NO, Xiaomi Handsets Are NOT Stealing And Sending User Info To Chinese Govt. Servers

Xiaomi's Hugo Barra has come out in defence of the company which has been under criticism off late regarding silent uploads to servers in China from its RedMi Note.

According to an article posted on FinanceTwitter, there is a need to be cautious before buying Xioami products

Image via

Citing a Hong Kong IMA Mobile forum user – Kenny Li, the article claims that Xiaomi's RedMi Note is sending user data, including text messages, photos and other information, back to servers in China, without the users' permission. It further says:

"The unauthorized transmission of such data happens whenever the Redmi Note is connected to WiFi, while the data transfer is much slower on 3G. Strangely, even if you root the phone and flash it with a different firmware, the data transfer still persists in the background. This simply means this phantom process is somehow hardcoded into the device. Interestingly, even if you switch off Mi Cloud service, your private data still get transmitted to China."

The device streams data to the company's Mi Cloud servers while on Wi-Fi but has also been found to remain in touch with the Chinese servers during cellular connectivity via small handshakes

The image attached shows the messaging app that is actually sending the data to IP address in China. Note that is the only app that is doing so. As per the source the activity continued even when miCloud service was turned off, on 3G there just a handshake and on Wi-Fi the data is transmitted in the background.

The messaging app in question has a cloud messaging option that is switched on by default. However, you can disable it if you want.

Image via

What this cloud messaging does is it lets you send messages to anyone else using MiUi. It supports both text and MMS. The MiCloud services also has the Cloud messaging option (that takes you to the messaging settings) plus gives you option to take backup of contacts, SMS’s photo, logs etc. Backups are off by default on the Indian Mi3 but Cloud messaging is enabled.

If you're really concerned about data privacy, there's a Data Restrict option. You can block data access to messaging app.

Image via

The source does not mention anything about if they tried the data restrict option and if they specially switched off cloud messaging. Also in security there is user experience program that is switched on by default.

Image via

The source also tried flashing the RedMi note with a new ROM but the data was still being sent, we're not sure how is that possible? Unless they flashed it again with the same MiUi ROM.

The article further claims that this happens in Xioami RedMi 1S as well, and could affect Mi 3 and Mi 4. It warns and asks users to "treat Xiaomi phones as another untrusted smartphone and never do any banking or financial transactions."

Besides the article on FinanceTwitter, there are many other articles on the Internet, including OCWorkBench, pointing to the same source. So is this for real? Are Xiaomi handsets secretly stealing and sending user data to Chinese government servers?

The TL;DR version is: No, they don't.

There are two scenarios when Xiaomi smartphones connect to Xiaomi's servers in China

One, MIUI constantly connects to Xiaomi's servers to download preset messages, jokes, holiday greetings and so forth.

Secondly, if users have turned Mi Cloud on, then the service would automatically take a backup of the phone.

Meanwhile, Xiaomi has refuted the report, calling it "severely misinterpreted." Hugo Barra, Vice President, Xiaomi Global, in a Google+ post addressed the privacy concerns of users.

Hugo Barra

Image via

Barra said, "An article severely misinterpreted a discussion thread asking about the Redmi Note's communication with a server in China. The article also neglected to refer to a Chinese version of this Q and A already posted on the Xiaomi Hong Kong Facebook page. MIUI does not secretly upload photos and text messages."

Referring to the allegation of being connected to China-hosted servers, Barra revealed that MIUI (the company's proprietary skin running on top of Android on it smartphones) requests public data such as preset greeting messages (jokes, holiday greetings and poems) in the messaging app from Xiaomi servers at regular intervals.

Further, Barra says MIUI also checks for OTA update notifications via Xiaomi servers based in China. Barra says these communications between MIUI-based Xiaomi smartphones and the China-based server contain "all non-personal data that does not infringe on user privacy."

Hugo Barra's post further disambiguated that Xiaomi smartphones do not upload any personal data to the cloud (Mi Cloud or servers) without user's knowledge

Three models of China's Xiaomi Mi phones are pictured during their launch in New Delhi July 15, 2014.

Image via

"Xiaomi is serious about user privacy and takes all possible steps to ensure our Internet services adhere to our privacy policy. We do not upload any personal information and data without the permission of users. In a globalized economy, Chinese manufacturers' handsets are selling well internationally, and many international brands are similarly successful in China - any unlawful activity would be greatly detrimental to a company's global expansion efforts," added Barra. You can read Barra's full response to the Xiaomi spying allegations here.

While there will likely still be some people skeptical about the whole scenario being that it popped up at all, lots of other devices and companies who manufacture these devices have similar services going on, points out Justin Diaz of Android Headlines

Google offers cloud services and user collection data is sent to servers all the time to better serve users with targeted and personalized ads. Most people don’t bat an eye, and Google is right in the U.S.

Giving benefit of the doubt, it seems this was pulled completely out of context most likely because Xiaomi is a Chinese company

Conspiracy theories and perhaps prejudices aside, every major tech firm and device OEM likely has a service similar to Mi Cloud that doesn't garner this kind of attention, yet they without a doubt do the exact same things that were being discussed here.

Furthermore, as rightly noted for Android Headlines, it shows some level of respect for customers that the companies VP would take to the community to respond to these claims and converse with the people in the comments thread about the whole situation

Ironically, none of this seemed to have hurt Xiaomi’s sales as the Mi 4 is said to have sold out faster than one can blink an eye, despite concerns of privacy in regards to the RedMi Note. Xiaomi is just like any other company out there that has millions of customers. They take customer privacy seriously. If they didn’t they wouldn’t have this many customers in the first place.

Leave a comment