Owners of Xiaomi, Redmi and POCO smartphones sometimes face an unexpected notification in the status bar or list of Wi-Fi networks. Instead of the usual lock icon or open access point, the system shows a WAPI Certificate message. For most users, this looks like a system error or, worse, a sign of viral activity. However, you should not rush into panic, since the nature of this phenomenon lies in wireless standards.
In fact, WAPI (Wireless LAN Authentication and Privacy Infrastructure) is the Chinese government wireless encryption standard, an alternative to the world-wide WPA2/WPA3 protocol. Since Xiaomi is originally from China, its MIUI or HyperOS software initially supports both standards for hardware compatibility within China. When your phone sees a network that supports this protocol, or tries to automatically connect to a WAPI priority point, the system notifies you of the need for a certificate.
In the CIS and Europe, this functionality is useless. Moreover, constant notifications can be annoying and in rare cases cause malfunctions in the Wi-Fi module. Understanding that WAPI Certificate is not a virus, but an embedded system component for the Chinese market will help to approach the problem correctly. In this article, we will discuss in detail why this request appears, how it differs from conventional security certificates and how you can permanently get rid of unnecessary notifications.
Technical Features of the WAPI Protocol
WAPI was developed by the China Information Technology Standardization Organization, whose main goal was to create a wireless network security system independent of Western technologies. Unlike the global standard IEEE 802.11i (which is the basis of WPA2), WAPI uses its own public key infrastructure and encryption algorithms, which is why such networks require a special security certificate that is stored in the device’s memory.
On Xiaomi smartphones, support for this protocol is stitched into the Wi-Fi driver level, which means that the phone is constantly scanning the airwaves for available networks that support different security standards. If there is equipment in range (or connection history) that broadcasts WAPI signals, the Android operating system in conjunction with the MIUI shell tries to initiate the authentication process. Since such routers are almost not found in our region, the system can not find a valid certificate and issues a warning.
It is important to understand the difference between a conventional CA and WAPI certificate. The first is used for website authentication (HTTPS), the second is used exclusively for logging into a local wireless network. The presence of built-in WAPI support on global firmware versions (Global ROM) is often a residual phenomenon from the Chinese version (CN ROM), developers simply did not cut this module to not violate the integrity of the driver code.
⚠️ Note: Attempting to download and install third-party certificates WAPI Unverified sources on the Internet can compromise the security of your device.
Technical implementation of support WAPI On the Qualcomm and MediaTek chipsets used by Xiaomi, it allows you to switch between modes of operation, but in civilian smartphones for the international market, the standard should always be given priority. WPA2/WPA3. Problems arise when the program priority is downed or the network settings cache contains erroneous data about the required protocol.
Why is the WAPI Certificate Notification
The WAPI certificate notification is most often associated with automated processes on Android. When you are in the range of a network that was previously stored in your phone's memory, the device tries to connect to it. If the network's properties mistakenly state the WAPI-WPA security type or the system cannot correctly determine the type of encryption, it requests a certificate.
There are several reasons why this is happening on Xiaomi:
- 📶 Network profile conflict: A profile of a public network (such as an airport or hotel) that uses the phone may be stored in the phone’s memory. WAPI, And now the phone is constantly trying to find him.
- 🔄 System Update Error: After Updating MIUI HyperOS network module settings could be reset, and the priority of the protocols shifted towards the Chinese standard.
- 🇨🇳 Regional settings: If the phone settings indicate a “China” or “Hong Kong” region, the default system activates the functions necessary to work in that region, including constant network search. WAPI.
It's also important to consider the human factor. Sometimes users accidentally activate the function"WAPI-Certificate in advanced Wi-Fi settings, trying to improve the signal or solve connection problems without understanding the essence of the action. In some cases, this may be caused by installing applications to amplify the Wi-Fi signal that change the system parameters of the drivers.
Another reason could be a failure of the com.android.wifi service. If the process responsible for scanning networks is stuck in the WAPI-compatible point verification cycle, the notification may not disappear even after the reboot, which requires a deeper intervention in the system settings, up to the reset of network parameters.
How to disable WAPI through Wi-Fi settings
The easiest and safest way to remove the WAPI Certificate label is to check the settings of the wireless module itself. In some versions of Xiaomi shells, you can manually select your preferred protocol or disable certificate verification.
Follow the following steps:
- Open the settings of your smartphone.
- Go to the Wi-Fi section.
- Click on the arrow or information icon next to your current network name (or select “Wi-Fi settings” from the three-dot menu).
- Find the Security or Security Protocol.
- If you select WAPI-WPA or WAPI-PSK, change it to WPA2-PSK or WPA3.
If you can't change the protocol on your network menu, try removing that network. Click on the network name and select Forget network. Then reconnect by entering the password. The system must automatically determine the correct encryption standard used by your router (most likely WPA2) and stop asking for a WAPI certificate.
☑️ Checking Wi-Fi settings
In some cases, changing the region of the phone helps. Go to Settings → Additional settings → Region. Make sure your country is selected (for example, Russia, Ukraine, Kazakhstan). Changing the region from China to local often automatically re-sets the priorities of network protocols and removes unnecessary features characteristic of the domestic market of China.
Removal of certificates from system storage
If the network settings didn't work, then the certificate is already stored in a trusted system storage and Android is trying to force it to be used, in which case you need to manually clear the list of trusted certificates, which is safe for normal user data, but requires care.
The removal procedure is as follows:
- 🔐 Go to Settings. → Passwords and security (or advanced settings depending on version) MIUI).
- 📂 Find the Privacy or Encryption and Accounts section.
- 🗑️ Select Trusted Certificates (Trusted Certificates).
- 🔍 In the list below, find certificates related to WAPI or unknown system certificates marked"WAPI".
- ❌ Click on such certificate and select Disable or Delete.
Important: Do not delete system certificates that have the words “Google”, “Android”, “Xiaomi” in their name or the names of well-known certification authorities (VeriSign, DigiCert) unless you are 100% sure that they are WAPI. Deleting root security certificates can cause some applications, banking services or sites with HTTPS to stop working.
⚠️ Note: Before deleting any certificates, it is recommended to create a complete backup of the data. WAPI Safely, an error in the selection of a system file can disrupt the operation of secure connections.
Once the storage is cleaned, be sure to reboot the device completely, so that the Android network stack can reread the configuration files and update the list of available security protocols without caching errors.
Resetting network settings as a radical solution
When the software glitches accumulate, and neither changing the region nor deleting the certificates helps, the proven method is to completely reset the network settings, which will return all the parameters of Wi-Fi, Bluetooth and mobile Internet to factory values. This will not affect your photos, contacts or applications, but the saved passwords from Wi-Fi will have to be re-entered.
Algorithm for resetting:
- Open the smartphone settings.
- Go to Connect and Sharing (or Additional Settings).
- Find Reset Wi-Fi, mobile networks and Bluetooth.
- Click the Reset button at the bottom of the screen.
- Confirm the action by entering the unlock password of the screen.
Once rebooted, the phone will be clean in terms of network connections. WAPI Certificate should no longer appear, as the history of all previous networks and their security settings will be erased. Now, when you first connect to a home router, the system will redefine the type of encryption and record the correct data.
What if the reset didn't help?
It is worth noting that after resetting the network settings will also reset the settings. VPN-You'll have to redesign your watch, your headphones, and your virtual networks if you use them, and that's a small fee for the stable operation of the communication module.
Comparison of Wi-Fi security protocols
To better understand the difference between technologies and why WAPI is not needed outside of China, it is helpful to check out the basic protocol comparison table, which will help you set up your router properly for maximum compatibility with all devices in your home.
| Protocol | Region of utilization | Security | Compatibility |
|---|---|---|---|
| WAPI | China (mandatory) | High (their standard) | Low (only devices with support for KPR) |
| WPA2 | Global | High (AES) | Maximum (works everywhere) |
| WPA3 | Global (new) | Very high. | Medium (requires new equipment) |
| WEP | Obsolete. | Low (cracks) | Complete (but not used) |
As the table shows, for Xiaomi users in Europe and Asia, WPA2-PSK (AES) is the best choice.WPA3 is promising, but older devices may not work well, and WEP has long been recognized as unsafe.
💡
When setting up your home router, select the mixed security mode "WPA2/WPA3 Personal" if you have new devices, but leave AES encryption.
Prevention and additional recommendations
To keep the WAPI Certificate issue from returning, follow simple smartphone rules, and avoid installing applications from unverified sources that promise to “speed up the internet” or “hack your neighbor’s Wi-Fi,” which often alters the network stack’s system configuration files to return WAPI priority.
Xiaomi often fixes bugs in Wi-Fi drivers in its security patches. If you’re using a global firmware version, make sure it’s truly global, not a Chinese-made version (CN Global) where artifacts from the original system may have been left.
⚠️ Attention: If notified WAPI Certificate came right after flashing your phone over Fastboot, so you installed the wrong version of the software. ROM.
In rare cases, the router itself can be the source of the problem. If your device distributes Wi-Fi and it has WAPI support enabled (often found on routers imported from China, for example, Xiaomi Router or TP-Link CN), the phone will constantly require a certificate. Go to the router settings (usually at 192.168.0.1 or 192.168.1.1) and in the wireless network section, force you to select only WPA2-PSK mode, disabling any options associated with WAPI or Chinese standards.
💡
The WAPI Certificate problem is solved in a complex way: changing the region, deleting certificates and setting the router correctly, and it is often enough to "forget" a problem network.