So this just happened - those of you who have a Xiaomi phone know when you install apps it has it’s own “Virus Checker” screen which comes up before the app is approved for install. This is provided by Avast I just found out…

Anyway while installing an app from F-droid today I got an error message on this screen - which said “app from unknown source” and two buttons below - “Ignore” and “Install”. So I clicked on “Install” since I wanted to install the app and then noticed that the install process seemed a bit different (I can’t remember what happened exactly) but I checked the app on F-Droid and the version history wasn’t available - which a notice says means the app was installed from Play Store or somewhere else. But I just installed it from F-Droid!

So I tried another few apps and it happened again for one of them. I clicked around and there it was, some sort of Xiaomi app store installing versions of the app instead of the one I told my phone to install.

I guess there is an innocent explanation for this - stopping people from installing malware and giving them a “correct” version of the app they wanted - but I have disabled it on my phone, I know what I am doing and if I want the cracked version it’s because that’s the version I meant to install ;)

  • AMDIsOurLord@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    8 months ago

    Xiaomi doesn’t have an app store. It’s possible that you’re tripping off the “counterfeit app detection” and it’s sending a request to Google Play and installs from there.

    This mechanism even tho inconvenient for you is a life saver in countries with lower tech literacy because malware versions of popular massanger apps were very widespread

  • Paragone@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    8 months ago

    XOR…

    Xaiomi is installing versions with Microsoft-style spyware/malware in 'em…

    Same as ISP’s altering the web-pages that people view, for their own commercial-reasons…

    Molesting-the-user seems to be THE SurveillanceCapitalism paradigm, in the Enshittocene…

    I’m not competent to do the decompilation/analysis required to discover if your new “helpful” versions are spyware/malware, but I’d bet they are not as clean as the original versions are.

    Avast has been caught being treason-against-privacy, recently, too, with their “privacy” app that was actually a trojan to enable Avast to sell privacy-information for profit…

    ( last few weeks in the Tech news, here on Lemmy.world, iirc )


    You might want to ask the MalwareBytes people to look into it?