Installing apps from unknown sources on Xiaomi Redmi is one of the most common causes of infection of a smartphone with viruses, spyware or advertising software. Even if you are confident in the security of the downloaded.apk file, an accidental error or vulnerability in the system can lead to serious consequences, from identity theft to locking the device with ransomware. In this article, we will discuss all ways to completely ban the installation of APK from third-party sources, both through standard MIUI settings and with additional tools.
The feature of Xiaomi smartphones (including the Redmi Note 12, Redmi 10, POCO X5 and others) is that the manufacturer adds its own layers of security on top of standard Android features. This means that simply disabling the option in the settings is not enough β you need to take into account the nuances of the MIUI 13/14 firmware, the work of Google Play Protect and even the capabilities of ADB for deep locking. We will look at solutions for different scenarios, from basic protection to a complete ban with administrative rights.
Why it is important to ban installations from unknown sources
According to Kaspersky statistics for 2023, more than 60% of malware for Android is spread through.apk files downloaded from the Internet, not through Google Play.
- π Fake apps: Fraudsters copy popular programs (such as WhatsApp or TikTok) by adding viruses or ad modules to them.
- π± Vulnerabilities MIUI: Some versions of Xiaomi firmware have flaws that allow you to bypass source verification (for example, through the use of a different source). MIUI Package Installer).
- π° Financial losses: Trojans like Anubis or Cerberus steal bank card details, wallet passwords and other data. SMS-code.
- π Device lock: Ransomware (e.g. LeakerLocker) encrypts files and demands a ransom for unlocking.
Even if you download APKs from βreliableβ sites (such as APKMirror or APKPure), there is no guarantee that the file was not modified during the download phase. In 2022, ESET researchers found that 15% of βcleanβ APKs from popular sites contained hidden advertising SDKs that collected user data.
β οΈ Note: On Xiaomi devices with bootloader unlocked, malware can gain super-user rights (root) even without your knowledge.This allows attackers to fully control the smartphone, including access to the device. TWRP and system sections.
Method 1: Disconnect via MIUI settings (Basic layer)
The easiest method is to use the built-in MIUI options. It is suitable for most users and does not require technical skills. The instructions are relevant for MIUI 12/13/14 on all Redmi models (including Redmi Note 11 Pro, Redmi 9A, POCO F4, etc.).
Steps:
- Open Settings β Applications β Application Management.
- Slip on the three dots in the upper right corner and select Special Access.
- Find Install Unknown Applications (in some versions, Install from Unknown Sources).
- You will see a list of apps that are allowed to install APKs (e.g. Chrome, Files, Telegram) and turn off the permission for everyone by moving the sliders to the position of Prohibit.
After that, the system will block attempts to install.apk through any application, but this method is not ideal:
- β Do not block the installation through ADB (developer-driven).
- β Maybe bypassed through MIUI Package Installer in some versions of the firmware.
- β Does not protect against installation through the Recovery (for example, TWRP).
All applications in the "Installation of Unknown Applications" section are disabled |
Attempt to install APK via Files ends in error |
Security settings enable "Google Play Protect" |
Xiaomi account is not tied to suspicious services-->
Method 2: Use Google Play Protect
Google Play Protect is a built-in antivirus from Google that scans all apps installed and installed, and while it doesn't block APK installation directly, it can prevent malware from launching.
Activation and configuration:
- Open Google Play Store β click on the profile icon in the upper right corner.
- Select Play Protect β Settings (cog in the top corner).
- Turn on the options: π Scan applications for malware π‘οΈ Improved protection against malicious applications (requires data to be sent to Google)
Play Protect
Scan.
Limitations of the method:
- β οΈ It does not block the installation, but only warns of a potential threat.
- β οΈ Viruses donβt update instantly β new threats may go unnoticed.
- β οΈ Some modified APK (For example, Lucky Patcher is bypassed by the inspection.
Only standard settings MIUI|
Google Play Protect|
Third-party antivirus (Kaspersky, Dr.Web, etc.)|
I don't use anything.|
I don't know what it is.-->
Method 3: Blocking through ADB (for power users)
If you need to completely disable APK installation at the system level, including ADB and recovery, you will need to use the adb shell command.This method is suitable for Xiaomi Redmi with an unlocked bootloader or for enterprise devices.
Warning: misuse of ADB can lead to data loss or device locking.We recommend backing up before executing commands.
Instructions:
- Install Platform Tools on PC (download from the official Android website).
- Turn on USB Debugging on your smartphone: Go to Settings β About Phone β Tap 7 times on MIUI to activate Developer Mode. Return to Settings β Additional β For Developers β Turn on USB Debugging.
adb shell settings put global install_non_market_apps 0This command disables the installation from unknown sources at the system level.
ADB
adb shell settings put global verifier_verify_adb_installs 1To return the settings back, use:
adb shell settings put global install_non_market_apps 1
adb shell settings put global verifier_verify_adb_installs 0β οΈ Note: Some Xiaomi models (e.g. Redmi) K50 or POCO F3) After these commands are executed, you may need to restart. If the device has stopped responding, reset via fastboot: fastboot reboot.
What if the ADB does not recognize the device?
Method 4: Set up parental controls (for family use)
If you want to limit the installation of apps on a childβs or employeeβs smartphone, use built-in parental controls in MIUI or third-party solutions like Google Family Link. This method does not block APK completely, but requires confirmation for each installation.
Configure via MIUI:
- Open Settings β Parental Controls (in some versions β Digital Well-Being).
- Create. PIN-setting-code.
- Select a user profile (such as a child).
- Activate the option to limit the installation of applications and set limits on age or type of content.
Configure with Google Family Link:
- Install the Family Link app on your device and your childβs smartphone.
- Link accounts through an invitation.
- In the child's settings, turn on: π Application Installation Management (requires your confirmation for each installation). π΄ Restriction on Content Download (blocks access to unsafe sites).
| Method | Level of protection | Difficulty setting up | Suitable for |
|---|---|---|---|
| MIUI settings | ββ | β | Basic protection |
| Google Play Protect | βββ | β | Additional verification |
| ADB-team | βββββ | βββ | Full lockdown. |
| Parental control | βββ | ββ | Family use |
Method 5: Removal of MIUI Package Installer (Extreme Method)
On some versions of MIUI (e.g. 12.5β14), the standard APK installer (com.miui.packageinstaller) can be disabled or removed, making installation from unknown sources impossible even through workarounds, which requires root rights or the use of ADB with an unlocked bootloader.
Instructions:
- Connect your smartphone to your PC and activate Debugging over USB (see Method 3).
- Run the command to disable the installer: adb shell pm disable-user --user 0 com.miui.packageinstaller
- For complete removal (requires root): adb shell su pm uninstall -k --user 0 com.miui.packageinstaller
β οΈ Attention: Removal MIUI Package Installer will make it impossible to install any APK, In order to return functionality, you will need to reflash the device or restore the file through fastboot.
adb shell pm enable com.miui.packageinstallerAfter the work is completed, turn off the installer again.-->
Additional security measures for Xiaomi Redmi
Even after blocking the plant from unknown sources, there are risks of infection through other vectors, and we recommend that you follow the following steps for comprehensive protection:
- π Disable the installation via the browser: In Chrome: Settings β Site settings β Downloads. β Turn off, ask where to save files. MIUI Browser: Settings β Confidentiality β Turn off Autouploading files.
- π‘οΈ Install antivirus: Recommended solutions: Kaspersky Mobile, Dr.Web Security Space, Bitdefender Mobile. Set up regular scanning and checking for virus database updates.
- π΅ Limit Application Rights: In Settings β Annexes β Allows to disable Package Installation access for all applications except Google Play Store.
- π Update. MIUI: Check for updates to Settings regularly β The phone. β System Update: Vulnerabilities in older firmware versions are often used to bypass restrictions.
π‘
The most reliable protection is a combination of methods: disable the installation through MIUI settings + activate Google Play Protect + use of antivirus, even if one layer of security is bypassed, the rest will prevent infection.
What to do if the virus is already installed
If you suspect that your Xiaomi Redmi has already installed malware, follow the following steps:
- Turn off the Internet: Transfer your smartphone to Flight Mode or turn off Mobile Data and Wi-Fi. This will prevent the transfer of data to intruders.
- Check the list of applications: Go to Settings β Apps β Application Management. Sort by installation date and remove suspicious programs.
- Run the scan: Use Google Play Protect or a third-party antivirus to look for threats.
- Reset settings (if the virus is not deleted): Reset to factory settings in Settings β About Phone β Reset. Before reset, save important data (photos, contacts) to an external drive or to the cloud.
If the virus has blocked access to the settings:
- Reboot your smartphone in Safe Mode (hold the power button β long tap on Turn off β Safe Mode).
- In safe mode, remove suspicious applications.
For complex cases (for example, ransomware) may require flashing through fastboot or EDL-Contact the Xiaomi service center if you are not sure about your actions.