The Indian Air Force (IAF) has indirectly accused Xiaomi of spying and asked its personnel and their family members to stop using phones from the Chinese brand. This is not the first time such allegations are being leveled against the company which has now pledged to move user data to Amazon AWS data centers situated in California and Singapore for starters.
You’re probably wondering what exactly Xiaomi has done to invite such criticism and whether it’s a plot by rival mobile vendors. So let’s take a look at all the privacy scandals which have rocked the Chinese brand since it started becoming a threat to competitors in the market. That’s right, Counterpoint Research named the Hongmi Red Rice and Mi 3 in the list of top 10 smartphones, in a February 2014 report.
Samsung and Apple were the only other companies on the aforesaid list. Back in July, a story broke out about a Redmi Note user Kenny Li, noticing that his device was transferring his data to a server in China when it connected to Wi-Fi. On 3G, this activity manifested as a handshake, or low data transmission. Now Xiaomi does have a Mi Cloud service which backs content on its handsets, but it was apparently turned off when the observation was made.
Also see: Xiaomi transfers some phone user data out of Beijing on privacy concerns
The Redmi Note appeared to be beaming Li’s photos from Media Storage to the Chinese server. He noted that text messages were being routed using similar means. A report originating from Taiwan and security solutions company F-Secure, both felt Xiaomi handsets were sending phone numbers to data centers in its home country. A post on Hugo Barra’s (Global VP of Xiaomi) Google Plus page revealed that the MIUI Cloud Messaging service is automatically activated through IP communication protocol with the company’s servers.
This is done in order to offer free text services to users. It requires SIM and device identifiers such as the phone number, IMSI and IMEI for carrying out the task. But as of August 2014, an OTA update is stated to have altered it to become an opt-in service. Barra also insisted that such information in not stored for longer than absolutely necessary. What about the owner of the IP address to which Li’s Xiaomi handset made a connection? A Phone Arena reader had something interesting to say about this.
The Chinese government is supposedly behind the company listed as the owner of the IP address. Based in Beijing, CNNIC is the administrative agency responsible for Internet affairs which is under the Ministry of Information Industry of the People’s Republic of China. But it’s not only Xiaomi that’s facing such accusations. Ars Technica points to a WSJ story about US and South Korean officials signing a pact to route government communications over networks not supported by equipment from Huawei.
So is the IAF and the Indian government going to consider banning its personnel from using all Chinese products and not just Xiaomi phones? It may be a very tough decision to implement if it ever comes to that.