CATEGORIES
home News

After Security Experts Discover Xiaomi Smartphones Send User Data to Beijing HQ, Company Issues Patch And Apologizes

by Rob WilliamsMonday, August 11, 2014, 09:00 AM EDT

A couple of weeks ago, reports hit the Web claiming that Chinese phone maker Xiaomi was sending user info back to home base. At the time, the company's head of global expansion, ex-Googler Hugo Barra, claimed that no such thing was going on. But late last week, Finnish security firm F-Secure posted proof to the Web that certain information was in fact being sent back to Xiaomi's servers. As a very reputable security company, F-Secure's information really struck a chord with many.

In F-Secure's experiments, it was discovered that a device's phone number, IMEI number (similar to a serial code), and phone numbers from contacts saved to the device were sent to Xiaomi's servers. To conduct this experiment, a brand-new Xiaomi RedMi 1S was turned on and used as a normal phone would be - a phone call was received, and an SMS was sent and received.

Prior to F-Secure's discoveries, Xiaomi's Hugo Barra posted this to his Google+ page: "Xiaomi is serious about user privacy and takes all possible steps to ensure our Internet services adhere to our privacy policy. We do not upload any personal information and data without the permission of users." This is all in direct contrast to F-Secure's findings.

A couple of days after F-Secure's findings were published, Hugo Barra once again came forth with some insight - this time subtly backtracking on some earlier comments. As it turns out, the information that was sent to Xiaomi's servers was the direct result of the company's cloud service being enabled by default on its devices. Barra emphasized the fact that no data is actually "stored" on Xiaomi's servers, and as a result of this entire brouhaha, the company would soon be taking steps to correct things.

Over the weekend, the company did just that, releasing an update that causes its phones to disable its cloud service by default. From an outright dismissal of data being sent to its home servers to an admission that it was its cloud service doing it - all in the span of a couple of days. Somewhat interestingly, most of this transpired mere days after I praised the company for its amazingly rapid growth, that it was "shaping up to become China's Apple".

The good news in all of this is that a patch is out, though there are still questions lingering. We can understand that a cloud service might send somewhat sensitive information back to the cloud provider's servers, but why exactly does that involve a phone number and an IMEI? Does Dropbox require such a thing? Apple's iCloud? Google's Drive? Microsoft's OneDrive? No - of course not. It seems like there's more to this story that needs to be revealed. At least we're on the right track to figuring that out.

Tags:  Mobile, smartphone, security, Privacy, Xiaomi
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment