While Xiaomi MI phones have been selling like hotcakes in India, the company has been having rough time over past couple of weeks due to reports that Xiaomi phones are secretly sending personal data to Chinese Government. Xiaomi had issued a clarification over the reports that user privacy is extremely important to them and their phones in no way send any personal data to Chinese Government.
However, a recent report by security services provider F-Secure pointed out that Xiaomi’s Flagship phones appear to share a range of information with a server in China — including the device’s IMEI number, customer’s phone number, phone contacts and text messages received. They even shared a screenshot of the same in their post.
While the first report did not come out to be true, the F-Secure update clearly pointed to unauthorized user data access.
Xiaomi’s Global VP, Hugo Barra has now apologized, which points to the fact that their cloud messaging service was indeed sending data to their servers in China. In a Google+ update, Hugo Barra has mentioned,
These concerns refer to the MIUI Cloud Messaging service described above. As we believe it is our top priority to protect user data and privacy, we have decided to make MIUI Cloud Messaging an opt-in service and no longer automatically activate users. We have scheduled an OTA system update for today (Aug 10th) to implement this change. After the upgrade, new users or users who factory reset their devices can enable the service by visiting “Settings > Mi Cloud > Cloud Messaging” from their home screen or “Settings > Cloud Messaging” inside the Messaging app — these are also the places where users can turn off Cloud Messaging.
We apologize for any concern caused to our users and Mi fans. We would also like to thank the media and users who have been sending us feedback and suggestions, allowing us to improve and provide better Internet services.
It is commendable that Xiaomi was swift in taking action and release an update to make cloud messaging optional. Hugo Barra also explained they need details like phone number, IMSI and IMEI to provide users with free text messaging capability. MIUI Cloud Messaging uses SIM and device identifiers for routing messages between two users, in the same way as some of the most popular messaging services.
Even though Xiaomi had a valid explanation for it, the fact remains that Xiaomi phones were sending personal data without users’ permission. This also points to the fact that if you are using any free text messaging apps, same personal details are shared with the service provider.
One thing is clear – Mobile users need to be very careful while installing any apps on their phones. They need to make sure that they are ok with the permissions they are providing to the mobile app. There is a reason why “Mobile App permissions” are the biggest reason for Malware on Android phones.
[…] and ensured that no such unauthorized data transfer is taking place. They also shared method to stop auto-synchronization of data and provided complete explanation of the process, which actually happens with almost all […]
This was what I was trying to post on the Facebook Page, Here’s the post which I tried to cover the point but still some people were thinking that my point of view was wrong!
http://www.droidmen.com/android-news/xiaomi-sends-data-chinese-servers-confirmed-news.html