In the near future, Xiaomi, Redmi and Poco smartphones and tablets will begin receiving HyperOS and HyperOS 2 updates with the Android security patch for March 2025, and today it became known what this “patch” will include.
The comprehensive update fixes a number of critical vulnerabilities, while continuing to improve privacy features that Xiaomi is working hard to improve across its large range of devices.
Table of contents
Major security improvements
The March 2025 security patch includes numerous significant improvements that will benefit users of Xiaomi, Redmi, and Poco devices after it is implemented in fresh HyperOS builds. These patches are primarily aimed at protecting user data and system integrity.
1. File system security improvements
Among the most important changes is limited access to the most important Android directories.:
- Android/data
- Android/obb
- Android/sandbox
This patch replaces the old path pattern matching with more secure file equality checks to prevent potential directory crawling attacks that leak user data.
2. Cross-account verification fixes
The patch fixes vulnerabilities in verifying user badges between StatusHint and TelecomServiceImpl accounts. This fixes a problem with URIs of certain templates that were not analyzed correctly, which could lead to unauthorized access between user accounts.
3. Bluetooth security improvements
Several important fixes address memory vulnerabilities in the Bluetooth stack:
- Preventing post-release usage in HID reports
- Using encrypted links for AVDTP and AVCTP channels
- Solutions for memory-insecure logging in all Bluetooth modules
4. Protection of the download provider
The April Android security patch provides ownership verification in the upload provider’s insert method. Applications could read any file in Downloads by calling this method without prior verification, but the March patch now includes verification to ensure that no record exists in MediaProvider without proper verification of ownership.
What does this mean for Xiaomi users
Xiaomi’s commitment to security is confirmed by the continued implementation of Google security patches in HyperOS updates. These important updates are expected to be released in the coming weeks on the relevant devices, ensuring a high standard of security.
The development team is working hard to adapt Android security patches to the proprietary HyperOS architecture to ensure protection and performance for a wide range of devices.
When to expect updates
Although Xiaomi has not yet announced the exact release date of these Android security updates for its devices, but based on previous update patterns, users can expect to receive notifications within 2-3 weeks after Google’s initial release.
Don’t forget to set your device’s settings to automatically check for updates so that you can receive critical security updates as soon as they become available.
P.S. For up-to-date news on the Xiaomi HyperOS proprietary system, as well as detailed instructions and recommendations for configuring it, see this section.
