Xiaomi Issues Update After Data Privacy Concerns

Written by

Chinese smartphone poster child Xiaomi has been forced to issue an over-the-air update to its iCloud like messaging service after privacy concerns were raised over the amount of device and user details being silently sent to and stored on the company’s servers.

Finnish security vendor F-Secure decided to check out the rumours by testing a budget RedMi 1S handset.

On starting up the device during a “fresh out of the box” test, the firm discovered that the telco name, IMEI and phone number were all sent to a server named api.account.xiaomi.com, as well as any phone numbers from address book contacts or users who had SMS’d the device.

“Next we connected to and logged into Mi Cloud, the iCloud-like service from Xiaomi,” wrote F-Secure.

“Then we repeated the same test steps as before. This time, the IMSI details were sent to api.account.xiaomi.com, as well as the IMEI and phone number.”

Having noted the privacy concerns, former Android man and now Xiaomi vice president of international operations, Hugo Barra, took to Google+ to explain that phone number, IMSI and IMEI are needed so that the Cloud Messaging service can route messages between two users.

He added that phonebook contact details are never stored on the firm’s servers and that encrypted message content is “not kept for longer than necessary to ensure immediate delivery to the receiver”.

“As we believe it is our top priority to protect user data and privacy, we have decided to make MIUI Cloud Messaging an opt-in service and no longer automatically activate users. We have scheduled an OTA system update for today (Aug 10th) to implement this change,” Barra added.

“After the upgrade, new users or users who factory reset their devices can enable the service by visiting ‘Settings > Mi Cloud > Cloud Messaging’ from their home screen or ‘Settings > Cloud Messaging’ inside the Messaging app — these are also the places where users can turn off Cloud Messaging.”

Xiaomi stunned the technology world last week when market watcher Canalys revealed the fast growing start-up had beaten Samsung to number one spot in the Chinese smartphone market for Q2.

Given China is the world’s biggest smartphone market with a global share of 37%, that effort put Xiaomi in at number five in the world, with a 5% slice of the pie.

However, there have been signs of late that the firm is struggling to adapt to its new found position.

In Taiwan it was fined NT$ 600,000 ($20,000) for inflating RedMi sales figures, even though the difference was only 30 units.

Then in India, Barra was forced to apologize to customers after underestimating demand for the new Mi 3 handset.

What’s hot on Infosecurity Magazine?