Xiaomi Amends Cloud Messaging Service After Privacy Scare

Xiaomi Amends Cloud Messaging Service After Privacy Scare

Xiaomi Amends Cloud Messaging Service After Privacy Scare

Roughly a week ago, Finland’s F­Secure started investigating claims that Xiaomi was sending essential data under the radar from its MIUI ­powered phones back to the main Xiaomi servers in China. As it turned out the claims were not unsubstantiated and touched upon the worst fears of consumers who were bothered by the fact that their privacy was put on the line by yet another telecom company. Though F­Secure’s brand new Redmi 1s Hugo_BarraXiaomi manufactured smartphone does not add any cloud accounts to its program, yet the device sent back the carrier name,  phone number, IMEI (device identification technology), additional numbers saved in the phone book, and even personal text messages data back to Beijing. Many users were put off by the incident due to the fact that the data shared from their devices was not encrypted, which means that the phone specifications could be known to one and all alike. In the midst of this brewing controversy, the Chinese company is making efforts to put the derailed train of their market reputation back on track.

The most-valiant damage control efforts were made by Vice President (VP) Hugo Barra, who took to the social media to clear the air regarding the issue.

Policy Gone Awry

Xiaomi is a mobile manufacturer company that believes in delivering quality products and easy ­to­ use internet services. Per the policy of the company, the data handled by the servers is not uploaded nor is any private information stored in any database without first seeking the permission of the user.

MIUI Cloud Messaging

Cloud messaging is offered by Xiaomi that is supported by MIUI operating system. This particular service gives the advantage to MIUI users by enabling them to exchange free­of­cost text messages with each other. This is achieved by routing messages through IP instead of relying upon the carrier’s SMS portal. The Official Story Xiaomi’s VP Barra took to the social media and put in his best effort to educate the general public about the real story behind the controversy. He said that the data link in question was an important part of MIUI’s cloud messaging service that played its role by deciding whether the consumers’ text messages could be channeled through the internet for free.

Unfortunately for Xiaomi, this feature was enabled by default that led to the data being channeled back to Beijing.

The mistake has been made right after users were told that new devices or factory ­restored ones should be manually activated to use the cloud messaging service. What this means is that user data would not be transferred covertly to Beijing anymore. In addition, the latest updates made to the old devices would ensure that the phone numbers being sent to the servers are encrypted if the users want to continue using the MIUI’s cloud messaging feature instead of opting for the SMS delivery system.

Other Important Queries

The entire episode still left some questions unanswered in the minds of consumers. For instance, wasn’t the company supposed to encrypt all information during the device manufacturing stage per the privacy policies adopted by all companies dealing in the field of communication? The blame for this lapse in the phone’s security had to be taken by Xiaomi’stop officials because errors like these could virtually destroy the standing of the company in a competitive global market. Since this mistake has been made by other renowned communication companies in the past as well, Xiaomi also deserves a second chance.

Moreover, the VP of the company has admitted to the mistake and provided a lengthy but transparent explanation for the unfortunate mistake.

It is pertinent also to mention here that the MIUI does seek public data on request from Xiaomi servers at different time intervals. The data that is shared mostly includes company stored everyday greeting messages and MIUI OTA notifications about latest updates, which is essentially the non personal data that doesn’t threaten the privacy of consumers using the device.

By Rachael Dane,  Stealthmate

Stealthmate provides comprehensive list of monitoring features for mobile phones and computers. These features range from basic internet monitoring to advanced features like email monitoring and logging of all popular Chat Messangers. 

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Don’t Be Intimidated By Data Governance

Don’t Be Intimidated By Data Governance

Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Federal Government Cloud Adoption No one has ever accused the U.S. government of being technologically savvy. Aging software, systems and processes, internal politics, restricted budgets and a cultural resistance to change have set the federal sector years behind its private sector counterparts. Data and information security concerns have also been a major contributing factor inhibiting the…

Digital Twin And The End Of The Dreaded Product Recall

Digital Twin And The End Of The Dreaded Product Recall

The Digital Twin  How smart factories and connected assets in the emerging Industrial IoT era along with the automation of machine learning and advancement of artificial intelligence can dramatically change the manufacturing process and put an end to the dreaded product recalls in the future. In recent news, Samsung Electronics Co. has initiated a global…

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around…

Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in mind when implementing an ERP system. But do you know if cloud-based or on-premise ERP deployment is better for your company or industry? While cloud computing is becoming more and more popular, it is worth…

Ending The Great Enterprise Disconnect

Ending The Great Enterprise Disconnect

Five Requirements for Supporting a Connected Workforce It used to be that enterprises dictated how workers spent their day: stuck in a cubicle, tied to an enterprise-mandated computer, an enterprise-mandated desk phone with mysterious buttons, and perhaps an enterprise-mandated mobile phone if they traveled. All that is history. Today, a modern workforce is dictating how…

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) attacks that made popular Internet properties like Twitter, SoundCloud, Spotify and Box inaccessible to many users in the US. The DDoS attack happened in three waves targeting DNS service provider Dyn, resulting in a total of about…