Installing apps from unknown sources on Xiaomi smartphones is one of the most common causes of malware infection, even if you are confident in the security of the download. APK-file, system limitations MIUI They are not just there: they protect against Trojans, spyware and unauthorized access to data. In this article, we will discuss how to completely block the ability to install applications from outside of Google Play or Mi App Store, including hidden settings and nuances for different versions of the shell.
It is important to understand that banning installations from unknown sources is not only a security issue, but also a requirement of corporate policies (for example, when using a device for work).However, even for personal purposes, disabling this option will reduce the risk of accidental infection through fake APKs or phishing sites. We will look at standard methods through the settings menu, as well as advanced ways for users with root rights.
Why it is important to disable the installation from unknown sources
According to Kaspersky, more than 30% of malware for Android is spread through the Internet. APK-files downloaded from third-party sources:
- π Trojans: Masquerading as legitimate apps (such as modified versions of WhatsApp or games) but stealing bank card details or passwords.
- π± Spyware: Tracks location, microphone recordings or screenshots without your knowledge.
- πΈ Advertising viruses: Infect the device with aggressive advertising that cannot be removed without resetting the settings.
- π Auto-update malicious APK: Some viruses download and install new versions bypassing antiviruses.
Even if youβre a βcautiousβ user and only download APKs from trusted sites (like APKMirror), there were more than 150 cases of legitimate files being swapped by malicious users in 2023, so a blanket ban is the only reliable way to protect them.
β οΈ Note: Some applications (such as Fortnite or Genshin Impact) are officially distributed only through the APK. In this case, it is recommended to use a virtual machine or a second smartphone to install such programs.
Standard method: through MIUI security settings
The easiest method is to disable the resolution for all applications that can install APKs. The instructions are valid for MIUI 12, 13 and 14:
- Open Settings β Applications β Application Management.
- Click on the three dots in the top right corner and select Special Access.
- Go to the Installation section from unknown sources.
- For each application (e.g., Browser, File Manager, Telegram) move the slider to the Prohibit position.
If some apps are not listed, this means they have never asked permission to install an APK. However, system applications (such as Mi File Explorer) may not be on this menu β they will require a separate lock (see next section).
Special access settings are open|All applications in the status "Prohibit"|Checked for the absence of system loopholes (Mi File Explorer, Package Installer)|Rebooted smartphone to apply changes-->
Once you do this, trying to install an APK from the outside will cause an error: "Installation blocked by security policy," and if the error doesn't appear, one of the applications still has permission.
System application locking (Mi File Explorer, Package Installer)
Some Xiaomi system utilities (e.g. com.miui.packageinstaller) ignore the standard restrictions, and to prevent them from installing an APK, you will need to:
- Install ADB Tools on your computer and connect your smartphone via USB (with USB Debugging enabled in Settings β About Phone β MIUI version β press 7 times to unlock the developer mode).
- Follow the command: adb shell pm disable-user --user 0 com.miui.packageinstaller
- For file manager, use: adb shell pm disable-user --user 0 com.mi.android.globalFileexplorer
These commands will completely disable the ability to install APK through system tools. To return functionality, replace disable-user with enable.
β οΈ Note: Disabling Package Installer may cause system update failures MIUI Updater. Before executing commands, back up your data.
Only through Google Play|Through the Mi App Store|I download it sometimes. APK web-based|I'm setting everything up, indiscriminately.-->
Use of Device Policies (for corporate users)
If the smartphone is used for work and connected to Mobile Device Management (MDM), the administrator can apply security policies that block the installation of APK.
- π Set up Google Admin Console or Mi Enterprise Management.
- π In the Application Policy section, activate the option to disable installation from unknown sources.
- π± Apply the policy to your device through Android Device Management.
Once the policy is applied, the user cannot circumvent the restriction without administrator rights, a method that is suitable for companies where employees use Xiaomi for work purposes.
| Locking method | Root rights required | Bypassing the user | Suitable for MDM |
|---|---|---|---|
| Standard settings of MIUI | β No. | β Yes. ADB) | β No. |
| Disconnect Package Installer | β No, but you do. ADB) | β No. | β Yes. |
| Google Admin Policies | β No. | β No. | β Yes. |
| Root + change build.prop | β Yes. | β No. | β Yes. |
Advanced Method: Edit build.prop (root only)
If your Xiaomi has root rights, you can make changes to the build.prop system file to permanently block the installation of the APK from the outside.
- Install Root Explorer or any file manager with root support.
- Go to /system/build.prop and open the file to edit.
- Add the line: ro.allow.mock.location=0 pm.install_location=0
- Save the changes and restart the device.
These settings will completely disable the ability to install APKs from unknown system-level sources. Note that incorrect editing build.prop can lead to bootloop.
What if the phone is not turned on after building.prop editing?
What to do if the ban does not work: check the workarounds
Sometimes, even after blocking the APK installation, users are faced with malware still penetrating the device.
- π Auto-update through infected apps: some viruses (such as Agent Smith) replace legitimate apps APK to malicious without requesting permission.
- π¦ Vulnerabilities in MIUI: versionally MIUI 12.5 and below, there was a loophole through Mi Share that allowed the installation of the APK without warning.
- π Reset security settings: after system update, some policies are reset.
To check the device for workarounds:
- Install Malwarebytes or Dr.Web and perform a full scan.
- Check the list of installed apps in Settings β Apps β All apps for suspicious programs (for example, with names in Chinese or random characters).
- Open Settings β Accounts and sync and delete unknown accounts that may have administrator rights.
π‘
If you suspect that your device is already infected, don't connect it to your corporate network or home Wi-Fi until it's completely cleaned.
FAQ: Answers to Frequent Questions
Can I allow APK installation for only one application (e.g. Telegram)?
Will the ban work after the reset?
Can I ban APK installation without root rights?
How do you check that the ban is working?
What to do if the virus is already installed?
π‘
Even if you are confident in the security of the APK, banning installation from unknown sources is the only way to guarantee protection against most viruses.Use standard MIUI methods for basic protection and ADB/root for full lockdown.