Don’t Use Xiaomi Phones, Warns India Air Force [Updated]

[Updated: Please see the update from Hugo Barra at the end of the post]

Labeled as a ‘Medium Severity Rating’, which is considered quite a threat to national security, Indian Air Force (IAF) has released a fresh warning against using Xiaomi mobile phones. This warning was presented via a note released by IAF, and is meant for Air Force personals and their family members.

The note quotes a security article shared by F-Secure wherein it was found that their mobile phones is automatically “forwarding carrier name, phone number, IMEI (the device identifier) plus numbers from address book and text messages back to Beijing”.

Further in the note released by IAF, the case of Hong Kong user has been cited in which the user had shown how data from Xiaomi mobiles transfers personal data to an IP based in China.

The note concludes by warning as Air Force personals and family members against using Xiaomi mobiles considering the threat to national security.

It seems that security woes of Xiaomi mobiles is far from over.

This July, Doctorate General of Military Operations of the Indian Army had issued a similar warning against Xiaomi, when they said that every Internet and Telecom company in China is liable to share user’s data with their government and hence using their mobile phones is risky.

Especially mentioned in that warning were family members of those who are in Defense research as once the data is sent to the Chinese Government, they can do some serious experiments, the details of which need not be explained to gauge the implications.

Although Xiaomi later clarified and explained their stand on the matter, and ensured that no such unauthorized data transfer is taking place. They also shared method to stop auto-synchronization of data and provided complete explanation of the process, which actually happens with almost all manufacturers of phones.

As per Tech Crunch, a leading publication on tech industry, Xiaomi is even considering shifting their data servers out of China, to assure those who are afraid of strict Chinese policies related with user’s information. Not only it will save them bandwidth and improve data access, this move will also assist in gaining confidence among skeptical users.

Although the latest warning issued by IAF against Xiaomi doesn’t contain any new research or investigation which suggests that data is actually provided to Chinese Government, but it’s a warning none-the-less, that too from a leading National defense organization.

Xiaomi hasn’t responded this fresh salvo against them. We will keep you updated on this news.

[Update]

After Indian Air Force Issued a warning, Xiaomi’s Hugo Barra has said in a Google+ post that they are moving their data out of China and moving to new servers. Here is the complete unedited post by him.

We’re moving your data!

User experience is hugely important to us. As a global Internet company, we really care about speed and we’re also fully committed to storing our users’ data securely at all times.

In early 2014, we kicked off a massive internal effort to expand our server infrastructure globally in order to better serve Mi fans everywhere.

Our primary goal in moving to a multi-site server architecture was to improve the performance of our services for Mi fans around the world, cut down latency and reduce failure rates.  At the same time, it also better equips us to maintain high privacy standards and comply with local data protection regulations. This is a very high priority for Xiaomi as we expand into new markets over the next few years.

This server and data migration process is taking place in three phases.

Phase 1: E-commerce migration

Earlier this year, our e-commerce engineering teams started migrating our global e-commerce platforms and user data for all international users from our Beijing data centers to Amazon AWS data centers in California (USA) and Singapore.  We also began using Akamai’s global CDN infrastructure to speed up static page loads.

This migration process will be completed by the end of October and will benefit users in all of our international markets — Hong Kong, India, Indonesia, Malaysia, Philippines, Singapore, and Taiwan.  Users are already experiencing website speed boosts of at least 30% in markets such as Singapore, Hong Kong, Taiwan and as much as 200% in India.

Phase 2: MIUI services migration

We have also recently started migrating our MIUI services and corresponding data for all international users from our Beijing data centers to Amazon AWS data centers in Oregon (USA) and Singapore. This migration includes Mi Account, Cloud Messaging and Mi Cloud services.  We are expecting to complete this migration by the end of 2014, with some parts being completed even sooner (e.g. Mi Account servers by the end of October).

With this migration, we are expecting to cut network request latency for users in India by up to 350ms, and users in Malaysia to experience 2-3x faster Mi Cloud photosync.

Phase 3: Going local

In 2015, we are planning to take on a new challenge to further improve the performance of our services for users in large and fast-growing markets such as India and Brazil.

In these markets, where Amazon AWS services aren’t yet available, we will be working with local data center providers to set up our service infrastructure.  Once that has been completed, users in these markets will be much closer to their data and enjoy even faster speeds by connecting to local servers.

We will continue to keep everyone posted!

Hugo
(on behalf of the Xiaomi infrastructure teams)