It seems all xiaomi.eu ROMs are signed with the default Android platform private key. This is a severe security flaw. Any arbitrary userland apps (installed by users using apk files) can gain System privilege by claiming android:sharedUserId="android.uid.system" in the manifest xml file.
Here is an example app that is signed with platform key and has such field (Chinese website, translate it using Google Translate):
https://www.coolapk.com/apk/tc.mycompany.com.hstopapk
This app (hstopapk) can gain system privilege and disable/freeze any apps without root permission.
Here is an example app that is signed with platform key and has such field (Chinese website, translate it using Google Translate):
https://www.coolapk.com/apk/tc.mycompany.com.hstopapk
This app (hstopapk) can gain system privilege and disable/freeze any apps without root permission.