So this just happened - those of you who have a Xiaomi phone know when you install apps it has it’s own “Virus Checker” screen which comes up before the app is approved for install. This is provided by Avast I just found out…

Anyway while installing an app from F-droid today I got an error message on this screen - which said “app from unknown source” and two buttons below - “Ignore” and “Install”. So I clicked on “Install” since I wanted to install the app and then noticed that the install process seemed a bit different (I can’t remember what happened exactly) but I checked the app on F-Droid and the version history wasn’t available - which a notice says means the app was installed from Play Store or somewhere else. But I just installed it from F-Droid!

So I tried another few apps and it happened again for one of them. I clicked around and there it was, some sort of Xiaomi app store installing versions of the app instead of the one I told my phone to install.

I guess there is an innocent explanation for this - stopping people from installing malware and giving them a “correct” version of the app they wanted - but I have disabled it on my phone, I know what I am doing and if I want the cracked version it’s because that’s the version I meant to install ;)

  • Paragone@lemmy.world
    link
    fedilink
    English
    arrow-up
    48
    ·
    8 months ago

    XOR…

    Xaiomi is installing versions with Microsoft-style spyware/malware in 'em…

    Same as ISP’s altering the web-pages that people view, for their own commercial-reasons…

    Molesting-the-user seems to be THE SurveillanceCapitalism paradigm, in the Enshittocene…

    I’m not competent to do the decompilation/analysis required to discover if your new “helpful” versions are spyware/malware, but I’d bet they are not as clean as the original versions are.

    Avast has been caught being treason-against-privacy, recently, too, with their “privacy” app that was actually a trojan to enable Avast to sell privacy-information for profit…

    ( last few weeks in the Tech news, here on Lemmy.world, iirc )


    You might want to ask the MalwareBytes people to look into it?

    • VeganCheesecake
      link
      fedilink
      English
      arrow-up
      10
      ·
      8 months ago

      Without further evidence, I’d assume they just want to boost usage of their App Store. Since they’re the O.E.M. of the phone and developer of the installed Android Rom, they could build in a back door in a much less conspicuous way.

      • tomjuggler@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        Yeah I’m going with they’re innocent. Just the UI with the install button and no explanation is not cool.

    • tomjuggler@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      8 months ago

      I heard about the avast thing, but how are isp’s modifying web pages, that shouldn’t be possible with with https, right?

    • Lunch@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      Do you have a source in terms of the ISPs altering websites? Would love to mention that in my thesis.

  • AMDIsOurLord@lemmy.ml
    link
    fedilink
    English
    arrow-up
    20
    ·
    8 months ago

    Xiaomi doesn’t have an app store. It’s possible that you’re tripping off the “counterfeit app detection” and it’s sending a request to Google Play and installs from there.

    This mechanism even tho inconvenient for you is a life saver in countries with lower tech literacy because malware versions of popular massanger apps were very widespread

  • infeeeee@lemm.ee
    link
    fedilink
    English
    arrow-up
    12
    ·
    edit-2
    8 months ago

    Can you check the package names of the apps? On F-droid website you can see it in the url, for example https://f-droid.org/packages/com.jens.automation2/ the code is com.jens.automation2. You should see the same name on the page of the app in settings if you scroll down.

    If the names are the same than nothing nefarious should be happening behind the scenes.

    Unknown source can mean it’s not from a built-in store. If you would be rooted and install the F-droid Privileged Extension it should show up there correctly. Maybe they just block reading this kind of info from F-droid.

    On common Xiaomi phones the rom cooking community is very vivid usually, you can just replace the shitty default rom really easily. Start to look for roms and tutorials about rooting on xdaforums

    • davidgro@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      8 months ago

      The package names would not be different if it’s installing a different (possibly malevolent) version of the same app.

      Only the signature and other metadata would be different, but if the package name were different it would show as a different app entirely in places like f-droid, not as installed from elsewhere. It would show the intended app as not installed at all if the package name of the Xiaomi version wasn’t the same.

  • RobotToaster@mander.xyz
    link
    fedilink
    English
    arrow-up
    11
    ·
    edit-2
    8 months ago

    Is it possible the scanner is just intercepting the install request, then running the apk installer from the scanner afterwards? (so Fdroid wasn’t the program installing it, but it’s still the same APK)

  • lorkano@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    8 months ago

    I remember times when miui was genuinely good, not bloated, well designed. Nowadays I think it’s the most bloated android skin.

    • tomjuggler@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      8 months ago

      Thanks, I’m going to look at a rom soon, it’s my main device though and I don’t have a good track record when it comes to not bricking phones 🤣

      Also there is the bit about unlocking the bootloader, I heard it’s not straightforward.

  • Magister@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    8 months ago

    I have a PoCo F3, basically a xiaomi, and I disabled all their crap, especially security/avast