Xiaomi have commented on the allegations of spyware in their devices
A student from the Netherlands named This Broenink (Thijs Broenink) that studies security, found in the Xiaomi Mi4 smartphone app AnalyticsCore.apk that is constantly running in the background.
The research results indicate that using AnalyticsCore.apk Xiaomi company can install any application on user’s smartphone without his knowledge. If you try to remove AnalyticsCore.apk, it still appears again in the list of applications and will contact the Xiaomi servers every 24 hours, installing their own updates. Moreover, communicating with the Xiaomi servers, the application AnalyticsCore.apk transmits the IMEI of the device.
The representatives of Xiaomi, commented on this finding as follows: AnalyticsCore.apk sends different data on the use of the device, which subsequently will be transferred by the developers to improve shell MIUI and user experience in General. As for updates, those do load, but only if they have a certificate of authenticity and distributed exclusively by the manufacturer. That is, to install any application using AnalyticsCore.apk hackers can not claim to Xiaomi.
In addition, Xiaomi has denied charges Broenink that AnalyticsCore communicates with the server over an unencrypted HTTP connection. Since April of this year, the updates are transmitted over a secure HTTPS connection, which eliminates the possibility of traffic interception and attack type «man in the middle» (Man in the middle).