IAF asks personnel not to use Xiaomi phones: Everything you need to know - Financial Express

Debashis Sarkar | New Delhi | Updated: Oct 25 2014, 09:22 IST

Oct 25 2014, 09:22 IST

Chinese smartphone manufacturer Xiaomi made its entry in the Indian smartphone market with its Mi 3 smartphone in July.Chinese smartphone manufacturer Xiaomi made its entry in the Indian smartphone market with its Mi 3 smartphone in July.

SummaryThere might not be a new security scare with Xiaomi phones, but the Chinese company is moving its servers out of Beijing

Chinese smartphone manufacturer Xiaomi made its entry in the Indian smartphone market with its Mi 3 smartphone in July. The company made headlines after the Mi 3 handset sold like hot cakes on Flipkart. After just six weeks of massive sales in the country, Xiaomi discontinued the Mi 3 temporarily to give mileage to the much cheaper RedMi 1S smartphone, which arrived in September.

What is the data snooping concern regarding Xiaomi phones?

Before the launch of Redmi 1S, software security company F-Secure published a report http://ift.tt/1kJGbLc in August stating that the Xiaomi RedMi 1S �sent the telco name to the server api.account.xiaomi.com. It also sent IMEI and phone number to the same server. The phone number of the contacts added to the phone book and also from SMS messages received was also forwarded.�

Commenting on the Mi Cloud service, the report stated, �the IMSI details were sent to api.account.xiaomi.com, as well as the IMEI and phone number.�

F-Secure published another report http://ift.tt/1l5r7Yu in a week, saying that Xiaomi had addressed the privacy concerns related to �MIUI Cloud Messaging Platform� by releasing an OTA update which made the messaging service �an opt-in feature, rather than a default one.�

The report confirmed that after the OTA update, the security experts �did not see any data being sent out from the phone.� Also, it stated that on logging into Mi Cloud, �base-64 encoded traffic being sent to https://api.account.xiaomi.com.�

The updated report concluded by stating that Mi Cloud data was �now sent over HTTPS rather than HTTP, as seen in our previous testing.�

Is there still an issue?

Su Gim Goh, Security Advisor, APAC, F-Secure during his visit to New Delhi on September 1, the same day when Xiaomi RedMi 1S went for sale for the first time for Flipkart First subscribers, confirmed in an exclusive interaction with IndianExpress.com {link this } that Xiaomi has rectified the privacy issues raised by it. �The entire privacy issue was related to Xiaomi's cloud messaging service. Previously, the cloud service got activated by default without asking for the user's permission. So, related personal data were sent from the phone to Xiaomi's servers in China. After we alerted about this privacy concern, Xiaomi has made the cloud service as an opt-in feature and not by default, said Goh.

As with every cloud service, data is obviously sent to servers located outside the country with the user's permission. Goh further confirmed that the even if users

More from Tech

Top 10 deals on smartphones launched in 2014Eying festive season sale, most smartphone brands are offering decent discounts on their handsets.
Xiaomi shifts some smartphone user data out of Beijing on privacy concerns'Anti-Facebook' social network gets fresh funding

Editor´s Pick

Copyright © The Indian Express ltd. All Rights Reserved.



IFTTT

Put the internet to work for you.

Turn off or edit this Recipe

Labels:

Post a Comment

Subscribe to: Post Comments (Atom)
.