The app and these three antivirus products each come with different coding libraries (SDKs - software development kits) that they use to power various functions.
Check Point said that the interactions between two of these SDKs --the Avast SDK and the AVL SDK-- exposed a way to execute code on Xiaomi devices.
https://www.zdnet.com/article/vulnerabi ... urity-app/