Chinese smartphone maker Xiaomi which took the market by storm with its low priced Mi3 and Redmi 1s smartphones is again under the microscope. The Indian Air Force, in an alert issued to IAF personnel and their family members, claimed that Xiaomi made smartphones and tablets are sending private user data to remote servers located in China.
Earlier Xiaomi was under fire since there were multiple security concerns with its Mi Cloud messaging services. Xiaomi then made the Mi Cloud an optional service in the aftermath of security allegations.
“F-secure, a leading security solution company, recently carried out a test of Xiaomi Redmi 1s, the company’s budget smartphone, and found that the phone was forwarding carrier name, phone number, IMEI (the device identifier) plus numbers from address book and text messages back to Beijing,” the IAF note says.
A few months back, the army also sighted a similar security risk and issued a statement
“every Internet company and telecom operator in China, both foreign and domestic, is held legally liable for all content shared through their platforms.”
Currently Xiaomi is looking into the matter since India is a major market. We will keep you posted on any further development.
Image credits: Livefist
Response from Xiaomi
I read your article about the Indian Air Force circular to their personnel advising them not to use devices manufactured by Xiaomi. I would really like to clarify a few key points.
1. Xiaomi does not collect any information without user permission
We offer various Internet based services such as Mi Cloud and Cloud Messaging which require data to be stored in the cloud. We take rigorous precautions to ensure that all data is secured when uploaded to Xiaomi servers and is not stored beyond the time required. Users will always be notified beforehand in situations when we require your personal information, and will have to approve the request.
Mi Cloud and Cloud Messaging are opt-in services which users can turn on and off at any time, giving users complete control. Please see attached screenshots as examples.
2. The concerns raised by F-Secure have been fully addressed
We believe the advisory circular issued by IAF is based on events about 2 months back. It refers to the F-Secure test done on the Redmi 1S in July 2014 about the activation of our Cloud Messaging service (which enables users to send text messages for free). We immediately addressed the concerns raised, which was directly acknowledged by F-Secure 4 days later.
Please refer to this post by F-Secure confirming their concerns were addressed:
F-Secure
To understand this episode in more detail, you can read the following post:
Link
3. We are currently moving our Indian users' data to servers outside of China
Since early 2014, we have been migrating our services and corresponding data for Indian users from our Beijing data centers to Amazon AWS data centers in Singapore and USA. This migration will be fully completed by the end of the year.
This helps improve the performance of our services and also provide some peace of mind for users in India in ensuring that we treat their data with the utmost care and will always maintain the highest privacy standards.
Here's a post I wrote last night about this:
Link
Hugo"