eScan, a software security company, has reported on a number of vulnerabilities in Xiaomi's MIUI. The two principal ones allow the uninstallation of security apps and the transferring of phone data without prompting for the user password. Xiaomi disputes the findings of the report, claiming that using a PIN, password, pattern, or fingerprint will avoid these problems.
https://www.notebookcheck.net/MIUI-security-flaws-allow-uninstallation-of-security-apps-and-easy-copying-of-data.241096.0.html