Fake Xiaomi smartphones on sale with malware pre-installed

They say imitation is the sincerest form of flattery, but one company which has been widely criticised in the past for copying Apple has now suffered the same fate after a fake version of one of its most popular smartphones has been discovered with malware pre-installed.

On 3 March, 2015, mobile security company Bluebox published a blog post which reported that it had found malware pre-installed on a Xiaomi Mi 4 smartphone which it had determined was a legitimate piece of hardware. The company's own Trustable tool returned a score of just 2.6 on the Mi 4, putting it firmly in the suspicious range.

The company scanned the software installed on the device and reported: "Ultimately we found six suspicious apps that can be considered malware, spyware or adware."

100% counterfeit

The problem however was that despite Bluebox's rigorous testing, the Mi 4 phone was a fake.

Xiaomi told IBTimes UK that the device Bluebox obtained is 100% proven to be a counterfeit product purchased through an unofficial channel on the streets in China. In a emailed statement, the company said:

"As this device is not an original Xiaomi product, and not running an official Xiaomi MIUI software build, Bluebox's findings are completely inaccurate and not representative of Xiaomi devices. We believe Bluebox jumped to a conclusion too quickly without a fully comprehensive investigation."

True Android

In its original blog post, Bluebox described the steps it took to make sure it was dealing with a legitimate device:

"To determine if the device is a fake, there are a variety of hardware factors one can look at both on the surface of the device, under the battery cover, and in the components used (e.g. the CPU type). Additionally, there is an app called "Mi Identification" that can be run on the device to determine if the device is legitimate or not. Based on this testing, we determined that our Xiaomi Mi4 LTE was, in fact, legitimate."

The smartphone obtained by Bluebox was running a rooted version of Xioami's MIUI operating system and came with fake versions of benchmarking apps such as Antutu which ran "tests" to show the hardware is legitimate. It even comes with a version of Xiaomi's own identification app which is used to verify the validity of the hardware.

Xiaomi's MIUI is based on Android, but unlike other "forked versions" of Google's mobile operating system, the Chinese company says that MIUI "is true Android".

"MIUI follows exactly Google's definition for compatible Android devices, and it passes all Android CTS tests, the process used by the industry to make sure a given device is fully Android compatible," the company said.

Apple of the East

Xiaomi, along with a number of other Chinese brands, has in the past been accused of copying Western companies, and in particular Apple, in its product design and marketing materials.

However, in the last 12 months the company has emerged from the shadow of Apple to carve out a significant piece of the global smartphone market, selling 61 million units in 2014 and predicting sales of over 100 million in 2015.

Xiaomi is looking to differentiate by providing premium hardware and design at a budget price while offering a unique experience through its smartphone software.

The company said in its statement that "with the large parallel street market for mobile phones in China, there exists counterfeit products that are almost indistinguishable on the outside. This happens across all brands, affecting both Chinese and foreign smartphone companies selling in China".

Some may see the fact that counterfeiters are going to this much trouble as a signal that Xiaomi has finally arrived at the smartphone top table, but the company will unlikely be appreciative of such attention.