How to turn off installation from unknown sources on Xiaomi

Modern Xiaomi smartphones with a shell MIUI or the new HyperOS have an advanced security system that blocks applications from downloading from third-party sources by default, a feature designed to protect your personal data and finances from malicious software that is often disguised as useful utilities. Users often have to allow installation. APK-files and then forget to return the settings back to a safe state.

Returning to factory restrictions is a critical step to maintaining a high level of digital hygiene of the device. If you previously activated the ability to download programs from a non-official Google Play store, the system could have saved these permissions for specific installer applications, ignoring this moment creates a permanent vulnerability that attackers can exploit when visiting dubious sites.

In this article, we will look at how to find and disable all active permissions to install third-party applications, look at the differences in the menu of different versions of the shell, explain why the system may require re-confirmation of actions, and show you how to check if your device is left open doors for potential threats.

Why it is important to limit the sources of application installation

The Android operating system is built on the principle of process isolation, but installing programs from unverified sources upsets this security balance. APK-You actually give this application the right to embed any code into the system without first checking by Google Play Protect. On Xiaomi devices, this is especially true, since aggressive battery optimization sometimes conflicts with security mechanisms, requiring manual control.

Many users don’t realize that a once-issued permission often remains active indefinitely until you manually cancel it, meaning that if you downloaded a modified version of the game or a utility a month ago, theoretically any malicious script running through the same browser today could trigger a quiet installation of spyware. Blocking unknown sources puts the situation back in your hands.

⚠️ Warning: Constantly active installation mode from unknown sources significantly increases the risk of infection of the device by Trojan bankers who can intercept the device. SMS bank-confirmation codes.

In addition, third-party applications often request excessive access rights, official app stores use automated scanners that at least partially filter out overtly dangerous queries. APK-You are the only barrier to the virus, so once you have completed the necessary manipulations of the files, you must immediately close this penetration channel.

Where to find security settings in MIUI and HyperOS

Xiaomi’s shell interface is constantly changing, and the location of key switches may vary depending on the Android version and regional firmware. In older versions of MIUI, there was a single global switch that completely prohibited or allowed the installation of third-party software. In modern versions, starting with Android 8.0 and higher, the security architecture has changed: permissions are issued individually for each installer application.

The main way to manage these settings is usually through the security menu. You need to go to Settings β†’ Applications β†’ Access Configurement (or Special Opportunities). This is where key switches are hidden. In some regions, the interface may be called Privacy, in others, simply Security. It is important not to confuse these settings with Device Protection mode, which only scans files but does not block the installation process itself.

πŸ“Š What's your version of the shell? MIUI/HyperOS?
MIUI 12
MIUI 13
MIUI 14
HyperOS
The other one/I don't know/

It's worth noting that Xiaomi often hides these settings deeper than its competitors, using layered menu nesting. If you don't find the right item right away, search for the settings. Type "unknown" or "installation" and the system will point the way to the desired section. This is the fastest way to navigate, especially when menu items have been renamed when localized.

Step-by-step: disabling through application settings

The most reliable way to close a vulnerability is to follow the manual permission management path for each potential installer. Even if you don't think you turned anything on, system browsers or messengers could have accessed that access automatically after the update. Follow the algorithm below for guaranteed results.

β˜‘οΈ Checking security settings

Done: 0 / 5

To start, open the basic settings of your smartphone and go to the Apps section. Here, select All Apps to see the full list of installed software. You need to find the applications through which you usually download files: this can be Chrome, Mi Browser, Telegram, WhatsApp or System Explorer.

Once you go into the properties of a particular application (e.g. Chrome), look for Install Unknown Apps (sometimes called Unknown App Installation Permits). If the switch is active (burning blue or green), click on it to turn it off. The system can show a warning window with a countdown timer - this is Xiaomi's standard protection measure to prevent accidental clicks. Wait for the countdown to end and confirm the action.

Repeat this procedure for all applications that can theoretically download files. Pay special attention to messengers, as they often spread malicious messages. APK-After completing all the steps, try to open any file. APK-File Manager – the system must issue an error or prompt to open the settings, but will not start the installation process.

πŸ’‘

Use the built-in search in the settings (the magnifier icon at the top of the settings screen) by entering the phrase β€œunknown” to instantly jump to the list of active resolution apps.

Use of the "Security" application for control

Xiaomi smartphones pre-installed the system app Security (green icon with shield), which duplicates many of the settings features, but in a more accessible format. It is a convenient tool for quick check of security status. The application often has a Scanner or Optimization section, where current threats can be displayed, including active installation permissions.

To take advantage of this method, open the Security app and click on the gear icon in the upper right corner to enter the scanner settings. This can be Real-time Monitor or Installation Check. Make sure that all check boxes associated with the check are in place. APK-While this doesn't disable the installation itself, it adds an additional barrier in the form of a mandatory check of each file before it's launched.

Security also has Licensing and Security (or similar depending on the version) and you can see a list of applications that have special rights. If you see programs that you don't trust or have not used to download files in a long time, take away their rights, which will help to clean up the system of unnecessary "junk" and potential security holes.

AnnexType of riskRecommended actionDefault status
Chrome / Yandex.BrowserHigh (download from the network)Turn off after useOff.
Telegram / WhatsAppMedium (contact files)Turn off (installed through the store)Off.
MIUI DownloadsMedium (system loader)ControlOn (often)
Conductor (Files)High (local APKs)Turn it off.Off.

Specifics of working with the developer mode

Sometimes users, trying to solve problems with debugging or installing specific software, activate Developer Mode. This hidden menu also contains settings that affect the installation of applications. USB) or debugging by USB They can indirectly affect the behavior of the system when working with APK-files, although they are not a direct analogue of permission to install from unknown sources.

If you have previously enabled Developer Mode, it is recommended to check its settings. To log in to this menu, click 7 times on the MIUI Version in About Phone. Once you have received the message "You are a Developer", go back to Advanced Settings β†’ For Developers. Make sure that the items related to installing applications via ADB or debugging are disabled if you are not using them right now for professional tasks.

What is ADB and why is it dangerous?
ADB (Android Debug Bridge is a tool for connecting your computer to your phone. USB and permit installation through ADB, an attacker with physical access to a phone (or connected to an infected person) USB-Charging port) can silently install the application without your knowledge.

It is important to understand that having active settings in developer mode does not eliminate the need to close permissions in the main application menu. These two layers of protection work in parallel. Closing the "login" through application settings blocks normal scenarios, and disabling debugging protects against advanced attacks through a computer or specialized hardware.

Typical errors and problems when disconnecting

Users often experience a situation where, after switching off, the switch switch switch switches back on after a while or the system requires re-confirmation. This can be caused by updates to the installer apps themselves. For example, after updating Chrome or Telegram, the Android system may reset their permissions for security reasons, but some Xiaomi shells may behave differently, requiring re-checking.

Another common problem is having multiple user profiles or guest modes. If you have disabled the installation of unknown apps in the main profile, but forgot to do so in guest mode or second space (Second Space), the vulnerability will persist. Check the settings in all active user profiles to ensure full protection of the device.

⚠️ Note: If the Install Unknown Apps switch is inactive (gray) and you can’t press it, it could mean that access is blocked by parental controls or corporate security policies (if the phone is working).

There's also a false sense of security that we have, and some users think that antivirus will protect them even when you're in the setup mode, but antiviruses often react after the fact, when the malicious code has already entered the system, and the only 100% guarantee of security is that you can't physically install the file from the outside without your direct and conscious intervention every time.

Additional protection measures for Xiaomi system

In addition to managing installation permits, you should also look at the Xiaomi Anti-Theft and Blocker feature, and in the Security app, you can set up a password to block the installation of applications, which will create an additional barrier: Even if permission to install from unknown sources is enabled, the system will require input. PIN-Fingerprint or code before the process begins.

To activate this function, go to Settings β†’ Annexes β†’ Blocking applications (or via the Security app) β†’ Blocking. Add not only personal apps to the lock list, but also the system component Package Installer, which will prevent any installation process from starting. APK-file without your knowledge, even if the source is allowed.

πŸ’‘

Comprehensive protection is achieved not only by disabling sources, but also by setting a password to the system installer of packets, which blocks the launch of the system. APK-files, even if you have permission.

Check the list of applications with device administrator rights regularly. Malware often tries to gain a foothold in the system, obtaining administrator rights, which allows them to prohibit their removal. Path to check: Settings β†’ Passwords and security β†’ Privacy β†’ Device administrators. There should be only one item there – β€œFind a device” (or similar system service).

Can I completely remove the installation option? APK-file?
Completely remove the system component responsible for the installation, without root-rights and deep modification of the system, as it will disrupt the work of Android itself.
Why does the phone itself suggest enabling the installation of unknown applications?
This happens when you try to open a file with the.apk extension. The system sees that the current application (like Explorer) does not have rights, and offers to give them. This is standard Android behavior that requires your confirmation.
Is it dangerous to only have one browser allowed?
Less dangerous than letting everyone, but the risk remains: If a zero-day vulnerability is found in this browser, an attacker can use it to download and install malware without user interaction (drive-by download).
Does disabling this setting affect the performance of Google Play?
No, it doesn't. Google Play has system privileges and operates regardless of user permissions to install from unknown sources, so you can update and download apps from the store as usual.