After the Indian Air Force (IAF) issued a circular to its 175, 000 employees that the Chinese smartphone manufacturer Xiaomi was a security threat, Xiaomi was forced to clarify the issue. In fact, the IAF told its staff that Xiaomi smartphones should not be used by themselves or members of their families due to suspicions that the company is using its manufactured phones to spy on users on the Chinese government’s behalf.
Xiaomi offers an opt-in secure internet service, which is optional, so users can turn the service on and off whenever they like. The company also provides access to Mi Cloud that allows users to back up and sync their data and information on a cloud. Further, users have access to a cloud messaging service that allows free text messaging between other Mi devices. Despite rumors that all the data is collected by the Chinese government, Xiaomi states that it does not collect any data associated with the services it provides, such as Mi Cloud and the Xiaomi Cloud Messaging service, unless the user provides explicit consent by switching on corresponding services.
In its defence, Xiaomi also stated that it uses encryption and has high security standards including the AES-128 standard to protect its users’ data. In an official Xiaomi press release the company stated: “We believe the advisory circular issued by IAF is based on events about 3 months back. It refers to the F-Secure test done on the Redmi 1S in July 2014 about the activation of our Cloud Messaging service (which enables users to send text messages for free, similar to other popular messaging services).”
While not denying any spy action, the company has previously provided us with information including a statement that Xiaomi does not collect any information without user permission. As with other telecommunications providers, Xiaomi is said to have extremely strict access controls with multiple authorizations for access to any of its users’ personal data. In fact, Xiaomi is migrating international user data outside of China. The data will be moved in several phases to Amazon Inc servers in the United States and data centres in Singapore. While its aggressive growth outside of China has brought scrutiny such as the statement provided to the IAF, the company still intends on expanding further. After yet another security issue for the previously Chinese-only company, we will be interested to see how well Xiaomi does ensuring the security of its users.