We recently reported that Finnish security firm F-Secure had spotted that Xiaomi was sending user information, including phone and IMEI number to its servers in China, without authorisation. Well, Xiaomi has issued an explanation.
It seems like things are going seriously wrong with Xiaomi. This is because, as per the recent explanation given by Hugo Barra, Xiaomi’s cloud messaging service is automatically set to “ON’ mode. This is the reason why F-Secure detected suspicious activities.
Xiaomi’s cloud messaging service, similar to what Apple offers (like all other things) helps determine whether it can route your text messages over the Internet for free or not. Now, this is similar to Apple’s iMessage, the only difference being, Xiaomi has got it turned “ON” by default.
This very statement itself explains why tests where showing user info being sent to Chinese servers, without even registering for the MiCloud service. But, the larger point is, this information was not encrypted. This is information, which Xiaomi syncs, is as open as anything else, and could be easily accessed by a hacker en route.
Well, the privacy allegations may cool down a bit, but the fact that user data is in unencrypted form, this is going to be a major topic of discussion in Xiaomi’s upcoming board meetings. This has not only dented company’s image, it has also hampered its global expansion pursuits.
Xiaomi’s Vice President and ex-Googler, Hugo Barra has explained the entire confusion in a long and lengthy Google+ Post. Take a look :