Showing posts with label MIUI. Show all posts
Showing posts with label MIUI. Show all posts

Monday, 3 October 2016

How to Manually Download and Install MIUI 8 Right Now


HIGHLIGHTS

  • Few Xiaomi devices are eligible for an OTA update
  • Other compatible devices can manually flash their devices to MIUI 8
  • The China Stable ROM will be made available in a few days
Xiaomi has started rolling out the MIUI 8 Global Stable ROM to all eligible devices. Initially, MIUI 8 Global Stable ROM over-the-air (OTA) update is restricted to only a few devices, which means that the others will have to manually download and install the build if they wish to use it immediately.
Xiaomi Redmi 1SMi 2Mi 2SMi 4iRedmi Note 3G, andRedmi Note 4G will receive the MIUI 8 via an OTA update starting Tuesday, and all they need to do is wait it out patiently for a notification. They can alternatively even check in their Updater app, to see if the update has arrived or not.
For the Redmi 2 and Redmi Note 2, Xiaomi says some users will receive the update from Tuesday, but the rest will start receiving it from Thursday.
For the rest of the devices, Xiaomi has promised the update rollout sometime in the 'near future,' which is very vague. The devices with no immediate update are Redmi 2Redmi 2 PrimeRedmi Note 3 Qualcomm, Redmi Note 3 Special Edition, , Redmi Note Prime, Redmi 3Redmi 3SRedmi 3S PrimeMi 2SMi 3Mi 4Mi 5Mi Note, and Mi Max 32GB. No ROM download links are available for these devices either. 
For those who have the Redmi 1S, Mi 2, Mi 2S, Mi 4i, Redmi Note 3G, and Redmi Note 4G however, they can download and install the corresponding ROMs from Xiaomi's website. Follow the below highlighted steps on how to download and install the MIUI 8 Global Stable ROM. However, ensure that you have backed up your files before proceeding.
1) First step is to identify your smartphone and download the corresponding MIUI 8 build for your smartphone. For all the smartphones that have locked bootloaders, they need to be first unlocked. Follow the steps here. There are two methods of manually downloading - the Recovery Method and the Fastbooting Method. If Fastbooting, then you need to download the Mi Flash Tool from here.
This list will be updated with new MIUI 8 Global Stable ROM links as Xiaomi makes them available.
Most users should download the Recovery ROM for their smartphone. Flashing Recovery ROM will not wipe your user data or the files in internal storage and it's simple to use, so unless you are planning to start afresh we suggest you follow this method. In both cases however, just in case something goes wrong, it is always recommended to back up your data and files first, like we mentioned earlier.
2) Once you've downloaded the MIUI 8 Recovery ROM, rename the downloaded ROM file to update.zip on the computer.
3) Connect your Xiaomi smartphone to your laptop via a Micro-USB cable, and copy the ROM file downloaded into the root directory of the internal storage of your device (do not put it in any other folder).
4) Enter the Recovery mode of your device. There are 2 methods to do it as follows:
Method 1: Launch Updater app on your device, click the menu icon at the top-right corner, and selectReboot to Recovery mode to enter.
Method 2: You can also turn off your device and then hold both Volume+ button and Power button at the same time to enter Recovery mode (Once in Recovery mode, you can use Volume +/- to select up/down, and Power button to confirm).

5) After entering Recovery mode, choose the language you use, select Install update.zip to System One and confirm, and then your device will begin updating automatically. Wait until the update is completed, choose Reboot to System One, and then your device should boot to the MIUI 8 Global Stable ROM version.
6) Xiaomi phones with the new Mi recovery interface, will see a new Choose update package'option in the Updater app. Select that, go to Download > Choose files, and choose the copied Recovery ROM zip file and tap OK. It will then verify the the package, reboot automatically, and flash the MIUI 8 Recovery ROM accordingly.

Installing a Fastboot ROM is a little bit more complicated. After downloading the Mi Flash Tool and the Fastboot MIUI 8 ROM for your corresponding device ROM here, follow the below steps:
1) Switch off your Xiaomi smartphone. Hit the Volume- key and the power button at the same time to enter Fastboot mode. Now plug in your device to a Windows PC or laptop via the Micro-USB cable.
2) Double-click on the Fastboot ROM file you downloaded to your PC in step 2 to decompress it. Open the folder where this decompressed ROM is saved and copy the folder path.
3) Now decompress the flashing tool you downloaded in Step 1. Then double-click on it to install it. After this, open MiFlash.exe and in its address bar, paste the folder path copied in the previous step. Now click the Refresh button and MiFlash will recognise your device.
4) There are three options you can choose from at the bottom: Clean all will flash all the files, and wipe all userdata and all files in internal storage. Save User Data will flash updated files, but will not delete user data and files in internal storage. Clean all and lock will wipe all data, and lock the device again.

5) To preserve your user data make sure you select the Save User Data option. After this, click Flash button towards top right to flash the ROM to your Xiaomi smartphone.
6) Wait till the progress bar fills up. You will then see a message next to it that reads: flash done. Your device will automatically reboot and have MIUI 8 installed.
How was your experience installing MIUI 8 Global Stable ROM on your smartphone? Let us know via the comments. For more tutorials, head to our How To section.
Note: Post updated to include correct ROM download links



Share:

Friday, 16 September 2016

Xiaomi Can Silently Install Any App On your Device

Do you own an Android Smartphone from Xiaomi, HTC, Samsung, or OnePlus?
If yes, then you must be aware that almost all smartphone manufacturers provide custom ROMs like CyanogenMod, Paranoid Android, MIUI and others with some pre-loaded themes and applications to increase the device's performance.
But do you have any idea about the pre-installed apps and services your manufacturer has installed on your device?, What are their purposes? And, Do they pose any threat to your security or privacy?

With the same curiosity to find answers to these questions, a Computer Science student and security enthusiast from Netherlands who own a Xiaomi Mi4 smartphone started an investigation to know the purpose of a mysterious pre-installed app, dubbed AnalyticsCore.apk, that runs 24x7 in the background and reappeared even if you delete it.

Xiaomi is one of the world's largest smartphone manufacturers, which has previously been criticized for spreading malware, shipping handsets with pre-loaded spyware/adware and forked version of Android OS, and secretly stealing users' data from the device without their permission.

Xiaomi Can Silently Install Any App On your Device
After asking about the purpose of AnalyticsCore app on company’s support forum and getting no response, Thijs Broenink reverse engineered the code and found that the app checks for a new update from the company's official server every 24 hours.

While making these requests, the app sends device identification information with it, including phone's IMEI, Model, MAC address, Nonce, Package name as well as signature.

If there is an updated app available on the server with the filename "Analytics.apk," it will automatically get downloaded and installed in the background without user interaction.
"I couldn't find any proof inside the Analytics app itself, so I am guessing that a higher privileged Xiaomi app runs the installation in the background," Broenink says in his blog post.
Now the question is, Does your phone verify the correctness of the APK, and does it make sure that it is actually an Analytics app?
Broenink found that there is no validation at all to check which APK is getting installed to user's phone, which means there is a way for hackers to exploit this loophole.
This also means Xiaomi can remotely and silently install any application on your device just by renaming it to "Analytics.apk" and hosting it on the server.
"So it looks like Xiaomi can replace any (signed?) package they want silently on your device within 24 hours. And I’m not sure when this App Installer gets called, but I wonder if it’s possible to place your own Analytics.apk inside the correct dir, and wait for it to get installed," Broenink said.
Hackers Can Also Exploit This Backdoor
Since the researcher didn't find the actual purpose of the AnalyticsCore app, neither on Googling nor on the company's website, it is hard to say why Xiaomi has kept this mysterious "backdoor" on its millions of devices.
As I previously said: There is no such backdoor that only its creator can access.
So, what if hackers or any intelligence agency figure out how to exploit this backdoor to silently push malware onto millions of Xiaomi devices within just 24 hours?
Ironically, the device connects and receive updates over HTTP connection, exposing the whole process to Man-in-the-Middle attacks.
"This sounds like a vulnerability to me anyhow, since they have your IMEI and Device Model, they can install any APK for your device specifically," Broenink said.
Even on the Xiaomi discussion forum, multiple users have shown their concerns about the existence of this mysterious APK and its purpose.
"Don't know what purpose does it serve. Even after deleting the file it reappears after some time," one user said.
Another said, "if I go to battery usage app, this app is always at the top. It is eating away at resources I believe."
How to Block Secret Installation? As a temporary workaround, Xiaomi users can block all connections to Xiaomi related domains using a firewall app.
No one from Xiaomi team has yet commented on its forum about the question raised by Broenink. We'll update the story as soon as we heard from the company.

Meanwhile, if you are a Xiaomi user and has experienced anything fishy on your device, hit the comments below and let us know.
Share: