Xiaomi accused of stealing private user-info, Chinese phone maker goes on denial mode

Redmi Note spy

Not being a new occurrence, Chinese tech companies have been under fire for stealing confidential information from users. A smartphone which was a clone of another clone phone was recently found preloaded with a Trojan that broadcasts users’ messages to international numbers.

Redmi Note spy
Now the allegations have come down to Xiaomi, a popular and reputable Chinese brand. A Hong Kong mobile tech specialist Kenny Li had said that he found out that Xiaomi’s Redmi Note smartphone connect to a certain IP address in China and wires personal data to the server.

Xiaomi spying user dataAnother report from Taiwanese OCWorkbench website says that Xiaomi hard-coded some stuff in the Redmi Note that steals users’ photos and text messages and stores in the “MiCloud” without asking for the user’s permission. The code does work even after the smartphone is rooted and flashed with another ROM.

This could be seen as an automatic backup, OCWorkbench wrote, but Xiaomi could have  properly put in place some sort of user-authorization for the service.

No, we are not stealing your privacy

Hugo Barra explains
Xiaomi has replied to the reports via Hugo Barra, he former Android VP of Google.

Here is the Q&A

Q: Online articles recently referred to some privacy issues with the Redmi Note, claiming that photos and text messages are sent to China secretly. Are they true?

A: An article severely misinterpreted a discussion thread asking about the Redmi Note’s communication with a server in China. The article also neglected to refer to a Chinese version of this Q&A already posted on the Xiaomi Hong Kong Facebook page (https://www.facebook.com/Xiaomihongkong/posts/799059896795602). MIUI does not secretly upload photos and text messages.

MIUI requests public data from Xiaomi servers from time to time. These include data such as preset greeting messages (thousands of jokes, holiday greetings and poems) in the Messaging app and MIUI OTA update notifications, i.e. all non-personal data that does not infringe on user privacy.

Q: Does Xiaomi upload any personal data without my knowledge?

A: No. Xiaomi offers a service called Mi Cloud that enables users to back up and manage personal information in the cloud, as well as sync to other devices.  This includes contacts, notes, text messages and photos. Mi Cloud is turned off by default.  Users must log in with their Mi accounts and manually turn on Mi Cloud.  They also have the option to only turn on backup for certain types of data. The use and storage of data in Mi Cloud fully respects the local laws of each country and region.  Strict encryption algorithms are implemented to protect user privacy.

Q: Can I turn Mi Cloud off?

A: Yes. Just go to Settings > Mi Cloud to turn it off. If you would like to use a cloud back up service from another provider, there are options from Google, Dropbox and many others.

Q: Why should I believe you?

A: Xiaomi is serious about user privacy and takes all possible steps to ensure our Internet services adhere to our privacy policy. We do not upload any personal information and data without the permission of users. In a globalized economy, Chinese manufacturers’ handsets are selling well internationally, and many international brands are similarly successful in China – any unlawful activity would be greatly detrimental to a company’s global expansion efforts.

So that means that Xiaomi is actually taking up your data, but then it doesn’t access the information collected. Now that Hugo Barra has cleared everyone, can I get a cup of coffee please? 😛

Be the first to comment

Leave a Reply

Your email address will not be published.