Oversecured, a company that scans mobile apps for security issues, says it has identified more than two dozen vulnerabilities in recent years affecting Android apps from smartphone maker Xiaomi and Google's Android Open Source Project (AOSP).

We learn that twenty of the vulnerabilities were reported a year ago to Xiaomi. A Xiaomi spokesperson told The Register that it had closed the bugs: "Protecting our users' data security and privacy is a top priority. Xiaomi has addressed all vulnerabilities reported by the Oversecured team and has ensured that no user is exposed to the risks these pose. Users are always advised to update their devices to the latest version of software that offers security updates."

Six vulnerabilities associated with Google's AOSP code – including two affecting its Pixel devices – are said to have already been patched by Chocolate Factory.

"Our team discovered 20 dangerous vulnerabilities in various applications and system components that pose a threat to all Xiaomi users," Oversecured explained in a report provided to The Register.