘οΈ Security check after disconnection APK

Done: 0 / 4

Method 2: Use of MIUI Security (Security)

The MIUI shell has its own security application (MIUI Security), which offers advanced security settings, which is suitable for devices with MIUI 12.5+ (for example, Xiaomi 13 Lite, Redmi K50 Pro).

Instructions:

  1. Open the Security app (the shield icon).
  2. Go to the Privacy Protection section β†’ Special permits.
  3. Select Install Unknown Applications.
  4. Turn off permission for all apps except Software Update (if you trust Xiaomi’s official updates).

MIUI Security also has a Virus Scanner feature that can be manually run. However, it is less effective than Google Play Protection, so don't rely on it alone. For maximum security, combine this with Method 4 (edit build.prop).

Locking methodLevel of protectionNeed root?It's good for MIUI.
Standard Android settingsMedium.No.All versions.
MIUI SecurityHigh-pitchedNo.12.5 and newer
ADB-teamVery tall.No.All versions.
Editing by build.propMaximumYes.Any (requires root)

Method 3: Blocking through ADB (without root)

If you want to completely ban APK installation at the system level, but are not ready to get root rights, you can use ADB (Android Debug Bridge), which works on all Xiaomi smartphones, including the POCO X3 Pro, Redmi 9A and others.

You'll need:

  • πŸ–₯️ A computer with installed Xiaomi drivers and ADB.
  • πŸ“± Included debugging by USB on a smartphone (Settings) β†’ The phone. β†’ Version. MIUI β†’ 7 times tap to unlock the developer's settings).
  • πŸ”Œ USB-cable (preferably original).

Commands for lockdown:

adb shell settings put global install_non_market_apps 0


adb shell pm disable-user --user 0 com.android.packageinstaller

The first command disables the installation from unknown sources globally, the second one blocks the APK system installer. To get it back, use:

adb shell settings put global install_non_market_apps 1


adb shell pm enable com.android.packageinstaller

⚠️ Note: After completing these commands, you will not be able to install any APK, including legitimate ones (such as APKMirror or beta versions of applications).To circumvent the restriction, temporarily unlock the installer through the ADB.

πŸ’‘

If so, ADB-command APK still possible, check for applications with rights REQUEST_INSTALL_PACKAGES. They can be found through the adb shell dumpsy package and removed manually.

Method 4: Edit build.prop (root only)

This is the most reliable way, but it requires root rights and is only suitable for power users, and the method is to modify the system file build.prop, which controls the parameters of the firmware, suitable for MIUI of any version, including custom firmware like LineageOS or Pixel Experience.

Instructions:

  1. Install a file manager with root support (such as Root Explorer or FX File Explorer).
  2. Go to /system/build.prop and back up the file.
  3. Add a line to the end of the file: ro.allow.mock.location=0 persist.security.apkenable=0
  4. Save the changes, restart the device.

After that, the installation of APK from unknown sources will be blocked at the Android kernel level, and the restriction can only be circumvented by re-editing build.prop. However, be careful: incorrect changes to this file can lead to bootloop (cyclic smartphone reboot).

What if the phone is not turned on after building.prop editing?
If the device is stuck on the Xiaomi logo after changing build.prop, try: 1. Boot in Recovery Mode (clamp Power + Volume up). 2. Connect to the PC via ADB and return the original file: adb push build.prop.bak /system/build.prop 3. If there is no backup, reflash the device via Fastboot.

Method 5: Using third-party antiviruses with APK blocking

If you need not only installation lock, but also active protection against threats, you can install an antivirus with APK control function.

  • πŸ›‘οΈ Bitdefender Mobile Security – Blocks the Installation of Suspicious Security APK and scans existing applications for viruses.
  • πŸ” Malwarebytes – specializes in spyware and adware virus detection.
  • πŸ“± Kaspersky Internet Security – has a module β€œPhishing Protection” that prevents downloading malicious files.

How to set up a lock in Bitdefender:

  1. Install the app from Google Play.
  2. Go to Settings β†’ Threat Protection β†’ Lock the installation.
  3. Activate the option β€œProhibit installation from unknown sources”.

The downside of this method is that antiviruses consume additional resources (especially noticeable on budget models like the Redmi A1+), and they can not guarantee 100% protection: some viruses (for example, Anubis) masquerade as legitimate applications and bypass scanning.

πŸ’‘

Side-side antiviruses are convenient, but do not replace system security settings. Always combine them with blocking through MIUI or ADB.

What to do if the virus is already installed

If you suspect that your Xiaomi already has malware, follow the algorithm:

  1. Turn off the internet (mobile data and Wi-Fi) so the virus can’t send data.
  2. Go to Settings β†’ Apps and check the list of installed programs. Pay attention to applications with unfamiliar names (for example, System Update, Flash Player are frequent masks for viruses).
  3. Delete suspicious programs. If the Delete button is inactive, it is a sign that the virus has acquired administrator rights.
  4. Go to Settings β†’ Passwords and Security β†’ Device Administrators and uncheck the checkboxes from unknown applications.
  5. Perform a full check through Google Play Protection (Settings β†’ Google β†’ Security).

If the virus does not remove or blocks access to settings:

  • πŸ”„ Reset your smartphone to factory settings (Settings) β†’ The phone. β†’ Resetting settings).
  • πŸ“₯ Fastboot the device (instructions for your model look at the XDA Developers).

⚠️ Note: Some viruses (e.g. xHelper) recover from reset if system partitions are infected, in which case only a full flashshot erase userdata will help).

FAQ: Frequent questions

Can I unlock APK installation for one particular application?
Yes, MIUI allows you to selectively install only trusted programs. For example, if you download APK from APKMirror, allow installation only for the browser you use. To do this, go to Settings β†’ Applications β†’ Special Access Rights β†’ Install unknown applications. Find the desired application (e.g. Chrome) and enable permission for it. For all other programs, leave the status "Disallow" status. This approach reduces risk, but does not guarantee complete security - viruses can penetrate through trusted sources.
Why is APK installation allowed again after MIUI update?
With major MIUI updates (e.g. 13 to 14), some security settings are reset.This is because Xiaomi is revising permission policies for compatibility with new versions of Android.To avoid automatic resolution: After updating manually check the settings to Security β†’ Special Permits. Use Method 3 (ADB) - it is less susceptible to reset. Disable automatic update installation in Settings β†’ About Phone β†’ System Update.
How to prevent the installation of APK on Xiaomi for a child?
If you're setting up a smartphone for a child, it's not enough to just block unknown sources. We recommend: Create a profile with parental control (Settings β†’ Accounts β†’ Family); Set up Google Family Link and restrict the installation of any applications without your confirmation; Enable Safe MIUI Mode (Settings β†’ Lock Screen β†’ Safe Mode), which blocks changes to system settings. Use Method 4 (build.prop) if the child is technically savvy and can bypass standard restrictions. It's also useful to disable Unknown Sources in Google Play (Settlements β†’ Security β†’ Unknown Apps).
Will the APK lock work if I unlock the bootloader?
Unlocked bootloader greatly weakens the device's defenses, even if you block the installation. APK via settings, an attacker with physical access to the phone will be able to: Set custom recovery (TWRP) Get root rights and edit system files, bypass locking through Fastboot commands, and if you unlock a custom firmware bootloader, we recommend: Install firmware with a locked bootloader (for example, install a bootloader, MIUI EU Use Magisk to manage root rights and disable them by default. Enable data encryption (Settings) β†’ Additionally. β†’ Encryption).
Can I block APK installation through Google Play?
No, Google Play doesn't allow you to directly block APK installation from external sources, but you can: Activate Google Play Protection (Settings β†’ Google β†’ Security) to warn about potentially dangerous files; disable Unknown Sources in Google Play settings (but this doesn't block installation, it only hides warnings); Use Google Family Link to remotely monitor app installations on your child's device. To completely block you will have to use the methods from this article (ADB, build.prop or MIUI Security).