If you own a Xiaomi, Redmi or POCO smartphone, you've probably noticed a mysterious CIT program on your app list: It doesn't have a desktop shortcut, it doesn't show up in the All Apps menu, but it takes up a place in memory and sometimes appears on the active process list. What is it? A virus? Spyware? Or an important system component without which the phone can't work?
In this article, we will take a closer look at what a CIT app is on Xiaomi, what it does, why it canβt be removed in standard ways, and what happens if you try to do so. You will also learn how to distinguish real CIT from potentially dangerous fakes and what to do if the program starts to behave suspiciously.
What is CIT on Xiaomi: an official explanation
CIT (Certificate Installation Tool) is a system application that is responsible for installing and managing security certificates on Xiaomi devices.It is part of MIUI firmware and is closely integrated with the Android Keystore subsystem, which stores cryptographic keys and certificates.
The main objectives of CIT are:
- π Installation of root certificates to verify the authenticity of websites (for example, when working with the website) HTTPS).
- π± Certificate Management for Corporate VPN, Wi-Fi networks with Enterprise authentication (e.g, EAP-TLS).
- π Updating security certificates when releasing new versions MIUI or Android security patches.
- π‘οΈ Integrity check of system certificates (protection against substitution by malware).
It's important to understand that CIT is not a standalone user application, but a system service. It runs in the background and has no graphical interface. You won't find it in Settings β Apps as a regular program, but you can see it in the process list through Settings β About Phone β MIUI version (a few taps on the MIUI version will open the developer menu where there is information about system services).
Why CITs Cannot Be Deleted in Standard Ways
Many users try to delete the CIT, mistaking it for a virus or unnecessary software, but it is impossible to do this through the standard MIUI settings - there is no "Delete" button.
- System Status. CIT is part of the firmware and has system:priv-app rights, which means the highest level of access.
- Dependencies: Other critical services, such as MIUI Security and Google Play Services, depend on it.
- Integrity of OS: Removal can lead to malfunctions HTTPS-compound, VPN and even locking the device.
If you still want to get rid of it CIT, You'll need root rights and system partition modification. CIT And without consequences, it's only possible on custom firmware like LineageOS, where it's run by an alternative certificate manager. MIUI It's fraught:
- π¨ Errors in Connecting to Protected Wi-Fi Networks.
- π΄ Constant warnings about untrusted certificates in the browser.
- π΅ Inability to use corporate email clients (e.g. Microsoft Outlook with a EAS).
π‘
If you really need to remove CIT, first do a full backup via Settings β Additional β Backup and Reset. In the event of a crash, you can restore the phone via Fastboot or Mi Flash Tool.
How to distinguish a real CIT from a virus or fake
Attackers sometimes disguise malware as system processes, including CIT. To verify the authenticity of an app on your Xiaomi, follow the following steps:
βοΈ Authentication CIT
Pay attention to the following signs of counterfeiting:
| Sign. | A real CIT. | Fake CIT (virus) |
|---|---|---|
| Folder of installation | /system/priv-app/CtsShimPrebuilt | /data/app/... or /sdcard/ |
| Signed | Signed by Xiaomi Inc. or Android | Unknown publisher or missing signature |
| Resource consumption | Minimum (0β1% CPU, 10β50 MB of RAM) | High (constantly 5-10% CPU, hundreds of MB of RAM) |
| Network activity | Only when renewing certificates | Permanent connections to unknown IP |
If you find a fake CIT, immediately:
- Disconnect the device from the Internet.
- Remove the suspicious app through Settings β Apps.
- Scan your phone with an antivirus (such as Malwarebytes or Dr.Web).
- If necessary, reset to factory settings (Settings β Additional β Backup and Reset).
What if the antivirus does not find a threat, but you are sure of infection?
Can I turn off CIT and what happens if I do?
Technically, you can disable CIT, but it is not recommended. This requires root rights and file editing /system/priv-app/CtsShimPrebuilt/CtsShimPrebuilt.apk (e.g., renaming the extension to.bak).
β οΈ Attention: Disconnection CIT This will make it impossible to install security updates through Google Play Services, which means your device will become vulnerable to Man-in-the-Middle attacks (for example, when connecting to public Wi-Fi networks).
What exactly will stop working:
- π Most of the sites HTTPS They will be labeled as βunsafeβ (error). NET::ERR_CERT_AUTHORITY_INVALID).
- π Corporate VPN (Cisco AnyConnect or FortiClient will not be able to connect.
- π§ Email via Exchange ActiveSync (e.g. Microsoft Outlook) will no longer sync.
- π Some banking applications (such as SberBank Online or Tinkoff) may block the entrance.
If you still need to temporarily disable CIT (for example, for testing), use the command via ADB:
adb shell pm disable-user --user 0 com.android.cts.ctsshimTo turn it on again:
adb shell pm enable com.android.cts.ctsshimCIT and Performance: Why It Sometimes Boots the CPU
While CIT normally consumes minimal resources, some users complain of sudden CPU load surges (up to 5-15%) and increased battery consumption.
- Certificate updates: When new security patches are released, MIUI or Google CIT downloads and installs the updated certificates, which can take up to 1-2 minutes.
- Integrity check: Once the firmware is rebooted or updated, CIT scans all the certificates installed for forgery.
- Antivirus conflict: Some antiviruses (e.g. Avast or 360 Security) block CIT from accessing system files, causing repeated attempts to complete the task.
How to reduce the load:
- π΅ Disable unnecessary antiviruses (built-in is enough) MIUI Security).
- π Update the firmware to the latest version (Settings) β The phone. β Updating the system).
- π Restart the device β sometimes CIT Β«hangs in the "check cycle.
β οΈ Attention: If CIT It's constantly loading the processor for more than 10 minutes in a row, which may indicate damage to system files.
CIT on different Xiaomi models: are there differences
The CIT functionality is the same on all Xiaomi devices, but there are nuances depending on the model and version of MIUI:
| Model/Series | Features of CIT | MIUI version |
|---|---|---|
| Xiaomi 13/14 Series, Mix Fold 3 | Support for certificates for UWB-Devices (e.g. digital keys to cars). | MIUI 14/15 (Android 13/14) |
| Redmi Note 12 Series, POCO F5 | Optimized for Wi-Fi 6/6E (Accelerated Certificate Verification of Enterprise Networks) | MIUI 14 |
| Xiaomi Pad 6, Redmi Pad SE | Additional Certificates for Widevine L1 (reproduction 4K DRM-content). | MIUI 14 (Android 13) |
| Xiaomi Civi 3, Redmi K60 | Integration with Xiaomi Cloud to synchronize corporate certificates. | MIUI 14 |
On Android 12+ devices (such as the Xiaomi 12T or POCO X5 Pro), CIT works in an isolated Android Runtime (ART) environment, which improves security. On older models (such as the Redmi Note 10 on Android 11), it can conflict with some applications due to outdated libraries.
π‘
On flagship models (for example, Xiaomi 14 Ultra) CIT It also manages certificates for hardware security modules (e.g. Titan). M2-chip: Removal or damage CIT This can cause you to lose features like Face Unlock or Secure Folder.