When we think about cryptographic keys, we tend to think about closely guarded secrets. Keys are the only thing that keeps the attacker away from your encrypted data. Some keys are usually treated with the appropriate level of respect. Security professionals in the payments industry, or those that have deployed a PKI, know all too well about the importance... 

Richard Moulds

Xiaomi Amends Cloud Messaging Service After Privacy Scare

Xiaomi Amends Cloud Messaging Service After Privacy Scare

Roughly a week ago, Finland’s F­Secure started investigating claims that Xiaomi was sending essential data under the radar from its MIUI ­powered phones back to the main Xiaomi servers in China. As it turned out the claims were not unsubstantiated and touched upon the worst fears of consumers who were bothered by the fact that their privacy was put on the line by yet another telecom company. Though F­Secure’s brand new Redmi 1s Hugo_BarraXiaomi manufactured smartphone does not add any cloud accounts to its program, yet the device sent back the carrier name,  phone number, IMEI (device identification technology), additional numbers saved in the phone book, and even personal text messages data back to Beijing. Many users were put off by the incident due to the fact that the data shared from their devices was not encrypted, which means that the phone specifications could be known to one and all alike. In the midst of this brewing controversy, the Chinese company is making efforts to put the derailed train of their market reputation back on track.

The most-valiant damage control efforts were made by Vice President (VP) Hugo Barra, who took to the social media to clear the air regarding the issue.

Policy Gone Awry

Xiaomi is a mobile manufacturer company that believes in delivering quality products and easy ­to­ use internet services. Per the policy of the company, the data handled by the servers is not uploaded nor is any private information stored in any database without first seeking the permission of the user.

MIUI Cloud Messaging

Cloud messaging is offered by Xiaomi that is supported by MIUI operating system. This particular service gives the advantage to MIUI users by enabling them to exchange free­of­cost text messages with each other. This is achieved by routing messages through IP instead of relying upon the carrier’s SMS portal. The Official Story Xiaomi’s VP Barra took to the social media and put in his best effort to educate the general public about the real story behind the controversy. He said that the data link in question was an important part of MIUI’s cloud messaging service that played its role by deciding whether the consumers’ text messages could be channeled through the internet for free.

Unfortunately for Xiaomi, this feature was enabled by default that led to the data being channeled back to Beijing.

The mistake has been made right after users were told that new devices or factory ­restored ones should be manually activated to use the cloud messaging service. What this means is that user data would not be transferred covertly to Beijing anymore. In addition, the latest updates made to the old devices would ensure that the phone numbers being sent to the servers are encrypted if the users want to continue using the MIUI’s cloud messaging feature instead of opting for the SMS delivery system.

Other Important Queries

The entire episode still left some questions unanswered in the minds of consumers. For instance, wasn’t the company supposed to encrypt all information during the device manufacturing stage per the privacy policies adopted by all companies dealing in the field of communication? The blame for this lapse in the phone’s security had to be taken by Xiaomi’stop officials because errors like these could virtually destroy the standing of the company in a competitive global market. Since this mistake has been made by other renowned communication companies in the past as well, Xiaomi also deserves a second chance.

Moreover, the VP of the company has admitted to the mistake and provided a lengthy but transparent explanation for the unfortunate mistake.

It is pertinent also to mention here that the MIUI does seek public data on request from Xiaomi servers at different time intervals. The data that is shared mostly includes company stored everyday greeting messages and MIUI OTA notifications about latest updates, which is essentially the non personal data that doesn’t threaten the privacy of consumers using the device.

By Rachael Dane,  Stealthmate

Stealthmate provides comprehensive list of monitoring features for mobile phones and computers. These features range from basic internet monitoring to advanced features like email monitoring and logging of all popular Chat Messangers. 

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as technology related infographics and comics.