A Xiaomi smartphone has a mysterious pre-installed app that runs 24×7 in the background and reappears even if you delete it. A Dutch researcher found that there is no validation at all to check which APK is getting installed to user’s phone, which means there is a way for hackers to exploit this loophole. Xiaomi has previously been criticized for spreading malware, shipping handsets with spyware/adware and forked version of Android OS, and secretly stealing users’ data from the device without permission.
Source: https://thehackernews.com/2016/09/xiaomi-android-backdoor.html