# Hack # # Geek # # Privacy #

Trying a Xiaomi phone the bad the ugly and maybe the beautiful

Introduction

I recently purchase a Xiaomi X11 5G Lite, as I needed/wanted to test dual freaquency GNSS for SimpleVeggieGarden, as explained in a previous post.

I'm quite happy about the GPS part of the phone, but the software part is a real nuisance.
While i'm not very fund of it, I kind of got used to Android phones being shipped with Google Apps (that would be the bad).
The ugly is the additional layer of apps that Xiaomi decided to bundle with the phone. Firstly I hate that some are doubles from the google apps, why would I backup my data with Google and Xiaomi???
I got really pissed off, when I realised that they even included facebook and netflix as system apps... that's too much...
Nothing like good'ol XDA to find out that there is a LiR port (based on LineageOS) available for the Mi 11 lite 5G \o/
At this point I still hesitate... the GPS works really well, and it would be a pity to brick this brand new phone... but the bundled soft is just too horrible for me to use this phone... I decide to take the bricking risk, if the flashing works, I'll have a new phone without Google apps.
Hence I start to follow the steps indicated in the tutorial, until I get a fastboot error mentioning that the phone is locked, and should be unlocked before flashing
This is the beautiful part of this post: Xiaomi provides an unlocker for their phones (so I can flash the other firmware on the phone).
Another horror: this unlocker only works in Windows, it requires the phone to have a SIM and to be registered with a XIAOMI account. Once the procedure started, another nice surprise appears: I need to wait 168 hours before the phone can be unlocked.
Such an arbitrary period to wait... Why the hell should I wait 168 hours to unlock my phone? Was it an attempt of Xiaomi to have me write a small post about this device?

flashing Xiaomi Mi 11 5G Lite

Flashing

This was a long wait! Once the wait was over, unlocking the bootloader under windows was very easy.
Last time I had flashed a phone, it was running some android 4.X... so I had to do a bit of research to refresh/update my memory!
1. Finding if any custom bootloader is available
As soon as I play with a phone's firmware, I enjoy having a custom firmware. In this case, I found some version of TWRP, but it looks unfinshed and unmaintained, so no custom bootloader at this point...

2. Finding if any roms are available for exact phone model
A quick search on XDA brought me to LiR Project Rom - which is derived from LineageOS - which is the "new" name for Cyanogenmod.
This pointed me to Download LiR - which brought up the following question: wtf is bvZ boZ bgZ avZ, - which I found the anwer for on eremitein's github - and chose to go with lir-v313+211012-arm64-bvZ.img.
I discovered, the treble/GSI framework, and although my phone wasn't compatible on stock rom, once flashed it was using the framework \o/.
This was kind of a no brainer and a hard decision: an a/b android phone without Google.
It is a no brainer, because I want to take some distance from that company.
It is a hard decision, because it means no maps, no playstore, no gmail, no drive, no docs, ... + the need to sync my contacts, calendar, ...
Once the bootloader was unlocked (168 hours later), I followed this tutorial on XDA to flash the phone.
In this process, step 8 would constantly fail, meaning, the phone would reboot in fastbootd (the orange one) - but the computer wouldn't detect it in that state (while it would detect it in adb or fastboot (the blue one) mode.
I tried the 5 different USBC cables, installing the 4 different versions of xiaomi suite that they propose on their page... And ended up thinking I might've been looking at the culprit this whole time...
Went in some random dark hidden menus from Fragile OS - to find out that Microsoft purposedly ommited a series of driver updates, namely a few adb thingies... applied, rebooted, and it worked.
As I didn't feel the need for root, I didn't apply that magisk (yet)

Adaptating

So the flash worked like a charm, and the phone booted perfectly on the first try!
As it was now free from any google/mi applications, I decided to keep it that way - and keep it as a "clean" phone.
Installed Aptoide and f-droid to get some apk (for some I rather get them directly from dev)

I am really happy to have a clean phone - but at the same time, I am not 100% sure it is...
I literally installed a whole system put together by a third party - I am not sure I can trust this phone more than I could before...
Sure, Facebook, Google, Xiaomi, ... are all out of my phone now, but there remains the doubt that some evil hackergroup could have an access.
To mitigate this risk, I decided to keep using this phone minmally, and not login to the "usual" services (no amazon, no ebay, no crypto, ... on this phone)
Hence the only sensitive information on this phone is my 2FA app and private mail - but the phone never logs into those 2FA secured services, the sim is not the my usual 2FA recovery number, it has no access to recovery email adresses, no passwords ever used or stored, ....
Those are done on another phone - which of course has no access to the 2FA app not my private email - and this is one of the reasons I hesitate to sync things between my phones: at this point nothing links them together (except me).

Conclusion

While I really hated the software that came preinstalled on this phone, being able to flash a vanilla android turned it into a lovely device! - yet I don't trust it more than I trust any other phone
What started as a simple purchase to map plants in my garden ended up in a flashing crusade aiming at raising my security and privacy a little bit.
This approach brought me a lot more fun and knowledge than if I had simply purchased a dedicated GPS device.
Three weeks have passed since I started writing this post, real life kept me too busy and I still didn't really try to get contacts or calendar, relying on secondary phones for that so far.


view_list Categories