Without the user-activation of any services, the forwarding of such private details to the company servers is worrisome. Now, Xiaomi Global VP Hugo Barra has come forward to explain the reasoning behind these actions.
Barra noted that the culprit behind the forwarding of these details is the company’s Cloud Messaging service, which is activated by default on all Mi phones (at least until now). He added that the company is pushing an immediate security update (already live) to Xiaomi phones, which will make the service opt-in and it will no longer be automatically activated.
Here are some excerpts from Barra’s Google+ post, full post can be found at Google+.
Q: How does this relate to the privacy concerns raised about Xiaomi over the last 48 hours? What’s your response?
A: A recent article in Taiwan and a related report by F-Secure raised privacy concerns by stating that Xiaomi devices are sending phone numbers to Xiaomi’s servers. These concerns refer to the MIUI Cloud Messaging service described above. As we believe it is our top priority to protect user data and privacy, we have decided to make MIUI Cloud Messaging an opt-in service and no longer automatically activate users. We have scheduled an OTA system update for today (Aug 10th) to implement this change. After the upgrade, new users or users who factory reset their devices can enable the service by visiting “Settings > Mi Cloud > Cloud Messaging” from their home screen or “Settings > Cloud Messaging” inside the Messaging app — these are also the places where users can turn off Cloud Messaging.
We apologize for any concern caused to our users and Mi fans. We would also like to thank the media and users who have been sending us feedback and suggestions, allowing us to improve and provide better Internet services.
One reply on “Xiaomi responds to F-Secure’s privacy concerns about Mi phones”
I think our security agencies should have a look into this issue to see how it can affect us in India