Chinese smartphone manufacturer Xiaomi has made swift changes to its MIUI Cloud Messaging service to halt the security worries caused after privacy concerns were raised over the amount of device and user details being sent to and stored on the company’s servers.
It was eventually discovered that the telco name, IMEI and phone number including those in the contacts lists and of those who had sent messages to the phone in question, were all sent to a server named api.account.xiaomi.com.
“Next we connected to and logged into Mi Cloud, the iCloud-like service from Xiaomi,” wrote F-Secure. “Then we repeated the same test steps as before. This time, the IMSI details were sent to api.account.xiaomi.com, as well as the IMEI and phone number.”
Xiaomi vice president of international operations, Hugo Barra, explained that phone number, IMSI and IMEI are needed so that the Cloud Messaging service can route messages between two users. He added that phonebook contact details are never stored on the firm’s servers and that encrypted message content is “not kept for longer than necessary to ensure immediate delivery to the receiver”.
Complete our SAP x Data Natives CDO Club survey now, and help us to help you
“As we believe it is our top priority to protect user data and privacy, we have decided to make MIUI Cloud Messaging an opt-in service and no longer automatically activate users. We have scheduled an OTA system update for today (Aug 10th) to implement this change,” Barra added
Xiaomi has been taking the mobile world by storm by toppling Samsung as the number one phone in the Chinese smartphone market for Q2. However, the fast growing start-up has been grappling with its new-found status to keep pace with the market.
Read more here
(Image Credit: 月明 端木)