Like most Chinese manufacturers, Xiaomi's Android phones come with heavy UI customizations and many pre-installed apps featuring advertisements no one asked for — in fact, this release model is part of the reason why Xiaomi is routinely able to undercut its competition in price. However, the company might be too thirsty about collecting personal data to show individualized ads, as its Quick apps application has been blocked by Google Play Protect because of potential tracking issues.
Some users have reported that they've received a popup from Play Protect, telling them that an update to Quick apps has been blocked because "This app can collect data that could be used to track you." While the app isn't available in the Play Store and is instead distributed on Xiaomi's own platform, Play Protect still scans all apps installed on any Play Services-equipped phone for malware, even if it's sideloaded or stemming from a distributor outside of the Play Store.
It's unclear why exactly Quick apps has been marked as a data tracker just now, but as PinuikaWeb points out, a report from earlier this year states that the application has extensive access to more than 55 permissions that allow it to collect almost any data you could think of: Among other information, the app has access to the phone permission, IMEI numbers, SIM numbers, tower detail numbers, user credentials, and can record audio and video. It saves any information it gathers to a temporary storage on the phone and uploads it to online endpoints later.
From the evidence collected by the report, it looks like Xiaomi uses this data to push targeted advertisements to its users that pop up on their lock screen, news widget, within browser ads, and more places around the system.
The app has been able to coexist with Play Protect's scans for a long time, so it's likely an update may have added or changed something about the data collection that finally triggered Google's automated anti-malware protection. So far, it looks like the update remains blocked, and Xiaomi will probably have to revert changes to appease Play Protect.
Xiaomi reached out to us to provide a statement on the situation. It looks like some changes in Play Protect's algorithm made its Quick apps appear to be malware. Still, the fact remains that the system app has far-reaching permissions that seem questionable at best.
Here's the full statement:
We're aware of the update concerning one of our system apps called Quick Apps. Some users may get a notification that this app has been blocked by Google Play Protect. We are in touch with Google regarding this and it is likely happening due to a revision in Google Play Protect's algorithm. Rest assured that this system app is absolutely safe.