Responding to the allegations, Xiaomi vice-president Hugo Barra said protecting user data and privacy is its top priority and it does not upload or store private information or data without the permission of users. It has also released a software update to allay fears among users.
F-Secure, in its report, demonstrated how a Xiaomi Redmi 1S phone was sending data including the users IMEI, phone number, and phone numbers of contacts added to the phone book to a remote server. Xiaomi, on its part, said user data was being transferred to allow users to benefit from Xiaomis free messaging service, Cloud Messaging. The service, which allows Xiaomi users to send free text messages to each other, is turned on by default for all users and these messages are directed through its own servers.
Xiaomis cloud messaging system tries to send the message via the Internet (if available) or otherwise sends it as a normal SMS message (if Internet is not available). Users phonebook contact data or social graph information (ie the mapping between contacts) are never stored on Cloud Messaging servers, and message content (in encrypted form) is not kept for longer than necessary to ensure immediate delivery to the receiver, Barra said in a Facebook post.
He added that Xiaomi has now made Cloud Messaging service opt-in and it doesnt activate automatically and has released
a software update to implement the change. After the update, new users or users who factory reset their phones will have to enable the cloud messaging service manually from Settings option on their device.
Xiaomi has gained popularity across Asia Pacific offering feature-rich smartphones at affordable prices. In India, it launched its Mi3 handset last month for Rs 13,999, exclusively with e-commerce major, Flipkart. The company has already sold over 20,000 devices, which were put up on sale in tranches.