A PR rep of the Indian Air Force (IAF) who we got in touch with only today, has revealed that the Xiaomi advisory everyone’s talking about is a few months old. What’s more, it was never meant to be released to the public and was simply sent around as an internal memo amongst IAF personnel as a cautionary note.
In other words, all the hullabaloo about Xiaomi posing a security threat because it ‘sends’ user data to Chinese servers should have been happening months ago. The IAF representative to whom we spoke insisted that the circular was issued to its employees back in August 2014, which makes the warning about three months old.
It was never meant to be made public, in the first place. The IAF member noted that sensitive information is never carried around by its employees in something as open to hacking as a smartphone not deemed secure anyway. On top of that, he also emphasized on the Xiaomi alert having been rolled out on the back of old reports from various outside sources.
True to what IAF notified its members about, Xiaomi does have its servers in China and users who back up their information with the Mi Cloud service are allowing it to be stored in these data centers. But it’s an optional facility, unlike MIUI Cloud Messaging for sending texts to your friends for free. That was automatically activated through IP communication protocol with the company’s servers.
After reports broke out about the SMS service transferring phone numbers and related information to China, a software update was released in August in order to make MIUI Cloud Messaging an opt-in feature. SIM and device identifiers such as phone number, IMSI and IMEI details would not be routed through servers in Beijing unless Xiaomi phone owners wanted to use the free messaging option.
So it appears that the hype about IAF putting forth an alert about Xiaomi phones being a security threat, was based on little more than a juicy bit of gossip which leaked a few months too late.