The app allows you to search for Xiaomi scooters lock & unlock the devices. This security concerned was put to the attention of Xiaomi and disclosed responsibly. Xiaomi responded it is publicly known and it is a third party.
PoC for iOS - https://github.com/chilik/Mi365Locker-iOS
Android library for BLE communication - https://github.com/Polidea/RxAndroidBle
Most of the BLE commands - https://github.com/maisi/M365-Power
- Add check whether the BLE device is scooter by catching BadCharacteristic exception
Add remote install firmware from that code instead of different app.
The app is intended to be used for education purposes only. Keep in mind not to risk your surroundings, add your scooter name or the mac address to whitelist.