Trust throughout hardware, software, and devices operated by whole countries has always been an issue. Chinese telecoms have criticized the United States for spying on mobile devices and ban them from their workplace, as well as the United States has found China or other countries spying on throughout devices and as well ban them throughout the workplace. While this is complexity legitimate and a great thing to do, a new Chinese based phone provider has been caught sending sensitive user credentials over the air to a server based in their home country.
Latest claims go against Chinese smartphone brand, Xiaomi, which has been “secretly” stealing user information which includes SMS text messages and photos without user permission. From there, the phone will communicate with a server in Beijing, and send the obtained data back to the server, regardless if backup functions are turned on or off, according to Apple Insider.
Researchers at F-Secure antivirus firm have shown that the Xiaomi phones (RedMi 1S model) send an abundance of personal data to “api.account.xiaomi.com” which is located in China. The following is sent to the listed domain:
- IMEI Number of your phone
- IMSI Number (through MI Cloud)
- Your contacts and their details
- Text Messages
Xiaomi, the Chinese-based smartphone provider just recently marked a successful entry into the Indian smartphone market just this August. They noted the Redmi Note was an affordable handset with nearly all features that a smartphone generally provides.
Kenny Li, from IMA Mobile forum, recently noticed odd interactions within the Xiaomi Redmi Note smartphone. Li discovered that the device continued to make connections with IP addresses homed in Beijing China, the device continually tried to establish a connection even after turning off MiCloud services, a feature similar to Apple iCloud.
Li found that the transmissions only occurred via WiFi, but the device continually makes small “handshakes” via mobile data to stay in contact. Li even went as far as to wipe Android off the phone and re-install it completely, but found the problem to persist.
China is notorious for accusing companies such as Apple, Facebook, Google, Microsoft and a number of others for spying on other countries, but what is China doing…? Mimicking the actions of the accused companies.
Xiaomi, known as the Apple of China, responded to the recent allegations with complete denial to all spying allegations made by researchers.
“MIUI does not secretly upload photos and text messages. MIUI requests public data from Xiaomi servers from time to time. These include data such as preset greeting messages (thousands of jokes, holiday greetings and poems) in the Messaging app and MIUI OTA update notifications, i.e. all non-personal data that does not infringe on user privacy,” Hugo Barra from Xiaomi writes in a blog post.
Xiaomi’s MiCloud feature has the ability to backup and manage the device users personal information into the Xiaomi cloud, along with sync data between devices.
Barra continues and announced that Xiaomi users will be able to disable the MiCloud service manually from the device settings once the new update is rolled out.
“We have scheduled an OTA system update for today (Aug 10th) to implement this change. After the upgrade, new users or users who factory reset their devices can enable the service by visiting “Settings > Mi Cloud > Cloud Messaging” from their home screen or “Settings > Cloud Messaging” inside the Messaging app — these are also the places where users can turn off Cloud Messaging,” Barra concluded.