Why Xiaomi allows you to install applications from unknown sources and how it is dangerous
Xiaomi, like other Android smartphone makers, blocks third-party apps by default, but users often turn on the option themselves without realizing the risks. Malware, spyware, and even Trojans can get into a device through downloaded software. APK-files from unverified resources.
The Installation from Unknown Sources feature is designed for developers and power users who need to test their own apps or install software that is not available on Google Play, but in the hands of an inadvertent user, it becomes a loophole for cybercriminals. In 2023, Kaspersky researchers discovered more than 190,000 modified models. APK-files with malicious code masquerading as popular games and utilities.
Redmi and POCO devices on MIUI are particularly vulnerable because of their widespread use in Russia and CIS countries, and attackers often target this audience by distributing fake βhackedβ versions of applications through Telegram channels and file sharing platforms.
Where is the installation from unknown sources in MIUI
Depending on the version of MIUI (12, 13, 14 or HyperOS), the path to customization may be slightly different. In recent firmware versions, Xiaomi has moved this option to the Special Rights section to reduce the number of random inclusions.
- π± MIUI 14 / HyperOS: Settings β Annexes β Special rights β Installation of unknown applications
- π± MIUI 12/13: Settings β Confidentiality β Special permits β Installation of unknown applications
- π± Old versions (up to) MIUI 11): Settings β Additionally. β Confidentiality β Unknown sources
It's important to understand that in MIUI, this setting is not specific to the entire device, but to specific applications. For example, if you allowed APK installation through the File Manager, you still can't install files through Chrome or Telegram, you need to give permission to each application separately.
Step-by-step: how to disable the installation from unknown sources
The shutdown process takes no more than 2-3 minutes, the main thing is to check all applications that have previously been granted such permissions.
- Open the settings on your Xiaomi smartphone.
- Go to the Apps section (or All Apps in older versions).
- Select Special Rights (in MIUI 14) or Special Permits (in MIUI 12/13).
- Slip on Install Unknown Applications.
- You'll see a list of apps that are allowed to install APKs, and turn off the switch in front of each of them.
All applications in the list "Install unknown applications" are disabled |
Suspiciously removed APK-file-memory|
Updated antivirus databases (if protection is used)|
Verified permissions for file manager-->
If you see unfamiliar apps on the list (such as Chinese or random names), itβs a warning sign that youβve probably already installed malware on your device that has granted itself the right to install additional components, in which case youβre advised to reset completely.
What to do if the option "Installation from unknown sources" is not turned off
Sometimes users are faced with a situation where the switch does not respond to the presses or automatically turns on again.
| Problem. | Possible cause | Decision |
|---|---|---|
| Switch inactive (gray) | Restrictions of the device administrator | Remove Administrator Permits for Suspicious Applications in Settings β Passwords and Security β Device Administrators |
| The setting is reset after rebooting | Virus or Trojan Horse | Scan your device with an antivirus (like Dr.Web or Kaspersky) and delete infected files. |
| The option is not on the menu | Modified firmware (castomy ROM) | Return to the official firmware via Fastboot or Recovery |
| The system requires PIN-code | Application Protection Mode Activated | Enter PIN or turn off protection in Settings β Passwords and Security β Application Protection |
If none of these methods worked, try resetting the security settings to factory.
- Go to Settings β About the phone β Reset settings.
- Select Reset Security Settings (not to be confused with a full reset!).
- Confirm the action and restart the device.
π‘
Before resetting your security settings, back up your data via Settings β System & Device β Backup. This will save your contacts, messages and photos.
How to protect Xiaomi from malicious APKs: additional security measures
Disabling the installation from unknown sources is only the first step.
- π‘οΈ Install antivirus with scanning function APK-files before installation (e.g. Malwarebytes or Bitdefender).
- π Activate Google Play Protect, Android's built-in security system. Check its status in Settings β Google β Security.
- π₯ Disable downloading files from unverified sources in the browser and instant messengers. In Chrome, this is done through Settings β Site settings β Downloads.
- π Update regularly MIUI. In new versions of firmware Xiaomi closes vulnerabilities that exploit malware.
Pay special attention to application permissions. Many viruses disguise themselves as useful utilities (e.g., Memory Cleaners or Charging Accelerators) and request access to SMS, contacts, or geolocation. Check permissions in Settings β Applications β Permissions Management.
How to check APK-pre-installation?
What happens if you leave the installation from unknown sources on
The consequences can range from harmless (such as intrusive advertising) to critical (data theft or device locking).
β οΈ In 2023, Russia recorded a wave of attacks through a fake application βSberbank Onlineβ, spread through the Internet. APK. Victims lost access to their accounts after entering a login and password in a fake interface.
- π³ Bank theft: Trojans like Anubis or Cerberus are being intercepted. SMS With confirmation codes and access to mobile banks.
- π± Device locking: ransomware encrypts files and demands payment for unlocking them.
- π€ Identity leak: Spyware can transmit call history, messages and photos to attackers' servers.
- π Hidden cryptocurrency mining. Some APK-The files contain scripts for mining Monero or Bitcoin, which leads to overheating and rapid discharge of the battery.
Even if you are a βcautiousβ user and install APKs only from βverifiedβ sources (like 4PDA or APKMirror), the risk remains: In 2022, hackers hacked into a moderatorβs 4PDA account and replaced legitimate firmware files with infected ones, affecting thousands of Xiaomi and other brands.
How to remove already installed malicious applications
If you suspect that there is a virus on your device, follow the following algorithm:
- Go to Settings β Applications β Application Management.
- Sort the list by installation date (Recently Installed) β malware is often the last to install.
- Check for apps with suspicious names (e.g. com.android.system.update, Flash Player, or Chinese characters).
- Slip on a suspicious app and select Delete. If the button is inactive, Stop first, then Disable.
- If removal is not possible, use Safe Mode: Press the power button until the turn off menu appears. Hold your finger on Turn off until the prompt appears to go to Safe Mode. Remove the malware in Safe Mode.
β οΈ Attention: Some viruses masquerade as system applications (e.g. Google Services Framework). Check the name online or through antivirus before removing it. Removing critical system components can bring your smartphone down!
π‘
If after removing suspicious applications, the problem persists (advertising, redirects in the browser), perform a factory reset. This is the only way to guarantee to clean the device.