In a startling revelation, Chinese firm Xiaomi Inc has admitted that its devices send users’ personal information back to a server in China, which has prompted some world governments to sit up and take note of the security angle involved in it, as the cheap phone sells in a flash of the moment online in a populated country like India.
While Taiwan immediately oredered a probe into it, it is reliably learnt that the phone keeps on communicating with at least 3 masters — Xiaomi, the company that has built the device, the telephone company that is providing service and third party apps pre-installed on it.
With Xiaomi’s latest hits Mi3 and Redme 1S smartphones priced cheap and sold 40K to 60K phones online via Flipkart in less than 5 second, in the so-called flash sale, is actually subsidised for its feature of sending home the user data.
Without the user’s knowledge or consent, Xiaomi phones send personal data of the user once he or she boots it up. Back home in China, the info is kept in store by the company which says the feature is to allow users to send SMS messages without having to pay operator charges.
“What Xiaomi did originally was clearly wrong: they were collecting your address book and sending it to themselves without you ever agreeing to it,” said Mikko Hypponen of F-Secure that has revealed the problem. “What’s more, it was sent unencrypted.”
However, when pointed out, Xiaomi has fixed the problem by seeking users’ permission and sending data over encrypted connections, he said. Xiaomi is by no means alone in collecting the user data. Apple and other phones do send similar data with permission but some apps pre-installed may even send the user data unknowlingly.
Whether the smartphone is cheap or not, there is a Big Brother watching you either in Washington DC or in Beijing!