Xiaomi Apologises For Unauthorised Personal Data Transmission

Xiaomi says the data transfer was necessary for its cloud messaging service but issues a fix that prevents it from happening

Chinese smartphone manufacturer Xiaomi has apologised for what it describes as a “loophole” in its cloud messaging service that sends a phone, SIM and contact information to a server in China without user consent.

Security firm F-Secure tested a Xiaomi RedMi 1S smartphone fresh out of the box and without any account setup or cloud service connection. A SIM card was inserted into the device, which was then connected to a Wi-Fi network and GPS functions were allowed.

Researchers added a new contact to the phone book, sent and received an SMS and MMS message and made and received a phone call. They detected that the phone sent operator information, the device’s IMEI number and phone number to a server known as ‘api.account.xiaomi.com’, along with the phone number entered into the phone book and the content of the SMS message sent.

Xiaomi data transfer

The researchers then logged into the ‘Mi Cloud’ service and repeated the same steps, witnessing that this time, the ISMI details that identify the SIM card were also sent to the same server.

Xiaomi vice president Hugo BarraXiaomi © F-Secure says this behaviour was triggered by the MIUI cloud messaging service which attempts to deliver texts over a mobile data connection to save money. MIUI is switched on by default and the reason for the data transfer was so an SMS could be sent if the intended recipient was offline.

In a Google+ post, the former vice president for product management for Android at Google, says an over-the-air update has been issued to affected smartphones and promises the messaging service will no longer be enabled by default.

“As we believe it is our top priority to protect user data and privacy, we have decided to make MIUI Cloud Messaging an opt-in service and no longer automatically activate users,” he says. “We apologize for any concern caused to our users and Mi fans.”

Xiaomi will hope that the revelation does not damage its reputation abroad given it currently enjoying great success in its homeland. The company currently commands 27 percent of the Chinese smartphone market, according to Kantar Worldpanel ComTech, ahead of Samsung on 21.1 percent.

What do you know about IT in China? Take our quiz!