MIUI 13 Security White Paper - Xiaomi

1. Overview



As the world's leading smartphone manufacturer, Xiaomi is committed to its corporate mission of creating amazing products that leverage innovative technology to promote a better life worldwide, while maintaining fair and accessible pricing. In the era of intelligent interconnectivity, ensuring the security and privacy of user data is of paramount importance to us. As such, Xiaomi places significant emphasis on addressing issues related to user security and privacy.

The MIUI product designed by Xiaomi has a strong focus on security and usability, featuring a tightly integrated system of software, hardware, and services that work together to provide end-to-end protection for our users. This includes fundamental security features such as hardware chips, system kernels, and data security, as well as comprehensive information security and privacy protection for a range of critical services (i.e.: Mi Account, Mi Pay, Mi Cloud, Image AI, etc.). This holistic approach ensures that every Xiaomi smartphone is equipped with the necessary tools and features to safeguard user data and maintain their privacy.

This document presents a deep dive into MIUI's security architecture, technical principles, functional design, and privacy protection measures for mobile phones and cloud services to all stakeholders, including our users, developers, partners, and relevant regulatory authorities. We hope that this document will help to foster greater clarity and transparency around the architecture and implementation of these measures. The logical structure of the Xiaomi MIUI Security White Paper is illustrated in the following figure.

Figure 1-1-1

Xiaomi offers dedicated versions* of its smartphones for different countries:

  • Mainland China: Mainland China Version
  • Worldwide except Mainland China: International Version

*Note: Different versions of the Xiaomi smartphones may be offered for each region/country, based on the local user preference and/or local operators' requirements.

MIUI's security technology is based on a hardware-based security root-of-trust that establishes a chain of trust, which is securely transferred to the operating system through the secure boot process. Building on the robust Android security kernel, MIUI monitors the runtime status of applications to ensure the security of both the operating system and the applications. We also employ encryption and data protection functions to secure file systems and user data. Our cloud services benefit from comprehensive protection through the partitioning of service functions and the implementation of Defense-in-Depth protection measures. The combination of these safeguards functions together to offer users the highest level of security and privacy protection possible.

Hardware and System Security: The Xiaomi smartphone is a secure, integrated software and hardware platform that includes a hardware-built trusted environment, secure boot, security kernels, network and communication security, device control, and system software updates.

Encryption and Data Security: The encryption application, which is an integral part of the data protection architecture based on MIUI's design, not only guarantees the security of user data but also enhances the usability and convenience of MIUI.

Application Security: The fundamental protection mechanism and a set of application security features allow applications to operate securely, ensuring the safety of user data.

Internet Service Security: Xiaomi has implemented the highest level of protection for user privacy and data security on its core Internet services that run on MIUI.

Compliance and Privacy Practice: Xiaomi has established a comprehensive governance framework for protecting information security and privacy, consisting of guiding principles, organizational architecture, security and privacy certifications, privacy policies, and mechanisms for continuous improvement.

We are committed to achieving greater transparency with this White Paper, and we hope that Xiaomi's users, developers, partners, and relevant regulatory authorities can gain a better understanding of our security practices.