Don't miss an important update at the bottom of this article, which includes an official statement from Xiaomi. Do you own an Android Smartphone from Xiaomi, HTC, Samsung, or OnePlus?

If yes, then you must be aware that almost all smartphone manufacturers provide custom ROMs like CyanogenMod, Paranoid Android, MIUI and others with some pre-loaded themes and applications to increase the device's performance. But do you have any idea about the pre-installed apps and services your manufacturer has installed on your device?, What are their purposes? And, Do they pose any threat to your security or privacy?

Millions of Xiaomi phones are vulnerable to a flaw that could allow an attacker to remotely install malware. The vulnerability, now fixed, was found in the analytics package in Xiaomi's custom-built Android-based operating system.

Security researchers at IBM, who found the flaw, discovered a number of apps in the package that were vulnerable to a remote code execution flaw through a man-in-the-middle attack -- one of which would allow an attacker to run arbitrary code at the system-level. In other words, an attacker could inject a link to a malicious Android app package, which is extracted and executed at the system level.

According to the experts, the devices retrieved messages and photos, even though the backup feature was off. Information security experts of many countries have criticized the Chinese telecommunication equipment suppliers for installing backdoors in their products, that’s why the Chinese company Xiaomi, which is engaged in production of smartphones, was sued. 

In the judicial claim the Chinese manufacturer was accused of secretly taking users‘ personal information and then sending SMS, files from gallery, the list of contacts, IMEI, IMSI and so on to servers in Beijing. Besides, data were copied without owner‘s permission even thus the backup feature was disabled.