I got this new Xiaomi Redmi Note 2 and after couple of hours started to notice strange behaviour. It showed pop-up advertising! Pop-ups came on top of any app I happened to be using that time. Obviously that was really annoying but also very scary, as my whole phone was potentially compromised. I tried factory resetting the phone, but it didn't help. I did a full wipe and installed an official ROM from Xiaomi's homepage. Also changed all the passwords that could have been compromised.
I was just thinking what's the lesson here? Can we trust any software that is pre-installed in new electronics or is it just the Chinese phones? I know Xiaomi's own Android is full of bloat and probably spies for the Chinese government, but the custom ROM was clearly installed for someone's personal gain.
I already posted this to /v/security but I think this /v/android might be a more useful place to share this incident.
view the rest of the comments →
[–] JustAnotherHuman ago
I think this really depends on where you bought the phone from. Are you in the USA? did you buy from an importer? then when the phone makes round from xiaomi to you, it may be compromised in the middle somewhere.
Good job on wiping the phone and changing your passwords; one piece of advice: use two step auth wherever you can, specially your main email account