Decompiling EufyHome app to control hardware directly - Android General

I'm pretty new to all this and was hoping to find some help. Eufy has some smart home products like light bulbs, smart plugs, etc that can be controlled directly over the LAN instead of a third party API.
I downloaded the APK for the EufyHome App and decompiled it at javadecompilers.com
That produced some promising results, like exposing that their app makes a socket connection to the devices on port 55556 when on the local network. Outside the local network it uses their API.
Here's some example code:
Code:
public boolean m4560a(String str, byte[] bArr) {
if (bArr == null || bArr.length == 0) {
return false;
}
if (str == null || str.length() == 0) {
return false;
}
try {
Socket socket = new Socket();
socket.connect(new InetSocketAddress(str, 55556), 1000);
socket.setTcpNoDelay(true);
socket.setSoTimeout(1000);
OutputStream outputStream = socket.getOutputStream();
InputStream inputStream = socket.getInputStream();
byte[] a = m4561a(outputStream, inputStream, bArr, C1178b.sendUsrDataToDev);
if (a == null || a.length == 0) {
try {
outputStream.close();
inputStream.close();
socket.close();
} catch (IOException e) {
e.printStackTrace();
}
return false;
}
try {
outputStream.write(a);
outputStream.flush();
outputStream.close();
inputStream.close();
socket.close();
return true;
} catch (IOException e2) {
e2.printStackTrace();
Log.v("DeviceInterfaceClass", e2.toString());
return false;
}
} catch (IOException e22) {
e22.printStackTrace();
return false;
}
}
byte[] m4561a(OutputStream outputStream, InputStream inputStream, byte[] bArr, C1178b c1178b) {
C1176a d = C1179k.m3096d();
d.m3088a(c1178b);
if (bArr != null) {
Log.v("DeviceInterfaceClass", "set data");
d.m3089a(C2839e.m7581a(bArr));
}
C1157a o = C1159c.m3011o();
int a = m4555a(outputStream, inputStream);
if (a < 0) {
return null;
}
o.m2994a(a + 1);
o.m2998a(this.f3294a);
o.m2997a(d);
C1159c c1159c = (C1159c) o.m2793e();
Log.d("config", "msg.toString = " + c1159c.toString());
return C1937a.m4554a(c1159c.m2804s());
}
I know enough about programming to know basically what's happening here, but the additional obfuscated function names are tough to work through. In addition to the APK source, I also ran a packet capture on my device when controlling the bulb. I didn't really understand the output well enough and didn't get very far other than confirming the fact that it's sending short messages to that device and port.
I confirmed via nmap that the only open port is 55556 and I can also open a socket connection to the device and send messages, but that's not really giving me any additional info.
Would love some help or pointers in the right direction here. I can sit down and do the leg work but any resources that would help me better understand what to expect would be really helpful. I don't know if I should be sending simple commands like "enable" or a JSON string or if I need to encode/encrypt it somehow.
Thanks!

I came across your post while googling for strings from decompiling the app myself .
I don't fully understand the communication between the app and the smart-thing, but I'm getting there. In my case, its a smart plug (product code T1201). The communication with all the supported devices is similar.
They are encrypting the command such as "sendUsrDataToDev" and "getDevStatusData" with a fixed AES key and IV. Then connect to the smartThing on tcp port 55556 an write their encrypted command and read data back from the socket. There's another layer of encrypting and decrypting on top of this thats not any sort of standard and just some ghetto homebrew crap the app developers invented.
On my device, and smartplug, the AES uses 244E6D8A56AC879124432D8B6CBCA2C4 for the key and 772456F2A7664CF3392C3597E93E5747 for the IV. I'm not sure yet if those are unique to each user, generated from the username, or used for every user. Your message is padded to a multiple of 16 bytes before encryption. I found those parameters hardcoded directly above the AES encrypt/decrypt code. They'll be the same for everybody using the same app.
As far as the other ghetto encryption/key, I've only seen that code used when talking to product t2103, which I think is a vacuum.
After you get past those, the actual data thats sent back and forth to the smart thing is a protobuf.

Related

[Q] Android Dev - Handling Enter...

Since I don't have access to the android software forum yet, and searching hasn't come up with any results (maybe I'm missing something) I'm going to post here...
I'm developing an app and I'm in a testing phase with about 6 testers all using different devices. I've run into an issue with one tester where the code that handles the use of the Enter key in an EditText box doesn't work. I've gone about this three different ways but with no luck. All three methods work fine on my device:
Method 1:
Code:
TextView.OnEditorActionListener keyListener = new TextView.OnEditorActionListener(){
public boolean onEditorAction(TextView view, int actionId, KeyEvent event) {
if(actionId == EditorInfo.IME_NULL){
if(((EditText)findViewById(view.getId())) == ((EditText)findViewById(R.id.etUser))){
((EditText) findViewById(R.id.etPass)).requestFocus();
}
if(((EditText)findViewById(view.getId())) == ((EditText)findViewById(R.id.etPass))){
logon();
}
}
return true;
}
};
Method 2:
Code:
EditText etUserName = (EditText) findViewById(R.id.etUser);
etUserName.setOnKeyListener(new OnKeyListener() {
public boolean onKey(View view, int keyCode, KeyEvent event){
if (event.getAction() == KeyEvent.ACTION_DOWN){
switch (keyCode)
{
case KeyEvent.KEYCODE_DPAD_CENTER:
case KeyEvent.KEYCODE_ENTER:
if(((EditText)findViewById(view.getId())) == ((EditText)findViewById(R.id.etUser))){
((EditText) findViewById(R.id.etPass)).requestFocus();
}
return true;
default:
break;
}
}
return false;
}
});
Method 3:
Code:
TextView.OnEditorActionListener keyListener = new TextView.OnEditorActionListener(){
public boolean onEditorAction(TextView view, int actionId, KeyEvent event) {
if(actionId == EditorInfo.IME_ACTION_NEXT) {
((EditText) findViewById(R.id.etPass)).requestFocus();
}
if (actionId == EditorInfo.IME_ACTION_DONE) {
logon();
}
return true;
}
};
Since I don't have physical access to the device, after the last method I wrote some code into the app to notify the tester if the event's actually being triggered. Nothing. So what the hell is going on here? The tester's handset is an Xperia Arc with stock 2.3.2 and she doesn't have an issue with the enter key in other apps. Is there another method that is more fool proof then relying on inconsistent IME action ids or key codes?

[Q][VB.NET] Access remote XML services

EDIT: Development continued Working hard
Hello everyone
I'm trying to port my WIP Infosode from Android (Adobe AIR) to Windows Phone 7, and I have some big problems figuring out how to access a remote XML service, in this case http://services.tvrage.com/
I've used Visual Basic .NET for both desktop and Windows Mobile applications and now for WP7, so I got some VB.NET experience.
Any help is appreciated and will be noted in the finished application.
Regards
//
IzaacJ
Here is one somewhat dirty way.
Download your data (xml) into the isolated storage. After that process the xml file stored.
Code:
WebClient client = new WebClient();
client.DownloadStringCompleted += new DownloadStringCompletedEventHandler(client_DownloadStringCompleted);
client.DownloadStringAsync(new Uri("http://path.to/the/" + item + ".xml/"));
static void client_DownloadStringCompleted(object sender, DownloadStringCompletedEventArgs e)
{
// If we have results
if (!string.IsNullOrEmpty(e.Result))
{
#region Save to Isolated Storage
try
{
// Isolated Storage Directory
string xmlStorageDirectory = "Profiles";
using (IsolatedStorageFile store = IsolatedStorageFile.GetUserStoreForApplication())
{
// File Path
string filePath = Path.Combine(xmlStorageDirectory, String.Format("{0}.xml", ActiveID));
// Check if the Directory exists. If not create it
if (!store.DirectoryExists(xmlStorageDirectory))
{
store.CreateDirectory(xmlStorageDirectory);
}
// Use Isolated Storeage to write the file
using (IsolatedStorageFileStream fileStream = new IsolatedStorageFileStream(filePath, FileMode.Create, store))
{
// Use the stream to write the file
using (StreamWriter stream = new StreamWriter(fileStream))
{
stream.Write(e.Result.Replace(" & ", " & "));
}
}
}
}
// OMG EXCEPTIONS :(
catch (IsolatedStorageException exception)
{
throw exception;
}
#endregion
#region Reading
using (var appStorage = IsolatedStorageFile.GetUserStoreForApplication())
{
using (var file = appStorage.OpenFile("Profiles/" + ActiveID + ".xml", FileMode.Open))
{
XmlReader reader = XmlReader.Create(file);
CharacterDataModel profile = new CharacterDataModel();
List<PlayerTraitsModel> traits = new List<PlayerTraitsModel>();
PlayerTraitsModel trait = new PlayerTraitsModel();
bool isCdata = false;
bool isPdata = false;
// While we read the data
while (reader.Read())
{
#region Character
if (reader.Name == "cdata") isCdata = true;
if (isCdata)
{
if (reader.NodeType == XmlNodeType.Element)
{
#region Check for the following values and shallow copy that to the model
//string item = reader.ReadElementContentAsString();
switch (reader.Name)
{
case "id":
profile.id = reader.ReadElementContentAsString();
break;
}
#endregion
}
}
if (reader.NodeType == XmlNodeType.EndElement && reader.Name.Contains("cdata"))
isCdata = false;
#endregion
}
}
}
#endregion
}
}
Thanks for that
Will try to adopt it to VB.NET and see if it will work
At least it's something that I could use until I find a better way.
Regards
Hi,
Use the OpenReadCompleted event of the WebClient, and then put the result into an XDocument by using an XmlReader; from there it's easy to process it (using LINQ to XML) without having to store the XML anywhere first (i.e. do it all in memory). Here's kind of how I do it C#.
Code:
WebClient client = new WebClient();
// Set up the 'completed' event before loading anything
client.OpenReadCompleted += (sender, e) =>
{
if (e.Error != null)
{
if (e.Error is WebException)
{
... Either a connection error, or an invalid status code has been returned. You can determine which using code.
}
else
... // some other exception
return;
}
// Turn the result into an XDocument and parse using LINQ
try
{
Stream aStream = e.Result;
XmlReader anXmlStream = XmlReader.Create(aStream);
XDocument ourXDocument = XDocument.Load(anXmlStream);
// Parse the XML here - best to use 'Linq to XML' to do it
List<TvShow> TVShows = from aShow in ourXDocument.Descendants("show")
select new TvShow() {
ShowName = aShow.Element("name").Value,
Link = aShow.Element("link").Value
};
//////////////////
str.Close();
// if here it all went to plan
}
catch (XmlException xe)
{
...
}
catch (Exception ge)
{
...
}
};
// Here's the bit that actually sets it going
try
{
client.OpenReadAsync(new Uri(URL, UriKind.Absolute));
}
catch (OutOfMemoryException)
{
... Handle the exception
}
catch (StackOverflowException)
{
... Handle the exception
}
catch (Exception ge)
{
... Handle the exception
}
If you're doing this kind of thing a lot it's good to set it up as reusable class that either has it's own events (e.g. ItemsLoaded, ErrorOccured, and ProcessItems) that can be subscribed to, or if you prefer you can have them as methods to override so that you can use it as a web service loading base class from which you can inherit.
Hope that helps. Good luck with it
Ian
otherworld said:
Hi,
Use the OpenReadCompleted event of the WebClient, and then put the result into an XDocument by using an XmlReader; from there it's easy to process it (using LINQ to XML) without having to store the XML anywhere first (i.e. do it all in memory). Here's kind of how I do it C#.
Code:
WebClient client = new WebClient();
// Set up the 'completed' event before loading anything
client.OpenReadCompleted += (sender, e) =>
{
if (e.Error != null)
{
if (e.Error is WebException)
{
... Either a connection error, or an invalid status code has been returned. You can determine which using code.
}
else
... // some other exception
return;
}
// Turn the result into an XDocument and parse using LINQ
try
{
Stream aStream = e.Result;
XmlReader anXmlStream = XmlReader.Create(aStream);
XDocument ourXDocument = XDocument.Load(anXmlStream);
// Parse the XML here - best to use 'Linq to XML' to do it
List<TvShow> TVShows = from aShow in ourXDocument.Descendants("show")
select new TvShow() {
ShowName = aShow.Element("name").Value,
Link = aShow.Element("link").Value
};
//////////////////
str.Close();
// if here it all went to plan
}
catch (XmlException xe)
{
...
}
catch (Exception ge)
{
...
}
};
// Here's the bit that actually sets it going
try
{
client.OpenReadAsync(new Uri(URL, UriKind.Absolute));
}
catch (OutOfMemoryException)
{
... Handle the exception
}
catch (StackOverflowException)
{
... Handle the exception
}
catch (Exception ge)
{
... Handle the exception
}
If you're doing this kind of thing a lot it's good to set it up as reusable class that either has it's own events (e.g. ItemsLoaded, ErrorOccured, and ProcessItems) that can be subscribed to, or if you prefer you can have them as methods to override so that you can use it as a web service loading base class from which you can inherit.
Hope that helps. Good luck with it
Ian
Click to expand...
Click to collapse
Thanks
I'm building a class with functions for fetching and storing the returned XML requests.
It's smart to store it in the IsoStorage so that the data is available offline as well and it will only download the new XML's if it's updated on the server
I think it will make the application a bit more useful.
Regards
EDIT: I've tried to port the first example from MJCS to VB.Net without success. The app closes itself when it's supposed to search and get results from the server. The URL to the generated XML (including parameters) is http://services.tvrage.com/feeds/search.php?key=[MY_API_KEY]&show=[SHOW_NAME]
The code as for now is this:
Code:
Public Function Search(ByVal SearchString As String) As String
Dim Url As New Uri(XMLUrl & "feeds/search.php?key=" & APIKey & "&show=" & SearchString)
'XMLUrl = http://services.tvrage.com/
'APIKey = My API key from TVRage.com
'SearchString = The showname to be searched for in the database
XML.DownloadStringAsync(Url)
Return 0
End Function
Any ideas?
Regards

[Q] Control cursor PC by WP7

I want to control the PC cursor by WP7, so I try to use the ManipulationDelta in WP7 that can help me to calculate the difference between he star tap and the end tap
Code:
public MainPage()
{
InitializeComponent();
this.ManipulationDelta += new EventHandler<ManipulationDeltaEventArgs>(MainPage_ManipulationDelta);
transformG = new TransformGroup();
translation = new TranslateTransform();
transformG.Children.Add(translation);
RenderTransform = transformG; // you see I don't use any transform here because I don't know where I put. If I use the image.RenderTransform of it will move also for the screen of WP if I put this.RenderTransform, So anyone have a solution
SenderSocket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
}
void MainPage_ManipulationDelta(object sender, ManipulationDeltaEventArgs e)
{
startX = e.ManipulationOrigin.X;
startY = e.ManipulationOrigin.Y;
DeltaX = e.DeltaManipulation.Translation.X;
DeltaY = e.DeltaManipulation.Translation.Y;
translation.X += e.DeltaManipulation.Translation.X;
translation.Y += e.DeltaManipulation.Translation.Y;
EndX = Convert.ToDouble(translation.X);
EndY = Convert.ToDouble(translation.Y);
}
I am juste want to send DeltaX and DeltaY to the server to calculate them to the mouse position in the screen, So I write this code
Code:
void StartSending()
{
while (!stop)
try
{
SocketAsyncEventArgs socketEventArg = new SocketAsyncEventArgs();
byte[] buffer = Encoding.UTF8.GetBytes(DeltaX.ToString() + "/" + DeltaY.ToString());
socketEventArg.SetBuffer(buffer, 0, buffer.Length);
SenderSocket.SendToAsync(socketEventArg);
}
catch (Exception) { }
}
I concatenate them in 1 buffer with separate by "/" and in server I use this code to separate
Code:
void Receive(byte[] buffer)
{
string chaine = "";
if (SenderSocket != null)
{
SocketAsyncEventArgs socketEventArg = new SocketAsyncEventArgs();
socketEventArg.Completed += new EventHandler<SocketAsyncEventArgs>(delegate(object s, SocketAsyncEventArgs e)
{
if (e.SocketError == SocketError.Success)
{
chaine = Encoding.UTF8.GetString(e.Buffer, e.Offset, e.BytesTransferred);
chaine.Trim('\0');
string[] pos = chaine.Split('/');
for (int i = 0; i < pos.Length; i++)
{
pX = Convert.ToInt32(pos[0]);
pY = Convert.ToInt32(pos[1]);
this.Cursor = new Cursor(Cursor.Current.Handle);
Cursor.Position = new Point(Cursor.Position.X + pX, Cursor.Position.Y + pY);
}
}
else
{
}
});
SenderSocket.ReceiveFromAsync(socketEventArg);
}
Just I want to control the cursor, if you have any other methods so plz help me and I am really grateful
Didn't you already have a thread about this? Please re-use existing threads instead of starting new ones. Even if it wasn't you, *somebody* was working on this problem already, and very recently. Always use the Search button before starting a thread.
So... what are you looking for from us? Does your current code work? If not, in what way does it fail? Without knowing what your question is, we can't provide answers.
If you want some advice, though...
Sending as strings is very inefficient on both ends; it would be better to use arrays (which you could convert directly to byte arrays and back again).
You're sending as TCP, which is OK but probably not optimal. For this kind of data, UDP is quite possibly better. If nothing else, it provides clearly delineated packets indicating each update.

Xiaomi firmware has multiple backdoors

So I've basically got myself in this sh*t because lack of care.. Until it pop'd and hit the highlights.
And now straight to the point. It doesn't f*ckin matters if you had a fw or not. As the backdoors are embedded in ROOT system processes.
And those where obviously white-listed as i didn't think of a nasty Chinese guy sitting in it calling back home. My friend who got the same phone found the article as i was having my vacation for a bit, so when i found out i did a bit a research of course on my device. After finding all this i e-mail'd him it and he posted it on the Xiaomi European forums. Guess what happened, it got deleted. So they know damn good what they're doing.
When you purchase Xiaomi products or services, we’ll collect relevant personal information, including but not limited: delivery information, bank account, credit card information, bill address, credit check and other financial information, contact or communication records.
Click to expand...
Click to collapse
OP said:
XMPP connection (always connected when network available)
54.255.185.236
hostname: ec2-54-255-185-236.ap-southeast-1.compute.amazonaws.com
(Seems not to have a domain) The IP address was also not found in any system modules in plain or unicode text. Assuming it is encoded / encrypted somewhere in a native application, system module, or not in a native app but in a dalvik compiled image.
Other connections
54.254.212.222
Hostname: ec2-54-254-212-222.ap-southeast-1.compute.amazonaws.com
Domains:
bbs.miui.com
reader.browser.miui.com
update.miui.com
www . miui.cn
www . miui.com
zhuomian.xiaomi.com
112.90.17.54
Domains:
pgv.m.xunlei.com
www . inewsgr.com
122.143.5.59
Hostname: 59.5.143.122.adsl-pool.jlccptt.net.cn
(Seems to be a adsl connection with no domain)
223.202.68.93
Hostname: out68-93.mxzwb3.hichina.com
Domains:
app.mi.com
dev.xiaomi.com
m.app.mi.com
mitunes.app.xiaomi.com
Music app(?) connects to:
202.173.255.152
2012-12-01 lrc.aspxp.net
2012-12-01 lrc.feiyes.net
2012-12-01 w.w.w.616hk.com
2012-12-01 w.w.w.hk238.com
2012-12-01 w.w.w.lrc123.com
123.125.114.145
2013-11-27 tinglog.baidu.com
1/53 2014-07-02 12:51:01 hxxp://tinglog.baidu.com
Latest detected files that communicate with this IP address
Latest files submitted to VirusTotal that are detected by one or more antivirus solutions and communicate with the IP address provided when executed in a sandboxed environment.
3/43 2014-07-08 07:39:24 facb146de47229b56bdc4481ce22fb5ec9e702dfbd7e70e82e4e4316ac1e7cbd
47/51 2014-04-28 09:25:27 091457f59fc87f5ca230c6d955407303fb5f5ba364508401a7564fb32d9a24fa
24/47 2014-01-08 08:19:43 3cf0a98570e522af692cb5f19b43085c706aa7d2f63d05469b6ac8db5c20cdcd
21/48 2013-12-02 15:15:45 7e34cb88fc82b69322f7935157922cdb17cb6c69d868a889468e297257ee9072
19/48 2013-12-01 20:02:32 bce4bd44d3373b2670a7d68e058c7ce0fa510912275d452d363777f640aa4c70
Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset.
1/53 2014-07-02 12:47:57 hxxp://dev.baidu.com/
Android-system ANT HAL Service(Framework_ext.apk/jar) connect to:
42.62.48.207
VirusTotal's passive DNS only stores address records. The following domains resolved to the given IP address.
2014-04-28 app.migc.wali.com
2014-07-12 app.migc.xiaomi.com
2014-05-30 gamevip.wali.com
2014-05-30 log.wlimg.cn
2014-04-21 mitunes.game.xiaomi.com
2014-04-30 oss.wali.com
2014-05-17 p.tongji.wali.com
2014-07-13 policy.app.xiaomi.com
Latest detected URLs
Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset.
1/58 2014-08-13 07:10:49 hxxp://policy.app.xiaomi.com/cms/interface/v1/checkpackages.php
1/58 2014-08-10 00:46:35 hxxp://policy.app.xiaomi.com/
1/53 2014-07-02 12:49:59 hxxtp://oss.wali.com
Messages(Mms.apk) connect to (it literary calls back home)
54.179.146.166
2014-08-12 api.account.xiaomi.com
2014-07-26 w.w.w.asani.com.pk
What it does? It sends phone numbers you call to, send messages to, add etc to a Resin/4.0.13 java application running on a nginx webserver to collect data. Checkpackages, embedded system process/app posts all installed apps to a Tengine a/k/a nginx webserver cms.
URL: hxxtp://api.account.xiaomi.com:81/pass/v3
Server: sgpaws-ac-web01.mias
Software: Tengine/2.0.1 | Resin/4.0.13
URL: hxxp://policy.app.xiaomi.com:8080/cms/interface/v1/
Server: lg-g-com-ngx02.bj
Software: Tengine | Resin
Bottom line
They don't give a single damn about your data.. All sent in plain text.
For messages APK (Mms.apk)
I don't believe it needs those permissions for normal functionalities, this is only for the extra feature let's call it bug.
android.permission.SEND_SMS_NO_CONFIRMATION
android.permission.GET_ACCOUNTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.INTERNET
miui.permission.SHELL
android.permission.GET_TASKS
android.permission.CAMERA
Click to expand...
Click to collapse
Some code ... i also attached java classes and smali dalvik jvm bytecode..
Code:
#<externalId = outgoing callerid>#
package com.xiaomi.mms.net;
import android.net.Uri;
import android.net.Uri.Builder;
import android.telephony.TelephonyManager;
import android.text.TextUtils;
import com.xiaomi.mms.utils.EasyMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
import miui.net.CloudManager;
public class b
{
public static final String qa = CloudManager.URL_ACCOUNT_BASE;
public static final String qb = CloudManager.URL_ACCOUNT_API_V2_BASE;
public static final String qc = CloudManager.URL_ACCOUNT_API_V3_BASE;
public static final String qd = qa + "/serviceLogin";
public static final String qe = qc + "/[email protected]";
protected static String a(String paramString, Map paramMap)
{
if ((paramMap != null) && (!paramMap.isEmpty()))
{
Uri.Builder localBuilder = Uri.parse(paramString).buildUpon();
Iterator localIterator = paramMap.entrySet().iterator();
while (localIterator.hasNext())
{
Map.Entry localEntry = (Map.Entry)localIterator.next();
localBuilder.appendQueryParameter((String)localEntry.getKey(), (String)localEntry.getValue());
}
paramString = localBuilder.build().toString();
}
return paramString;
}
public static c al(String paramString)
{
EasyMap localEasyMap = new EasyMap("type", "MXPH").a("externalId", paramString);
d locald = new d(a(qe, localEasyMap));
String str = TelephonyManager.getDefault().getDeviceId();
if (!TextUtils.isEmpty(str))
locald.l("deviceId", str);
return locald;
}
}
===========================================================
public static Header a(Account paramAccount, ExtendedAuthToken paramExtendedAuthToken)
{
StringBuilder localStringBuilder = new StringBuilder();
localStringBuilder.append("serviceToken=");
localStringBuilder.append(paramExtendedAuthToken.authToken);
localStringBuilder.append("; userId=");
localStringBuilder.append(paramAccount.name);
return new BasicHeader("Cookie", localStringBuilder.toString());
}
===========================================================
public void gT()
{
if (ai("http://api.comm.miui.com/miuisms/res/version").getLong("data") == PreferenceManager.getDefaultSharedPreferences(this.mContext).getLong("festival_message_version", 0L))
return;
Object[] arrayOfObject = new Object[1];
arrayOfObject[0] = Integer.valueOf(this.mScreenWidth);
a(ai(String.format("http://api.comm.miui.com/miuisms/res/categories?width=%s", arrayOfObject)).getJSONArray("data"));
}
public void m(long paramLong)
{
Cursor localCursor = this.mq.rawQuery("SELECT MIN(message_id) FROM messages WHERE category_id=" + paramLong, null);
if (localCursor == null)
throw new FestivalUpdater.DatabaseContentException(null);
try
{
if (localCursor.moveToFirst())
{
long l = localCursor.getLong(0);
Object[] arrayOfObject = new Object[3];
arrayOfObject[0] = Long.valueOf(paramLong);
arrayOfObject[1] = Long.valueOf(l);
arrayOfObject[2] = Integer.valueOf(pd);
a(ai(String.format("http://api.comm.miui.com/miuisms/res/messages?cat=%s&marker=%s&count=%s", arrayOfObject)).getJSONObject("data").getJSONArray("entries"), paramLong);
}
return;
}
finally
{
localCursor.close();
}
}
===========================================================
package miui.util;
import android.content.Context;
import android.provider.Settings.Secure;
import android.util.Log;
import org.json.JSONArray;
import org.json.JSONObject;
final class BaseNotificationFilterHelper$2
implements Runnable
{
BaseNotificationFilterHelper$2(Context paramContext)
{
}
public void run()
{
try
{
JSONObject localJSONObject1 = Network.doHttpPostWithResponseStatus(this.val$context, "http://policy.app.xiaomi.com/cms/interface/v1/checkpackages.php", BaseNotificationFilterHelper.access$000(this.val$context));
if ((localJSONObject1.has("RESPONSE_CODE")) && (localJSONObject1.getInt("RESPONSE_CODE") == 200))
{
JSONObject localJSONObject2 = new JSONObject(localJSONObject1.getString("RESPONSE_BODY"));
int i = localJSONObject2.getInt("errCode");
if (i == 200)
{
JSONArray localJSONArray = localJSONObject2.getJSONArray("packages");
StringBuilder localStringBuilder = new StringBuilder();
for (int j = 0; j < localJSONArray.length(); j++)
{
localStringBuilder.append(localJSONArray.get(j).toString().trim());
localStringBuilder.append(" ");
}
Settings.Secure.putString(this.val$context.getContentResolver(), "status_bar_expanded_notification_black_list", localStringBuilder.toString());
BaseNotificationFilterHelper.access$102(null);
return;
}
if (i == 202)
{
Log.d("NotificationFilterHelper", "blacklist is empty ");
Settings.Secure.putString(this.val$context.getContentResolver(), "status_bar_expanded_notification_black_list", "");
BaseNotificationFilterHelper.access$102(null);
return;
}
if (i == 201)
Log.d("NotificationFilterHelper", "request param empty");
}
else
{
Log.d("NotificationFilterHelper", "access network anomalies");
}
return;
}
catch (Exception localException)
{
}
}
}
===========================================================
package miui.util;
import android.app.INotificationManager;
import android.app.INotificationManager.Stub;
import android.content.ContentResolver;
import android.content.Context;
import android.content.SharedPreferences;
import android.content.SharedPreferences.Editor;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
import android.content.pm.PackageItemInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
import android.content.res.Resources;
import android.database.ContentObserver;
import android.os.ServiceManager;
import android.provider.Settings.Secure;
import android.provider.Settings.System;
import android.text.TextUtils;
import android.util.Log;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import miui.os.Build;
import miui.provider.CloudAppControll;
import miui.provider.CloudAppControll.TAG;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
public class BaseNotificationFilterHelper
{
protected static final String APP_NOTIFICATION = "app_notification";
protected static final int CODE_REQUEST_PARAM_EMPTY = 201;
protected static final int CODE_RESPONSE_EMPTY = 202;
protected static final int CODE_SUCCESS = 200;
public static final int DEFAULT = 0;
public static final int DISABLE_ALL = 3;
public static final int DISABLE_ICON = 1;
public static final int ENABLE = 2;
protected static final String EXPANDED_BLACK_LIST_CODE = "errCode";
protected static final String EXPANDED_BLACK_LIST_PACKAGES = "packages";
public static final int NONE = 0;
protected static final String SYSTEMUI_PACKAGE_NAME = "com.android.systemui";
protected static final String TAG = "NotificationFilterHelper";
protected static final String URL = "http://policy.app.xiaomi.com/cms/interface/v1/checkpackages.php";
private static HashSet<String> mBlacklist;
protected static INotificationManager nm;
protected static HashSet<String> sFilterList = new HashSet();
protected static HashMap<String, Integer> sFilterMap = new HashMap();
private static HashMap<String, Boolean> sIsSystemApp;
protected static HashMap<String, Integer> sUidMap = new HashMap();
static
{
if (Build.IS_INTERNATIONAL_BUILD);
for (int i = 2; ; i = 1)
{
DEFAULT = i;
nm = INotificationManager.Stub.asInterface(ServiceManager.getService("notification"));
mBlacklist = null;
sIsSystemApp = new HashMap();
return;
}
}
protected static void enableStatusIcon(Context paramContext, String paramString, int paramInt)
{
getSharedPreferences(paramContext).edit().putInt(paramString, paramInt).commit();
}
public static void enableStatusIcon(Context paramContext, String paramString, boolean paramBoolean)
{
if (paramBoolean);
for (int i = 2; ; i = 1)
{
enableStatusIcon(paramContext, paramString, i);
return;
}
}
public static String getAppNotificationText(Context paramContext, String paramString)
{
int i = 101450315;
switch (NotificationFilterHelper.getInstance().getAppFlag(paramContext, paramString, true))
{
default:
case 3:
case 1:
case 2:
}
while (true)
{
return paramContext.getResources().getString(i);
i = 101450314;
continue;
i = 101450315;
continue;
i = 101450313;
}
}
public static int getAppUid(Context paramContext, String paramString)
{
int i = 0;
if (sUidMap.containsKey(paramString))
return ((Integer)sUidMap.get(paramString)).intValue();
try
{
i = paramContext.getPackageManager().getApplicationInfo(paramString, 0).uid;
sUidMap.put(paramString, Integer.valueOf(i));
return i;
}
catch (PackageManager.NameNotFoundException localNameNotFoundException)
{
}
return i;
}
protected static int getDefaultFlag(Context paramContext, String paramString)
{
initFilterList(paramContext);
if (sFilterList.contains(paramString))
return 2;
return 0;
}
protected static int getGameCenterFlag(Context paramContext, String paramString)
{
readBlacklist(paramContext);
if (mBlacklist.contains(paramString))
return 3;
return 0;
}
private static String getInstalledAppsJson(Context paramContext)
{
JSONObject localJSONObject = new JSONObject();
JSONArray localJSONArray = new JSONArray();
Iterator localIterator = paramContext.getPackageManager().getInstalledPackages(0).iterator();
while (localIterator.hasNext())
{
PackageInfo localPackageInfo = (PackageInfo)localIterator.next();
if ((0x1 & localPackageInfo.applicationInfo.flags) == 0)
localJSONArray.put(localPackageInfo.packageName + "/" + localPackageInfo.versionCode);
}
try
{
localJSONObject.put("packages", localJSONArray);
return localJSONObject.toString();
}
catch (JSONException localJSONException)
{
}
return "";
}
protected static int getNetDefaultFlag(Context paramContext, String paramString)
{
if (sFilterMap.containsKey(paramString))
return ((Integer)sFilterMap.get(paramString)).intValue();
return loadAppNetFlagByPkg(paramContext, paramString);
}
public static SharedPreferences getSharedPreferences(Context paramContext)
{
if (!paramContext.getPackageName().equals("com.android.systemui"));
try
{
Context localContext = paramContext.createPackageContext("com.android.systemui", 2);
paramContext = localContext;
return paramContext.getSharedPreferences("app_notification", 4);
}
catch (PackageManager.NameNotFoundException localNameNotFoundException)
{
while (true)
localNameNotFoundException.printStackTrace();
}
}
protected static void initFilterList(Context paramContext)
{
if (sFilterList.size() == 0)
{
String str = Settings.System.getString(paramContext.getContentResolver(), "status_bar_notification_filter_white_list");
if (!TextUtils.isEmpty(str))
{
String[] arrayOfString = str.split(" ");
for (int i = 0; i < arrayOfString.length; i++)
sFilterList.add(arrayOfString[i]);
}
sFilterList.add("cn.com.fetion");
sFilterList.add("com.google.android.talk");
sFilterList.add("com.tencent.mm");
sFilterList.add("com.tencent.qq");
sFilterList.add("com.tencent.mobileqq");
sFilterList.add("com.xiaomi.channel");
}
}
public static boolean isNotificationForcedFor(Context paramContext, String paramString)
{
int i = getAppUid(paramContext, paramString);
return ("android".equals(paramString)) || (i == 1000) || (i == 1001) || (i == 0);
}
public static boolean isSystemApp(String paramString, PackageManager paramPackageManager)
{
Boolean localBoolean = (Boolean)sIsSystemApp.get(paramString);
if (localBoolean == null);
try
{
ApplicationInfo localApplicationInfo2 = paramPackageManager.getApplicationInfo(paramString, 0);
localApplicationInfo1 = localApplicationInfo2;
boolean bool = false;
if (localApplicationInfo1 != null)
{
int i = 0x1 & localApplicationInfo1.flags;
bool = false;
if (i != 0)
bool = true;
}
localBoolean = Boolean.valueOf(bool);
sIsSystemApp.put(paramString, localBoolean);
return localBoolean.booleanValue();
}
catch (PackageManager.NameNotFoundException localNameNotFoundException)
{
while (true)
ApplicationInfo localApplicationInfo1 = null;
}
}
protected static boolean isUserSetttingInited(Context paramContext, String paramString)
{
int i = getSharedPreferences(paramContext).getInt(paramString, 0);
boolean bool = false;
if (i != 0)
bool = true;
return bool;
}
public static void loadAppNetFlag(Context paramContext)
{
new Thread(new Runnable()
{
public void run()
{
BaseNotificationFilterHelper.sFilterMap.clear();
Iterator localIterator = this.val$context.getPackageManager().getInstalledPackages(0).iterator();
while (localIterator.hasNext())
{
PackageInfo localPackageInfo = (PackageInfo)localIterator.next();
if ((0x1 & localPackageInfo.applicationInfo.flags) == 0)
{
String str = localPackageInfo.applicationInfo.packageName;
BaseNotificationFilterHelper.loadAppNetFlagByPkg(this.val$context, str);
}
}
}
}).start();
}
public static int loadAppNetFlagByPkg(Context paramContext, String paramString)
{
int i = CloudAppControll.get(paramContext, CloudAppControll.TAG.TAG_NOTIFICATION_BLACKLIST, paramString);
if (i == -1)
return 0;
sFilterMap.put(paramString, Integer.valueOf(i));
return i;
}
public static void observeSettingChanged(ContentResolver paramContentResolver, ContentObserver paramContentObserver)
{
paramContentResolver.registerContentObserver(Settings.System.getUriFor("status_bar_notification_filter_white_list"), false, paramContentObserver);
}
private static void readBlacklist(Context paramContext)
{
if (mBlacklist == null)
{
mBlacklist = new HashSet();
String str = Settings.Secure.getString(paramContext.getContentResolver(), "status_bar_expanded_notification_black_list");
if (!TextUtils.isEmpty(str))
{
String[] arrayOfString = str.split(" ");
for (int i = 0; i < arrayOfString.length; i++)
mBlacklist.add(arrayOfString[i]);
}
}
}
public static void requestBlacklist(Context paramContext)
{
new Thread(new Runnable()
{
public void run()
{
try
{
JSONObject localJSONObject1 = Network.doHttpPostWithResponseStatus(this.val$context, "http://policy.app.xiaomi.com/cms/interface/v1/checkpackages.php", BaseNotificationFilterHelper.getInstalledAppsJson(this.val$context));
if ((localJSONObject1.has("RESPONSE_CODE")) && (localJSONObject1.getInt("RESPONSE_CODE") == 200))
{
JSONObject localJSONObject2 = new JSONObject(localJSONObject1.getString("RESPONSE_BODY"));
int i = localJSONObject2.getInt("errCode");
if (i == 200)
{
JSONArray localJSONArray = localJSONObject2.getJSONArray("packages");
StringBuilder localStringBuilder = new StringBuilder();
for (int j = 0; j < localJSONArray.length(); j++)
{
localStringBuilder.append(localJSONArray.get(j).toString().trim());
localStringBuilder.append(" ");
}
Settings.Secure.putString(this.val$context.getContentResolver(), "status_bar_expanded_notification_black_list", localStringBuilder.toString());
BaseNotificationFilterHelper.access$102(null);
return;
}
if (i == 202)
{
Log.d("NotificationFilterHelper", "blacklist is empty ");
Settings.Secure.putString(this.val$context.getContentResolver(), "status_bar_expanded_notification_black_list", "");
BaseNotificationFilterHelper.access$102(null);
return;
}
if (i == 201)
Log.d("NotificationFilterHelper", "request param empty");
}
else
{
Log.d("NotificationFilterHelper", "access network anomalies");
}
return;
}
catch (Exception localException)
{
}
}
}).start();
}
protected boolean areNotificationsEnabled(Context paramContext, String paramString)
{
return false;
}
public boolean canSendNotifications(Context paramContext, String paramString)
{
return getAppFlag(paramContext, paramString, true) != 3;
}
public void enableAppNotification(Context paramContext, String paramString, boolean paramBoolean)
{
}
public void enableNotifications(Context paramContext, String paramString, boolean paramBoolean)
{
enableAppNotification(paramContext, paramString, paramBoolean);
}
public int getAppFlag(Context paramContext, String paramString, boolean paramBoolean)
{
if (paramBoolean);
for (boolean bool = areNotificationsEnabled(paramContext, paramString); bool; bool = true)
{
int i = getSharedPreferences(paramContext).getInt(paramString, 0);
if ((i == 0) && (isSystemApp(paramString, paramContext.getPackageManager())))
i = 2;
if (i == 0)
i = getNetDefaultFlag(paramContext, paramString);
if (i == 0)
i = getDefaultFlag(paramContext, paramString);
if (i == 0)
i = getGameCenterFlag(paramContext, paramString);
if (i == 0)
i = DEFAULT;
return i;
}
return 3;
}
public void initUserSetting(Context paramContext, String paramString)
{
if (!isUserSetttingInited(paramContext, paramString))
{
if (isSystemApp(paramString, paramContext.getPackageManager()))
enableStatusIcon(paramContext, paramString, true);
}
else
return;
int i = getAppFlag(paramContext, paramString, false);
if (i == 3)
{
enableAppNotification(paramContext, paramString, false);
enableStatusIcon(paramContext, paramString, false);
return;
}
enableStatusIcon(paramContext, paramString, i);
}
}
RELATED
http://apkscan.nviso.be/report/show/48b5666fa2bcbe738c0b623da712918f
http://lists.clean-mx.com/pipermail/viruswatch/20130714/072661.html
OTHER SOURCES
http://www.newmobilelife.com/2014/08/12/xiaomi-china-server/
http://www.htcmania.com/showthread.php?p=14730859
Removing the backdoors.
Root your device & install
- System app remover (ROOT)
- Root browser
- Android terminal emulator
- Droidwall
Remove apps using System app remover:
* AntHalService
* XiaomiServiceFramework
* Cleanmaster
* com.xiaomi.gamecenter.adk.service
* com.duokan.airkan.phone
# MAKE BACKUP OF YOUR PHONE IN CASE OF FAILURE! #
Download XVI32 or use your favorite hex editor.
Copy framework_ext.odex from /system/framework/ to your sd card with root browser and then connect your phone to your pc and copy the file to you pc.
Open it in XVI32 or another hex editor and search for "http://" (without quotes) now replace all "http://www.example.com" or "http://example.com" with "http://localhost/leavealltheotherstuff.here.com" Don't removed lines or other stuff or it will f*ck up the dalvik bytecode.
Save the file as "framework_ext_.odex" and place it on your phone's internal memory.
Now open Root browser copy the patched file to /system/framework/ rename it to "framework_ext.odex" and overwrite the old system file with the patch (make sure you have a backup of your phone just in case!). Now open Terminal emulator on your phone and do the following,
Code:
su
now give the emulator root access
Code:
cd /system/framework
chmod 644 framework_ext.odex
chown root:root framework_ext.odex
ls -la framework_ext.odex
Verify this, if it looks fine
Code:
reboot
Now open Droidwall enable it and only select apps you trust, don't select any from Xiaomi. Even the music app sends data. So simply drop all of them.
HELP MY DEVICE IS BRICKED
No worries bro.
Get system.img for your version of miui and start the phone in fastboot (vol- + pwr)
Recovery.bat
Code:
@echo off
title Recovery
echo flashing system.img on device... please wait !
fastboot fastboot flash system system.img
fastboot erase cache
fastboot reboot
echo Done, rebooting
pause >nul
Use Droidwall to block ID 0(root system processes) and ID kernel. If you don't do this it will sent info about the apps you open to umeng.com.
Anyways that's it for so far. I hope this helps you.
That is seriously messed up and illegal in most European Countries! It seem that they are begging for a Class Action Lawsuit! Let them have it!
Thank you for your important and detailed work!
Perhaps @BSDgeek_Jake would consider to add all those servers to his MoaAB hosts file?
E:V:A said:
That is seriously messed up and illegal in most European Countries! It seem that they are begging for a Class Action Lawsuit! Let them have it!
Thank you for your important and detailed work!
Perhaps @BSDgeek_Jake would consider to add all those servers to his MoaAB hosts file?
Click to expand...
Click to collapse
They deserve a lawsuit, not only for cloning Apple's iOS but also for the backdoors and crapware that connects to the internet and does stuff. Such a big company as this can't just walk away if nothing has ever happaned. They have sold over 14 million phones. 14 MILLION!
Host file doesn't work as the other spyware is in system processes that runs as ID0 simply ignores the host file somehow. I tested it several times and it just ignores the host file?
A rom update/fix has pop'd up.
http://www.needrom.com/download/redmi-1s-wcdma-global-multi-4-3-no-spywarebloatware
It's MIUI v5 with nova in the pics you see (the rom appears to come just like stock but with no backdoor etc) thanks to whoever made it.
Hi,
Can you give way to clean rom for Mi2S because applications are not the same as in your description
I have posted this and a link to this thread in the proper forums. Thanks for the info. I have also copied this thread link to google plus asking Hugo to explain it. Of course he never will but I wanted to give him a chance.
Wait so... this means XDA discovered that MIUI OS connects to the internet?
And you want to send Hugo a small fragment of mms app code with Cloud messaging - which is standard and optional MIUI feature?
Is that your proof? Congrats. Much ado about nothing...
GameSDKService? Of course because this is the stock chinese app with games (usually pirated), but the app is only in chinese original roms.
Every port, every multilang rom doesnt have those apps.
Also Duokan service provide online content to Music and Video apps. This is standard MIUI feature from beginning.
Please note that Global versions of the MIUI roms (so outside china mainland) doesnt have online features.
All stuff presented above IS not a proof!
If I were Hugo I would lough down this after reading.
Accidd said:
Wait so... this means XDA discovered that MIUI OS connects to the internet?
And you want to send Hugo a small fragment of mms app code with Cloud messaging - which is standard and optional MIUI feature?
Is that your proof? Congrats. Much ado about nothing...
GameSDKService? Of course because this is the stock chinese app with games (usually pirated), but the app is only in chinese original roms.
Every port, every multilang rom doesnt have those apps.
Also Duokan service provide online content to Music and Video apps. This is standard MIUI feature from beginning.
Please note that Global versions of the MIUI roms (so outside china mainland) doesnt have online features.
All stuff presented above IS not a proof!
If I were Hugo I would lough down this after reading.
Click to expand...
Click to collapse
First off XDA didn't find it a user did. It was just posted and asked for clarification.
Second off after the last privacy issue this OEM had you can expect people to be Leary of them.
Third. If a OEM is going to blatantly disregard copyright laws as well as the gpl you have to understand why people will not trust them. They need to very transparent with things like this. Mainly if they plain to ever make a world wide release.
I agree. But also take into account that not every piece of code presented by some user containing words "online", "sync" or ip tracing to chinese server is already a backdoor as the op presented to us. Which without proof is just a normal accusations.
As I said. In global versions of MIUI most of online Xiaomi services are disabled.
Wysłane z MI4 W
Accidd said:
I agree. But also take into account that not every piece of code presented by some user containing words "online", "sync" or ip tracing to chinese server is already a backdoor as the op presented to us. Which without proof is just a normal accusations.
As I said. In global versions of MIUI most of online Xiaomi services are disabled.
Wysłane z MI4 W
Click to expand...
Click to collapse
Are you are working for Xiaomi? Marketing maybe?
Nope.
I'm working with MIUI roms for 4 years now. And also been using MI2, MI3, Redmi, MiPad and now MI4 devices.
I also translate MIUI to my own language and run Xiaomi.eu multilang project.
We do multilang roms there every week for many devices.
I do not have access to MIUI source code - as only xiaomi does that, but I'm digging in MIUI apps all the time.
Decoding, fixing MIUI bugs, recompile, build. Everything.
Take a look into this thread:
http://forum.xda-developers.com/showpost.php?p=55283079&postcount=8
where I explained some facts.
Accidd said:
Nope.
I'm working with MIUI roms for 4 years now. And also been using MI2, MI3, Redmi, MiPad and now MI4 devices.
I also translate MIUI to my own language and run Xiaomi.eu multilang project.
We do multilang roms there every week for many devices.
I do not have access to MIUI source code - as only xiaomi does that, but I'm digging in MIUI apps all the time.
Decoding, fixing MIUI bugs, recompile, build. Everything.
Take a look into this thread:
http://forum.xda-developers.com/showpost.php?p=55283079&postcount=8
where I explained some facts.
Click to expand...
Click to collapse
I can understand your point, and frankly, I have not a Xiaomi phone, but I am using a MIUI Rom on my Lenovo. I love the rom, quick, smooth, great performance and fully of features and themes, simply beautiful, but I can also understand the concern raised in this thread. In these days, people (most of) accept things as they are, not as they should be. That way the "agencies" and all the other "followers" (software devs, manufacturers, and so on) are using their chances to mislead the masses, with the intent to control every single bit of information about our lives (from sensitive, to marketing purposes infos)! That said, I think that no one manufacturer is not misusing their power, and hope that one day, a solution will be found (even if I doubt it) to let us have our privacy as human being! I fully support this thread and would love to see more thread like this one, exactly because the aforementioned.
Well sometimes I don't get one thing. People are worried about using Chinese brands but they use Apple, or Google phones in USA that can give all your stuff to NSA in 5 minutes if they want so. If you prefere not to share your emails or photos with governments (USA or China) then don't use your smartphone. Use Nokia 3210.
Wysłane z MI4 W
Accidd said:
Well sometimes I don't get one thing. People are worried about using Chinese brands but they use Apple, or Google phones in USA that can give all your stuff to NSA in 5 minutes if they want so. If you prefere not to share your emails or photos with governments (USA or China) then don't use your smartphone. Use Nokia 3210.
Wysłane z MI4 W
Click to expand...
Click to collapse
There are laws here that protect people. The laws in China are very different. And China's own actions are the cause people dont trust them. I mean come on. They respect no ones rights at all. The are known for pirating apps, breaking copyright laws and flat out ignoring the laws that dictate what they need to do. Not to mention ripping off the work of others and claiming it as their own.
zelendel said:
There are laws here that protect people. The laws in China are very different. And China's own actions are the cause people dont trust them. I mean come on. They respect no ones rights at all. The are known for pirating apps, breaking copyright laws and flat out ignoring the laws that dictate what they need to do. Not to mention ripping off the work of others and claiming it as their own.
Click to expand...
Click to collapse
Thats true and I agree. But Chinese also protect their identities. All syncing services in MIUI seems to be encrypted.
If some random guy claims different they let him prove it if his SMS is sent plain text and then other can read them.
And also users have choice. Again. You can use MIUI OS without syncing with Mi Cloud if you dont want to.
Pirating apps, breaking copyright laws is true for China. And you are right.
But the privacy, for some brands (maybe not all) can still be protected.
Thats why I make multilang roms over xiaomi.eu. We tend to cut lot of chinese apps that EU user wont need or it will not work for them. Mentioned GameServiceSDK or some Duokan services are just app features, that give users chinese content but not steal any data (as presented in first post). This can also be removed from rom as we do that.
So also this is not that we or I accept all chinese stuff in stock rom and use it. We try to minimase the chinese influence in rom to end user.
Not to say I support china or what, but privacy issue? Apple cloud server got hacked and all the celeb personal picture got expose (tot apple claim it was not from them). Nobody was complaining this much when apple and google sync every little personal data into their server but complain about xiomi taking user data secretly? So it should be done openly? lol
Accidd said:
Well sometimes I don't get one thing. People are worried about using Chinese brands but they use Apple, or Google phones in USA that can give all your stuff to NSA in 5 minutes if they want so. If you prefere not to share your emails or photos with governments (USA or China) then don't use your smartphone. Use Nokia 3210.
Wysłane z MI4 W
Click to expand...
Click to collapse
Yes you are right about that, but would be nice if there would be some way to protect ourselves.
zelendel said:
There are laws here that protect people. The laws in China are very different. And China's own actions are the cause people dont trust them. I mean come on. They respect no ones rights at all. The are known for pirating apps, breaking copyright laws and flat out ignoring the laws that dictate what they need to do. Not to mention ripping off the work of others and claiming it as their own.
Click to expand...
Click to collapse
You are right about piracy and copyright, but it seems only things related to copyright concerns us (eg. multi million law suits). The strongest privacy laws are in Europe, not USA. In the USA we have no rights, since we are living in a drive-by-money country, not drive-by-laws! Sad thing is the fact that our "best" companies exploit Chinese people (eg. Apple pays $1,36 per iPhone for the labor force to the little Chinese people - and they sell them to us for $600), and we are concerned about our privacy, but actually we use a Chinese man made product (fact!!!). The point here is not to blame the manufacturer, or the retailer, but to find a way, by ourselves (because no "big guys" is gonna help you) to protect our privacy, both online or offline!
adkz said:
Not to say I support china or what, but privacy issue? Apple cloud server got hacked and all the celeb personal picture got expose (tot apple claim it was not from them). Nobody was complaining this much when apple and google sync every little personal data into their server but complain about xiomi taking user data secretly? So it should be done openly? lol
Click to expand...
Click to collapse
You are 100% right!
setmov said:
Yes you are right about that, but would be nice if there would be some way to protect ourselves.
You are right about piracy and copyright, but it seems only things related to copyright concerns us (eg. multi million law suits). The strongest privacy laws are in Europe, not USA. In the USA we have no rights, since we are living in a drive-by-money country, not drive-by-laws! Sad thing is the fact that our "best" companies exploit Chinese people (eg. Apple pays $1,36 per iPhone for the labor force to the little Chinese people - and they sell them to us for $600), and we are concerned about our privacy, but actually we use a Chinese man made product (fact!!!). The point here is not to blame the manufacturer, or the retailer, but to find a way, by ourselves (because no "big guys" is gonna help you) to protect our privacy, both online or offline!
You are 100% right!
Click to expand...
Click to collapse
What Apple does in China is one of the reasons Ill never touch an apple product. The companies you stated tell you what they collect. The main issue here is they are not disclosing what they are collecting.
No if you think it is right or wrong is not important. What is important is finding a way to make them be very clear about what they are doing and how to stop it.
Now one user posted how to shut it off. IF it works good. IF not then we need to start ripping apart the system and remove the coding and all access to their services.
Might not be a matter here soon as there are teams already working on ripping MIUI apart and making it open source. It will take time but I am sure it will happen.
zelendel said:
Might not be a matter here soon as there are teams already working on ripping MIUI apart and making it open source. It will take time but I am sure it will happen.
Click to expand...
Click to collapse
That's a wonderful News you have given... :good:
are those backdoors the same thing that Xiaomi was saying that data was sent only because of their cloud messaging app?; they said they will provide option to disable in the next release?

Xiaomi Security issues.

Xiaomi firmware has multiple backdoors So I've basically got myself in this sh*t because lack of care.. Until it pop'd and hit the highlights.
And now straight to the point. It doesn't f*ckin matters if you had a fw or not. As the backdoors are embedded in ROOT system processes.
And those where obviously white-listed as i didn't think of a nasty Chinese guy sitting in it calling back home. My friend who got the same phone found the article as i was having my vacation for a bit, so when i found out i did a bit a research of course on my device. After finding all this i e-mail'd him it and he posted it on the Xiaomi European forums. Guess what happened, it got deleted. So they know damn good what they're doing.
Quote:
When you purchase Xiaomi products or services, we’ll collect relevant personal information, including but not limited: delivery information, bank account, credit card information, bill address, credit check and other financial information, contact or communication records.
Quote:
Originally Posted by OP
Music app(?) connects to:
202.173.255.152
2012-12-01 lrc.aspxp.net
2012-12-01 lrc.feiyes.net
2012-12-01 w.w.w.616hk.com
2012-12-01 w.w.w.hk238.com
2012-12-01 w.w.w.lrc123.com
123.125.114.145
2013-11-27 tinglog.baidu.com
1/53 2014-07-02 12:51:01 hxxp://tinglog.baidu.com
Latest detected files that communicate with this IP address
Latest files submitted to VirusTotal that are detected by one or more antivirus solutions and communicate with the IP address provided when executed in a sandboxed environment.
3/43 2014-07-08 07:39:24 facb146de47229b56bdc4481ce22fb5ec9e702dfbd7e70e82e 4e4316ac1e7cbd
47/51 2014-04-28 09:25:27 091457f59fc87f5ca230c6d955407303fb5f5ba364508401a7 564fb32d9a24fa
24/47 2014-01-08 08:19:43 3cf0a98570e522af692cb5f19b43085c706aa7d2f63d05469b 6ac8db5c20cdcd
21/48 2013-12-02 15:15:45 7e34cb88fc82b69322f7935157922cdb17cb6c69d868a88946 8e297257ee9072
19/48 2013-12-01 20:02:32 bce4bd44d3373b2670a7d68e058c7ce0fa510912275d452d36 3777f640aa4c70
Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset.
1/53 2014-07-02 12:47:57 hxxp://dev.baidu.com/
Android-system ANT HAL Service(Framework_ext.apk/jar) connect to:
42.62.48.207
VirusTotal's passive DNS only stores address records. The following domains resolved to the given IP address.
2014-04-28 app.migc.wali.com
2014-07-12 app.migc.xiaomi.com
2014-05-30 gamevip.wali.com
2014-05-30 log.wlimg.cn
2014-04-21 mitunes.game.xiaomi.com
2014-04-30 oss.wali.com
2014-05-17 p.tongji.wali.com
2014-07-13 policy.app.xiaomi.com
Latest detected URLs
Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset.
1/58 2014-08-13 07:10:49 hxxp://policy.app.xiaomi.com/cms/interface/v1/checkpackages.php
1/58 2014-08-10 00:46:35 hxxp://policy.app.xiaomi.com/
1/53 2014-07-02 12:49:59 hxxtp://oss.wali.com
Messages(Mms.apk) connect to (it literary calls back home)
54.179.146.166
2014-08-12 api.account.xiaomi.com
2014-07-26 w.w.w.asani.com.pk
What it does? It sends phone numbers you call to, send messages to, add etc to a Resin/4.0.13 java application running on a nginx webserver to collect data. Checkpackages, embedded system process/app posts all installed apps to a Tengine a/k/a nginx webserver cms.
URL: hxxtp://api.account.xiaomi.com:81/pass/v3
Server: sgpaws-ac-web01.mias
Software: Tengine/2.0.1 | Resin/4.0.13
URL: hxxp://policy.app.xiaomi.com:8080/cms/interface/v1/
Server: lg-g-com-ngx02.bj
Software: Tengine | Resin
Bottom line
They don't give a single damn about your data.. All sent in plain text.
For messages APK (Mms.apk)
I don't believe it needs those permissions for normal functionalities, this is only for the extra feature let's call it bug.
android.permission.SEND_SMS_NO_CONFIRMATION
android.permission.GET_ACCOUNTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.INTERNET
miui.permission.SHELL
android.permission.GET_TASKS
android.permission.CAMERA
Some code ... i also attached java classes and smali dalvik jvm bytecode..
Code:
Code:
#<externalId = outgoing callerid># package com.xiaomi.mms.net; import android.net.Uri; import android.net.Uri.Builder; import android.telephony.TelephonyManager; import android.text.TextUtils; import com.xiaomi.mms.utils.EasyMap; import java.util.Iterator; import java.util.Map; import java.util.Map.Entry; import java.util.Set; import miui.net.CloudManager; public class b { public static final String qa = CloudManager.URL_ACCOUNT_BASE; public static final String qb = CloudManager.URL_ACCOUNT_API_V2_BASE; public static final String qc = CloudManager.URL_ACCOUNT_API_V3_BASE; public static final String qd = qa + "/serviceLogin"; public static final String qe = qc + "/[email protected]"; protected static String a(String paramString, Map paramMap) { if ((paramMap != null) && (!paramMap.isEmpty())) { Uri.Builder localBuilder = Uri.parse(paramString).buildUpon(); Iterator localIterator = paramMap.entrySet().iterator(); while (localIterator.hasNext()) { Map.Entry localEntry = (Map.Entry)localIterator.next(); localBuilder.appendQueryParameter((String)localEntry.getKey(), (String)localEntry.getValue()); } paramString = localBuilder.build().toString(); } return paramString; } public static c al(String paramString) { EasyMap localEasyMap = new EasyMap("type", "MXPH").a("externalId", paramString); d locald = new d(a(qe, localEasyMap)); String str = TelephonyManager.getDefault().getDeviceId(); if (!TextUtils.isEmpty(str)) locald.l("deviceId", str); return locald; } } =========================================================== public static Header a(Account paramAccount, ExtendedAuthToken paramExtendedAuthToken) { StringBuilder localStringBuilder = new StringBuilder(); localStringBuilder.append("serviceToken="); localStringBuilder.append(paramExtendedAuthToken.authToken); localStringBuilder.append("; userId="); localStringBuilder.append(paramAccount.name); return new BasicHeader("Cookie", localStringBuilder.toString()); } =========================================================== public void gT() { if (ai("http://api.comm.miui.com/miuisms/res/version").getLong("data") == PreferenceManager.getDefaultSharedPreferences(this.mContext).getLong("festival_message_version", 0L)) return; Object[] arrayOfObject = new Object[1]; arrayOfObject[0] = Integer.valueOf(this.mScreenWidth); a(ai(String.format("http://api.comm.miui.com/miuisms/res/categories?width=%s", arrayOfObject)).getJSONArray("data")); } public void m(long paramLong) { Cursor localCursor = this.mq.rawQuery("SELECT MIN(message_id) FROM messages WHERE category_id=" + paramLong, null); if (localCursor == null) throw new FestivalUpdater.DatabaseContentException(null); try { if (localCursor.moveToFirst()) { long l = localCursor.getLong(0); Object[] arrayOfObject = new Object[3]; arrayOfObject[0] = Long.valueOf(paramLong); arrayOfObject[1] = Long.valueOf(l); arrayOfObject[2] = Integer.valueOf(pd); a(ai(String.format("http://api.comm.miui.com/miuisms/res/messages?cat=%s&marker=%s&count=%s", arrayOfObject)).getJSONObject("data").getJSONArray("entries"), paramLong); } return; } finally { localCursor.close(); } } =========================================================== package miui.util; import android.content.Context; import android.provider.Settings.Secure; import android.util.Log; import org.json.JSONArray; import org.json.JSONObject; final class BaseNotificationFilterHelper$2 implements Runnable { BaseNotificationFilterHelper$2(Context paramContext) { } public void run() { try { JSONObject localJSONObject1 = Network.doHttpPostWithResponseStatus(this.val$context, "http://policy.app.xiaomi.com/cms/interface/v1/checkpackages.php", BaseNotificationFilterHelper.access$000(this.val$context)); if ((localJSONObject1.has("RESPONSE_CODE")) && (localJSONObject1.getInt("RESPONSE_CODE") == 200)) { JSONObject localJSONObject2 = new JSONObject(localJSONObject1.getString("RESPONSE_BODY")); int i = localJSONObject2.getInt("errCode"); if (i == 200) { JSONArray localJSONArray = localJSONObject2.getJSONArray("packages"); StringBuilder localStringBuilder = new StringBuilder(); for (int j = 0; j < localJSONArray.length(); j++) { localStringBuilder.append(localJSONArray.get(j).toString().trim()); localStringBuilder.append(" "); } Settings.Secure.putString(this.val$context.getContentResolver(), "status_bar_expanded_notification_black_list", localStringBuilder.toString()); BaseNotificationFilterHelper.access$102(null); return; } if (i == 202) { Log.d("NotificationFilterHelper", "blacklist is empty "); Settings.Secure.putString(this.val$context.getContentResolver(), "status_bar_expanded_notification_black_list", ""); BaseNotificationFilterHelper.access$102(null); return; } if (i == 201) Log.d("NotificationFilterHelper", "request param empty"); } else { Log.d("NotificationFilterHelper", "access network anomalies"); } return; } catch (Exception localException) { } } } =========================================================== package miui.util; import android.app.INotificationManager; import android.app.INotificationManager.Stub; import android.content.ContentResolver; import android.content.Context; import android.content.SharedPreferences; import android.content.SharedPreferences.Editor; import android.content.pm.ApplicationInfo; import android.content.pm.PackageInfo; import android.content.pm.PackageItemInfo; import android.content.pm.PackageManager; import android.content.pm.PackageManager.NameNotFoundException; import android.content.res.Resources; import android.database.ContentObserver; import android.os.ServiceManager; import android.provider.Settings.Secure; import android.provider.Settings.System; import android.text.TextUtils; import android.util.Log; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.List; import miui.os.Build; import miui.provider.CloudAppControll; import miui.provider.CloudAppControll.TAG; import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; public class BaseNotificationFilterHelper { protected static final String APP_NOTIFICATION = "app_notification"; protected static final int CODE_REQUEST_PARAM_EMPTY = 201; protected static final int CODE_RESPONSE_EMPTY = 202; protected static final int CODE_SUCCESS = 200; public static final int DEFAULT = 0; public static final int DISABLE_ALL = 3; public static final int DISABLE_ICON = 1; public static final int ENABLE = 2; protected static final String EXPANDED_BLACK_LIST_CODE = "errCode"; protected static final String EXPANDED_BLACK_LIST_PACKAGES = "packages"; public static final int NONE = 0; protected static final String SYSTEMUI_PACKAGE_NAME = "com.android.systemui"; protected static final String TAG = "NotificationFilterHelper"; protected static final String URL = "http://policy.app.xiaomi.com/cms/interface/v1/checkpackages.php"; private static HashSet<String> mBlacklist; protected static INotificationManager nm; protected static HashSet<String> sFilterList = new HashSet(); protected static HashMap<String, Integer> sFilterMap = new HashMap(); private static HashMap<String, Boolean> sIsSystemApp; protected static HashMap<String, Integer> sUidMap = new HashMap(); static { if (Build.IS_INTERNATIONAL_BUILD); for (int i = 2; ; i = 1) { DEFAULT = i; nm = INotificationManager.Stub.asInterface(ServiceManager.getService("notification")); mBlacklist = null; sIsSystemApp = new HashMap(); return; } } protected static void enableStatusIcon(Context paramContext, String paramString, int paramInt) { getSharedPreferences(paramContext).edit().putInt(paramString, paramInt).commit(); } public static void enableStatusIcon(Context paramContext, String paramString, boolean paramBoolean) { if (paramBoolean); for (int i = 2; ; i = 1) { enableStatusIcon(paramContext, paramString, i); return; } } public static String getAppNotificationText(Context paramContext, String paramString) { int i = 101450315; switch (NotificationFilterHelper.getInstance().getAppFlag(paramContext, paramString, true)) { default: case 3: case 1: case 2: } while (true) { return paramContext.getResources().getString(i); i = 101450314; continue; i = 101450315; continue; i = 101450313; } } public static int getAppUid(Context paramContext, String paramString) { int i = 0; if (sUidMap.containsKey(paramString)) return ((Integer)sUidMap.get(paramString)).intValue(); try { i = paramContext.getPackageManager().getApplicationInfo(paramString, 0).uid; sUidMap.put(paramString, Integer.valueOf(i)); return i; } catch (PackageManager.NameNotFoundException localNameNotFoundException) { } return i; } protected static int getDefaultFlag(Context paramContext, String paramString) { initFilterList(paramContext); if (sFilterList.contains(paramString)) return 2; return 0; } protected static int getGameCenterFlag(Context paramContext, String paramString) { readBlacklist(paramContext); if (mBlacklist.contains(paramString)) return 3; return 0; } private static String getInstalledAppsJson(Context paramContext) { JSONObject localJSONObject = new JSONObject(); JSONArray localJSONArray = new JSONArray(); Iterator localIterator = paramContext.getPackageManager().getInstalledPackages(0).iterator(); while (localIterator.hasNext()) { PackageInfo localPackageInfo = (PackageInfo)localIterator.next(); if ((0x1 & localPackageInfo.applicationInfo.flags) == 0) localJSONArray.put(localPackageInfo.packageName + "/" + localPackageInfo.versionCode); } try { localJSONObject.put("packages", localJSONArray); return localJSONObject.toString(); } catch (JSONException localJSONException) { } return ""; } protected static int getNetDefaultFlag(Context paramContext, String paramString) { if (sFilterMap.containsKey(paramString)) return ((Integer)sFilterMap.get(paramString)).intValue(); return loadAppNetFlagByPkg(paramContext, paramString); } public static SharedPreferences getSharedPreferences(Context paramContext) { if (!paramContext.getPackageName().equals("com.android.systemui")); try { Context localContext = paramContext.createPackageContext("com.android.systemui", 2); paramContext = localContext; return paramContext.getSharedPreferences("app_notification", 4); } catch (PackageManager.NameNotFoundException localNameNotFoundException) { while (true) localNameNotFoundException.printStackTrace(); } } protected static void initFilterList(Context paramContext) { if (sFilterList.size() == 0) { String str = Settings.System.getString(paramContext.getContentResolver(), "status_bar_notification_filter_white_list"); if (!TextUtils.isEmpty(str)) { String[] arrayOfString = str.split(" "); for (int i = 0; i < arrayOfString.length; i++) sFilterList.add(arrayOfString[i]); } sFilterList.add("cn.com.fetion"); sFilterList.add("com.google.android.talk"); sFilterList.add("com.tencent.mm"); sFilterList.add("com.tencent.qq"); sFilterList.add("com.tencent.mobileqq"); sFilterList.add("com.xiaomi.channel"); } } public static boolean isNotificationForcedFor(Context paramContext, String paramString) { int i = getAppUid(paramContext, paramString); return ("android".equals(paramString)) || (i == 1000) || (i == 1001) || (i == 0); } public static boolean isSystemApp(String paramString, PackageManager paramPackageManager) { Boolean localBoolean = (Boolean)sIsSystemApp.get(paramString); if (localBoolean == null); try { ApplicationInfo localApplicationInfo2 = paramPackageManager.getApplicationInfo(paramString, 0); localApplicationInfo1 = localApplicationInfo2; boolean bool = false; if (localApplicationInfo1 != null) { int i = 0x1 & localApplicationInfo1.flags; bool = false; if (i != 0) bool = true; } localBoolean = Boolean.valueOf(bool); sIsSystemApp.put(paramString, localBoolean); return localBoolean.booleanValue(); } catch (PackageManager.NameNotFoundException localNameNotFoundException) { while (true) ApplicationInfo localApplicationInfo1 = null; } } protected static boolean isUserSetttingInited(Context paramContext, String paramString) { int i = getSharedPreferences(paramContext).getInt(paramString, 0); boolean bool = false; if (i != 0) bool = true; return bool; } public static void loadAppNetFlag(Context paramContext) { new Thread(new Runnable() { public void run() { BaseNotificationFilterHelper.sFilterMap.clear(); Iterator localIterator = this.val$context.getPackageManager().getInstalledPackages(0).iterator(); while (localIterator.hasNext()) { PackageInfo localPackageInfo = (PackageInfo)localIterator.next(); if ((0x1 & localPackageInfo.applicationInfo.flags) == 0) { String str = localPackageInfo.applicationInfo.packageName; BaseNotificationFilterHelper.loadAppNetFlagByPkg(this.val$context, str); } } } }).start(); } public static int loadAppNetFlagByPkg(Context paramContext, String paramString) { int i = CloudAppControll.get(paramContext, CloudAppControll.TAG.TAG_NOTIFICATION_BLACKLIST, paramString); if (i == -1) return 0; sFilterMap.put(paramString, Integer.valueOf(i)); return i; } public static void observeSettingChanged(ContentResolver paramContentResolver, ContentObserver paramContentObserver) { paramContentResolver.registerContentObserver(Settings.System.getUriFor("status_bar_notification_filter_white_list"), false, paramContentObserver); } private static void readBlacklist(Context paramContext) { if (mBlacklist == null) { mBlacklist = new HashSet(); String str = Settings.Secure.getString(paramContext.getContentResolver(), "status_bar_expanded_notification_black_list"); if (!TextUtils.isEmpty(str)) { String[] arrayOfString = str.split(" "); for (int i = 0; i < arrayOfString.length; i++) mBlacklist.add(arrayOfString[i]); } } } public static void requestBlacklist(Context paramContext) { new Thread(new Runnable() { public void run() { try { JSONObject localJSONObject1 = Network.doHttpPostWithResponseStatus(this.val$context, "http://policy.app.xiaomi.com/cms/interface/v1/checkpackages.php", BaseNotificationFilterHelper.getInstalledAppsJson(this.val$context)); if ((localJSONObject1.has("RESPONSE_CODE")) && (localJSONObject1.getInt("RESPONSE_CODE") == 200)) { JSONObject localJSONObject2 = new JSONObject(localJSONObject1.getString("RESPONSE_BODY")); int i = localJSONObject2.getInt("errCode"); if (i == 200) { JSONArray localJSONArray = localJSONObject2.getJSONArray("packages"); StringBuilder localStringBuilder = new StringBuilder(); for (int j = 0; j < localJSONArray.length(); j++) { localStringBuilder.append(localJSONArray.get(j).toString().trim()); localStringBuilder.append(" "); } Settings.Secure.putString(this.val$context.getContentResolver(), "status_bar_expanded_notification_black_list", localStringBuilder.toString()); BaseNotificationFilterHelper.access$102(null); return; } if (i == 202) { Log.d("NotificationFilterHelper", "blacklist is empty "); Settings.Secure.putString(this.val$context.getContentResolver(), "status_bar_expanded_notification_black_list", ""); BaseNotificationFilterHelper.access$102(null); return; } if (i == 201) Log.d("NotificationFilterHelper", "request param empty"); } else { Log.d("NotificationFilterHelper", "access network anomalies"); } return; } catch (Exception localException) { } } }).start(); } protected boolean areNotificationsEnabled(Context paramContext, String paramString) { return false; } public boolean canSendNotifications(Context paramContext, String paramString) { return getAppFlag(paramContext, paramString, true) != 3; } public void enableAppNotification(Context paramContext, String paramString, boolean paramBoolean) { } public void enableNotifications(Context paramContext, String paramString, boolean paramBoolean) { enableAppNotification(paramContext, paramString, paramBoolean); } public int getAppFlag(Context paramContext, String paramString, boolean paramBoolean) { if (paramBoolean); for (boolean bool = areNotificationsEnabled(paramContext, paramString); bool; bool = true) { int i = getSharedPreferences(paramContext).getInt(paramString, 0); if ((i == 0) && (isSystemApp(paramString, paramContext.getPackageManager()))) i = 2; if (i == 0) i = getNetDefaultFlag(paramContext, paramString); if (i == 0) i = getDefaultFlag(paramContext, paramString); if (i == 0) i = getGameCenterFlag(paramContext, paramString); if (i == 0) i = DEFAULT; return i; } return 3; } public void initUserSetting(Context paramContext, String paramString) { if (!isUserSetttingInited(paramContext, paramString)) { if (isSystemApp(paramString, paramContext.getPackageManager())) enableStatusIcon(paramContext, paramString, true); } else return; int i = getAppFlag(paramContext, paramString, false); if (i == 3) { enableAppNotification(paramContext, paramString, false); enableStatusIcon(paramContext, paramString, false); return; } enableStatusIcon(paramContext, paramString, i); } }
RELATED
http://apkscan.nviso.be/report/show/...0b623da712918f
http://lists.clean-mx.com/pipermail/...14/072661.html
OTHER SOURCES
http://www.newmobilelife.com/2014/08...-china-server/
http://www.htcmania.com/showthread.php?p=14730859
Main post and more info. All credits go to the OP
http://forum.xda-developers.com/general/security/xiaomi-firmware-multiple-backdoords-t2847069
Is there anything that can be done about this ?
I wanted to buy this phone in a few months when proper LTE version for Europe comes out, in order to replace my SGS1, because the HW and dimensions fit my needs the best of all today's smartphones at reasonable price. But after reading about security issues I'm not sure now. I know Samsung, Google, Apple, etc. do it as well, but when I see that Xiaomi doesn't even try to use HTTPS, blah. I call it epic fail.
I guess my SGS1 must keep working far overtime
lpguy said:
Is there anything that can be done about this ?
I wanted to buy this phone in a few months when proper LTE version for Europe comes out, in order to replace my SGS1, because the HW and dimensions fit my needs the best of all today's smartphones at reasonable price. But after reading about security issues I'm not sure now. I know Samsung, Google, Apple, etc. do it as well, but when I see that Xiaomi doesn't even try to use HTTPS, blah. I call it epic fail.
I guess my SGS1 must keep working far overtime
Click to expand...
Click to collapse
The other companies don't do this on that level. Did you see the bit about bank account info?
Can it be blocked? No idea. I would never run this device or the ROM. Just posting it for others. Check the link at the bottom for the OG post
zelendel said:
The other companies don't do this on that level. Did you see the bit about bank account info?
Can it be blocked? No idea. I would never run this device or the ROM. Just posting it for others. Check the link at the bottom for the OG post
Click to expand...
Click to collapse
Thanks for the information. I saw the news when it first broke about all this info leaking stuff and i would have thought xiaomi would have learned there lesson but they didn't. I too want this device when the Europe LTE comes out but this is making me think.
Anyway, since you mention smali and a few other things, can't you just decompile the necessary apks and edit it all out. I know it would be a large task but its food for thought.......
Sent from my Note 10.1 2014
22sl22 said:
Thanks for the information. I saw the news when it first broke about all this info leaking stuff and i would have thought xiaomi would have learned there lesson but they didn't. I too want this device when the Europe LTE comes out but this is making me think.
Anyway, since you mention smali and a few other things, can't you just decompile the necessary apks and edit it all out. I know it would be a large task but its food for thought.......
Sent from my Note 10.1 2014
Click to expand...
Click to collapse
Could someone decompile it and remove it? Maybe. I really can't be sure myself. There are a few devs for this device and it would be better suited for them, as I stated I would not own the device nor would I ever run the software. (I have my reasons)
zelendel said:
Could someone decompile it and remove it? Maybe. I really can't be sure myself. There are a few devs for this device and it would be better suited for them, as I stated I would not own the device nor would I ever run the software. (I have my reasons)
Click to expand...
Click to collapse
Yes I can understand, security and privacy is not a light topic, especially on this scale.
Anyway, just had a read of the original post and it seems like its under control. In my opinion, decompile all apks, get a list of all the Chinese links and add it manually to some adblock host files. That way you wouldn't have to decompile apks for every weekly Miui update :good:
Sent from my Nexus 4 using Tapatalk
zelendel said:
Could someone decompile it and remove it? Maybe. I really can't be sure myself. There are a few devs for this device and it would be better suited for them, as I stated I would not own the device nor would I ever run the software. (I have my reasons)
Click to expand...
Click to collapse
@zelendel This Issue is in Official Miui right? and those apps which are in miui is affected by this crap but if they are on Custom Rom's i dont think so it will effect if these issue lies in miui apps since custom rom's use their own/Cm based apps
Strange is that most of you have no idea how this works and you already have made your opinion about MI4 and MIUI rom from single post that doesnt show true.
To make things clear... again:
MIUI rom does have online services like Music or Video online content and it connects to chinese servers to download this content e.g album covers or music lyrics
MIUI rom has SMS could messaging which is optional - and again this has connections to international and chinese gateways
MIUI uses Cloud sync to sync contacts, mms, call logs, and many more - so again connections to chinese servers are required. But this is also optional to users
MIUI has other services that will connect to chinese servers like Clean master, Virus scanner or Data monitor traffic saver feature - again optional to users
MIUI rom has Themes services, so there is automatic checks for new or updated themes - again optional for users
MIUI rom has payments services to buy themes online. Yes, it requires bank cards information to fill BUT only for chinese users.
Nothing from First POST has been proven with any example. Nothing has been shown to us which particular data has been sent to chinese servers.
And answering to user questions if this can be removed from app?
- Yes. Most apps have on/off switches in bools.xml that will remove e.g: online content in Music or Video. So this depends on developer choice.
Also setting parameter:
Code:
ro.product.mod_device=cancro_global
in build.prop will convert rom to Global Version (used in east Asia countries) where most of online content or chinese services will be disabled.
Thats all.
Accidd said:
Also setting parameter:
Code:
ro.product.mod_device=cancro_global
in build.prop will convert rom to Global Version (used in east Asia countries) where most of online content or chinese services will be disabled.
Click to expand...
Click to collapse
As Mi4 is not yet released outside China (I think) is this choice feasible?
Accidd said:
Strange is that most of you have no idea how this works and you already have made your opinion about MI4 and MIUI rom from single post that doesnt show true.
To make things clear... again:
MIUI rom does have online services like Music or Video online content and it connects to chinese servers to download this content e.g album covers or music lyrics
MIUI rom has SMS could messaging which is optional - and again this has connections to international and chinese gateways
MIUI uses Cloud sync to sync contacts, mms, call logs, and many more - so again connections to chinese servers are required. But this is also optional to users
MIUI has other services that will connect to chinese servers like Clean master, Virus scanner or Data monitor traffic saver feature - again optional to users
MIUI rom has Themes services, so there is automatic checks for new or updated themes - again optional for users
MIUI rom has payments services to buy themes online. Yes, it requires bank cards information to fill BUT only for chinese users.
Nothing from First POST has been proven with any example. Nothing has been shown to us which particular data has been sent to chinese servers.
And answering to user questions if this can be removed from app?
- Yes. Most apps have on/off switches in bools.xml that will remove e.g: online content in Music or Video. So this depends on developer choice.
Also setting parameter:
Code:
ro.product.mod_device=cancro_global
in build.prop will convert rom to Global Version (used in east Asia countries) where most of online content or chinese services will be disabled.
Thats all.
Click to expand...
Click to collapse
First off my thoughts about this OEM and MIUI were made long before this came about. Now you seem to be more about trying to convince people that they are trust worthy instead of finding out whats going. This would not be the first time they have been found out to be doing something shady.
I am sorry, there is no way I can trust anyone that makes their name off of breaking the law and copying someone else. I really dont have to worry about them much as their device will never be sold outside of the few minor countries that they have released it in.
deetailed said:
As Mi4 is not yet released outside China (I think) is this choice feasible?
Click to expand...
Click to collapse
Yes! And this doesn't matter!
The global version is build in in every MIUI rom. It doesn't matter if device is sold in China only or not. Even If you use dev weekly releases then you can still convert MIUI to global version.
From my research MIUI v5 can be converted, but MIUI v6 is not yet fully supported, altough apps have global support but some functions couldn't be disabled this way.
And the best part is that you can install global rom for Mi4 from en.miui.com.
Mi4 shares the same rom (cancro) as Mi3, and Mi3 is already sold in global countries like India or Singapore.
Wysłane z MI4 W
---------- Post added at 10:12 AM ---------- Previous post was at 10:04 AM ----------
zelendel said:
First off my thoughts about this OEM and MIUI were made long before this came about. Now you seem to be more about trying to convince people that they are trust worthy instead of finding out whats going. This would not be the first time they have been found out to be doing something shady.
I am sorry, there is no way I can trust anyone that makes their name off of breaking the law and copying someone else. I really dont have to worry about them much as their device will never be sold outside of the few minor countries that they have released it in.
Click to expand...
Click to collapse
Wait. I do that? What about the guy you quoted and made thread? Iv explained the reasons why MIUI connects to Xiaomi servers with many services.
Now ask that guy how he can prove his accusations.
Let him prove that my sms is read by Chinese government without my permissions. Because syncing sms or call logs or call recordings are optional to users. I can turn sync or not and this is MIUI feature.
Why not you ask that guy who never responded in this thread. He attached some smali files and classes that is not readable for most people.
The code fragment, the ip traces doesn't make sense to each other. Just take a look into the post you quoted. He never told which version of MIUI he used. From where. Etc. For me its just false accusations.
Wysłane z MI4 W
Accidd said:
Yes! And this doesn't matter!
The global version is build in in every MIUI rom. It doesn't matter if device is sold in China only or not. Even If you use dev weekly releases then you can still convert MIUI to global version.
From my research MIUI v5 can be converted, but MIUI v6 is not yet fully supported, altough apps have global support but some functions couldn't be disabled this way.
And the best part is that you can install global rom for Mi4 from en.miui.com.
Mi4 shares the same rom (cancro) as Mi3, and Mi3 is already sold in global countries like India or Singapore.
Wysłane z MI4 W
---------- Post added at 10:12 AM ---------- Previous post was at 10:04 AM ----------
Wait. I do that? What about the guy you quoted and made thread? Iv explained the reasons why MIUI connects to Xiaomi servers with many services.
Now ask that guy how he can prove his accusations.
Let him prove that my sms is read by Chinese government without my permissions. Because syncing sms or call logs or call recordings are optional to users. I can turn sync or not and this is MIUI feature.
Why not you ask that guy who never responded in this thread. He attached some smali files and classes that is not readable for most people.
The code fragment, the ip traces doesn't make sense to each other. Just take a look into the post you quoted. He never told which version of MIUI he used. From where. Etc. For me its just false accusations.
Wysłane z MI4 W
Click to expand...
Click to collapse
You may have explained why, that doesnt make it right. Personally I dont really care. They are a fly by night OEM that unless they change their OS completely and start following the laws then they will end up being just another OEM like ZTE or other device only sold in a few countries. There are a few threads around that are questioning how these roms are doing things. Even one that shows the rom uploading all attachments from email and anything else to their servers. Then mix in the last Mimessage issues and them being known for shady dealings and you cant blame people for not trusting them.
The way its going these forums for this OEM are gonna end up being removed from the site. They need to come clean and tread very carefully.
Hi,
I do not have this lin, maybe because I am using Miuiv6. That's what I can see in the build.prop file:
Code:
ro.build.id=KTU84P
ro.build.display.id=KTU84P
ro.build.version.incremental=4.9.26
ro.build.version.sdk=19
ro.
build.version.codename=REL
ro.
build.version.release=4.4.4
ro.build.date=Fri Sep 26 06:27:25 CST 2014
ro.build.date.utc=1411684045
ro.build.type=user
ro.build.user=builder
ro.build.host=wcc-miui-ota-bd24
ro.build.tags=release-keys
ro.product.model=MI 3W
ro.product.brand=Xiaomi
ro.product.name=cancro
ro.product.device=cancro
ro.product.board=MSM8974
ro.product.cpu.abi=armeabi-v7a
ro.product.cpu.abi2=armeabi
ro.product.manufacturer=Xiaomi
ro.product.locale.language=zh
ro.product.locale.region=CN
Should I modify anything to "globalize" the device? It's Mi3.
Dzięki z góry za pomoc krajan
Install latest MIUIPolska rom. It's already made almost global.
Wysłane z MI4 W
Couldn't most potential security threats be eliminated by:
1. Encrypting
2. Installing another rom, not MIUI based (if possible)
3. Uninstalling the apps of concern
4. Setting specific permissions within each app
As for the personal information issue, couldn't that also be avoided by purchasing through a third party vendor? If they handle the information, all Xiaomi provides is the hardware and nothing else. Of course, I suppose if your options are limited in that area, it could be worrying.
kibmikey1 said:
Couldn't most potential security threats be eliminated by:
1. Encrypting
2. Installing another rom, not MIUI based (if possible)
3. Uninstalling the apps of concern
4. Setting specific permissions within each app
As for the personal information issue, couldn't that also be avoided by purchasing through a third party vendor? If they handle the information, all Xiaomi provides is the hardware and nothing else. Of course, I suppose if your options are limited in that area, it could be worrying.
Click to expand...
Click to collapse
To be honest I would t know. This device is not available here and as long as it is only paypal I'll never get it.
Hey, should xiaomi owners (typical consumers) should be worried about these secutiy concerns? I know this is a serious matter of privacy but is it enough to stay away from it?
feb289 said:
Hey, should xiaomi owners (typical consumers) should be worried about these secutiy concerns? I know this is a serious matter of privacy but is it enough to stay away from it?
Click to expand...
Click to collapse
Hi. This is a very old topic and concern. Security concerns were raised as MIUI v5 used to directly sync data to their cloud storage, MI cloud. So it looked like all data was secretly being sent to China. However this has been resolved as soon as the matter was brought to notice. Now you have control over what gets synced. So there is no reason to be scared
Sent from my MI 4W using XDA Free mobile app
Are you sure it isn't Xiaomi Cloud Service just like iCloud?
Sent from my MI 4LTE using XDA Free mobile app
I read an article regarding a stock app named AnalyticsCore.apk
http://thehackernews.com/2016/09/xiaomi-android-backdoor.html
https://www.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/

Categories

Resources