So this just happened - those of you who have a Xiaomi phone know when you install apps it has it’s own “Virus Checker” screen which comes up before the app is approved for install. This is provided by Avast I just found out…
Anyway while installing an app from F-droid today I got an error message on this screen - which said “app from unknown source” and two buttons below - “Ignore” and “Install”. So I clicked on “Install” since I wanted to install the app and then noticed that the install process seemed a bit different (I can’t remember what happened exactly) but I checked the app on F-Droid and the version history wasn’t available - which a notice says means the app was installed from Play Store or somewhere else. But I just installed it from F-Droid!
So I tried another few apps and it happened again for one of them. I clicked around and there it was, some sort of Xiaomi app store installing versions of the app instead of the one I told my phone to install.
I guess there is an innocent explanation for this - stopping people from installing malware and giving them a “correct” version of the app they wanted - but I have disabled it on my phone, I know what I am doing and if I want the cracked version it’s because that’s the version I meant to install ;)
Can you check the package names of the apps? On F-droid website you can see it in the url, for example https://f-droid.org/packages/com.jens.automation2/ the code is
com.jens.automation2
. You should see the same name on the page of the app in settings if you scroll down.If the names are the same than nothing nefarious should be happening behind the scenes.Unknown source can mean it’s not from a built-in store. If you would be rooted and install the F-droid Privileged Extension it should show up there correctly. Maybe they just block reading this kind of info from F-droid.
On common Xiaomi phones the rom cooking community is very vivid usually, you can just replace the shitty default rom really easily. Start to look for roms and tutorials about rooting on xdaforums
The package names would not be different if it’s installing a different (possibly malevolent) version of the same app.
Only the signature and other metadata would be different, but if the package name were different it would show as a different app entirely in places like f-droid, not as installed from elsewhere. It would show the intended app as not installed at all if the package name of the Xiaomi version wasn’t the same.