Called Guard Provider, the app uses anti-virus scanners from Avast, AVL, and Tencent to detect potential malware. With Android malware finding different ways to get onto your device, it’s not surprising to learn that Xiaomi pre-installs Guard Provider on all of its phones.
However, Check Point researchers found a glaring security flaw with the app — its update mechanism.
According to Check Point researcher Slava Makkaveev, Guard Provider receives updates through an unsecured HTTP connection. That means that bad actors could abuse the Avast Update APK and insert malware through a man-in-the-middle (MITM) attack, so long as they were on the same Wi-Fi network as their potential victims.
An example of a MITM attack is active eavesdropping, which involves an attacker setting up an independent connection with a victim. The victim believes they’re relaying messages with a legitimate third party, with the reality being that the attacker intercepts their messages and throws in new ones.
In addition to malware, Makkaveev said that attackers can also use MITM attacks to inject ransomware or tracking apps. Attackers can even learn the file name of the update in order to make their software look as innocuous as possible.
Because Guard Provider is pre-installed on Xiaomi phones, millions of devices feature the same security flaw. The good news is that Xiaomi is aware of the issue and worked with Avast to fix it.
Android Authority reached out to Xiaomi for comment but did not receive a response by press time.