Xiaomi Device Compromise Detection Details – Technical Bulletin
Xiaomi devices are being detected as compromised via our AirWatch Agent for Android. Customers that have compromised device detection policies in place are affected. Below are the details around why we are detecting the device as compromised and how to allow administrators to whitelist Xiaomi for certain policies.
Compromise Detection Details
- Xiaomi devices have a file with the SuperUser ID bit set as true that appears to have a debug shell:
- -rwsr-sr-- root system shelld
- This file is not part of the standard Android production build. As a result, these devices are flagged as Compromised.
Implications for Customers
- To AirWatch, this is a legitimate security concern and not a false positive. AirWatch will be working with Xiaomi to inform them of our findings and determine proper mitigation
- As of version 8.0 FP1, AirWatch provides the ability to create an MDM Compliance rule which detects manufacturer of Android devices. This will allow administrators to exclude Xiaomi devices from Compromised detection, by configuring their compromised detection policy as such:
- Match All rules
- Compromised Status Is Compromised
- Manufacturer is not Xiaomi
- Match All rules
- We are not adding the ability to whitelist manufactures in SEG compliance or in SDK compromised detection security policies. Customers wanting to support Xiaomi devices should not use SEG compliance or SDK compromised detection. However, a standard compliance policy can be used to block email access for non-compliant devices.
Support Contact Information
If you have additional questions or concerns, please contact Account Services & Support or submit a support ticket through myAirWatch.
The AirWatch Team