The Indian Air Force (IAF) notification about Xiaomi phones posing a security threat comes at a very inconvenient time for the company. It is just establishing itself as a big name in the Indian mobile market and has enjoyed considerable success with its Redmi 1S and Mi 3 launches. There’s a scent of optimism in the air for businesses wishing to invest in the country owing to the faith in the new government.
Companies like Google, Samsung, Facebook, Microsoft and others are lining up to show support for Prime Minister Narendra Modi’s ‘Digital India’ and ‘Make in India’ campaigns. So what would you do if you were Xiaomi and forced to think of a way to make the spying accusations go away quickly? How about speaking to the IAF directly and clearing up whatever misunderstanding is bringing bad publicity to your brand name?
Xiaomi’s head of India operations, Manu Kumar Jain, hasn’t yet met with the top brass in the IAF in order to explain away the allegations of sending personal data to the Chinese government via the company’s smartphones. But he has spoken to The Indian Express to assure everyone that the warning issued against using these devices is unfounded since it is based on an old F-Secure post and unspecified Indian Computer Emergency Response Team (CERT-In) information.
As we explained in our older story, the F-Secure test which proved the manufacturer was transporting users’ private data to Beijing-based servers was followed by Hugo Barra announcing an OTA update. It started rolling out to Xiaomi phones on August 10 and was meant to ensure that the MIUI Cloud Messaging service would become an opt-in feature. Owners’ SIM and device identifiers such as phone number, IMSI and IMEI would be beamed to China only if they turned on the free messaging option.
So why is Xiaomi moving user information out of China and onto Amazon AWS data centers if it’s completely innocent? After the IAF sent out the notification asking its personnel and their family members to avoid using devices from the company, Barra revealed the news about the ongoing data migration. Jain has emphasized that it is only being done in order to deliver better services and the process was started early this year. He also points to Dropbox and Google Drive as alternatives for suspicious owners.
But barring the F-Secure report and IAF warning, there was also a story about content in media storage on a Xiaomi Redmi Note being sent to a server in Beijing. The IP address to which it connected in spite of Mi Cloud backup apparently being turned off, is speculated to belong to one of the Chinese government’s ministries. Care to tell us more about that and the convenient timing for announcing data migration?