Please stop modding system apps.
This is something specific to Xiaomi modding scene, and few other Chinese companies based- Phones.
As i'm going through forums in telegram modding scenes (which seem to be pretty active) and sometimes XDA forums, I land upon closed-source, system apps modifications that involve disabling APK signature verification and/or actual custom roms built with those modded system apps apk in the vendor partition.
and, i'd like to simply say that this is a very big security risk on your end as a user, as i noticed many just suggest such apps to be used -casually, and even if those apps don't have a malicious intent, disabling apk verification is a big security in itself.
Since a system app typically does hold a trust-level from the system itself and it has a lot of permissions to many things on your device.
Just to give a simple example, that is based on an educated guess what these apps can do. supposing on an environment that is built with those modded system apps. is basically lets take app "Contacts" which is modded to give you pretty themes and enhanced shortcuts to your friends and family, now a typical app like that normally would have permissions of
Access to camera (for qr), Phone (to see your logs, numbers you dialed), contacts (duh), call history and nearby devices (to share your contact directly),
Now a suspicious app like that would be able to basically, just forward the same contacts to someone's server. with your phone number and all of your contacts phone numbers,
what use would a malicious actor have with that data? Simple, the simplest thing is sell them as a big package for a very cheap price which scammers use to scam people in your circle impersonating you. -OR- advertising companies would buy them (some shady ones at least), to make more targeted ads. and thats the least harmful example.
That's typically on the developer to prove that they can be trusted. that's through giving an open source documentation of what they changed, That's the bare minimum.
I'm saying this because there is a lot of data that can be obtained of the device you use daily, which carries a lot of sensitive information and it should be secure.
I didn't find a proper channel to say this at, as the telegram channels tend to be fairly chaotic, so i decided to say this here instead.