In your case it seems the Xiaomi does not detect the presence of a captive portal automatically. When you open the browser instead, you most likely have a default start page like configured that is using HTTPS like https://www.google.com.
The HSTS error the way of the browser informing you that you are trying to open a page called "www.google.com" but instead you receive a response from a webserver (your captive portal kicking in) that has a server certificate issued to a different name.
Depending on the type of mobile device, there different ways for the device to detect the presence of a captive portal. Most OS perform a HTTP check to avoid the HSTS problem, that should trigger the captive portal redirect.
Unfortunately I have seen many cases where certain Android-based devices (often from more cost-effective vendors) do not properly detect the presence of a captive portal. Most of the times you can only try a software update or fall back to browsing to a HTTP site. Normally, Chrome and Firefox mobile browsers work well in that regard to automatically detect and trigger the captive-portal. I.e. Firefox uses an HTTP connection to http://detectportal.firefox.com/