Package Installer Issues on Xiaomi EU

[kikmyaz]

As I understand "com.miui.packageinstaller" is a crucial part of CN firmware. However, upon pulling and decompiling the latest version of this package (shipped in the stable Xiaomi EU firmware) I discovered there are additional hidden KPI based ads buried in it. Specifically these are characterised by frequent DNS and TCP traffic to taobao.com (淘宝) and pdd (拼多多) whenever an app is installed.

Somewhat annoyingly this traffic has not been covered by the privacy policy specified by either the firmware or the app itself. Now one solution might be to replace "com.miui.packageinstaller" with the original Google's version "com.google.android.packageinstaller", or alternatively the Global version can be used instead. But either case this might cause incompatibility with the CN "com.miui.securitycenter" (untested).

Was wondering if the EU team / anyone has a solution?

 

[Igor Eisberg]

"Or alternatively", find something better to do than decompiling apps and looking for unused code.

 

[kikmyaz]

"Or alternatively", find something better to do than decompiling apps and looking for unused code.

Seriously though... not trying to nitpick the work by the team. Actually after examining most of your selection regarding which CN or global apks to keep for the .eu firmware, it is quite evident you guys did a good job pruning the useless features and only keeping the most helpful feature set. So thank you for all the hard effort!

Just wanted to point out this single issue after running some MITM to see what traffic's being leaked through. In general most things are fine, since you guys used the global version for cloud account & frameworks and the CN security app. This is like the single most annoying issue since it just kept pinging that taobao.com server whenever an app is installed (and with no way to disable it since you can't disable Wi-Fi for system apps unless rooted).