China’s number one — and the world’s 3rd largest — smartphone manufacturer, Xiaomi, which is trying to make inroads into India’s booming mobile phone market, was found secretly sending users’ personal data, including IMEI numbers, phone numbers and text messages to the web servers back to Beijing in China.This issue raised higher concerns across many countries, proactively in India, Singapore and Taiwan.
The Indian Air Force (IAF) — among the largest in the world — warned its employees and their belongings that their private information was being shipped over to servers in China, and asked them to avoid using Xiaomi smartphones due to security risk.
The IAF’s instructions are based on a report published by Finland based IT security company F-Secure after running several test on the Xiaomi Redmi 1S smartphone.The company during testing inserted the SIM in to the phone, connected the phone to WiFi, enabled the GPS location service, added new contacts, made and received phone calls in order to check the response of the smartphone and its servers in Beijing.
After completing all the necessary procedure, F-Secure found out that on the startup, name of the server, phone number and IMEI of the phone was sent to the server api.account.xiaomi.com. The text messages, phone numbers and contact details were also forwarded to the server.0
Xiaomi devices provide ‘Mi Account’ to its customers through which users gain access to their Mi Cloud, Mi Talk, MIUI Forum, Mi Market and other Xiaomi services. These online Xiaomi Mi Accounts store users’ personal information including mobile numbers, email addresses and account credentials.Xiaomi website zero-day vulnerability and Taiwanese Researcher’ session at G0S Conference also raises concern about the security of the data of millions of users linked to their Xiaomi’s Mi Cloud accoun
“We take rigorous precautions to ensure that all data is secured when uploaded to Xiaomi servers and is not stored beyond the time required. Strict encryption algorithms are implemented to protect user privacy. As far as we know, our cloud service is 100% compliant with all legal regulations internationally, including India. We are willing to meet with the authorities to resolve any concerns that they might be having”,said the head of Xiaomi Manu Jain in India