Home » News » Mobile Phones » Xiaomi does damage control after IAF privacy alert on using Xiaomi phones

Xiaomi does damage control after IAF privacy alert on using Xiaomi phones

By Prasid Banerjee | Updated on 28-Oct-2014
Xiaomi does damage control after IAF privacy alert on using Xiaomi phones
Prasid Banerjee Prasid Banerjee
27 Oct 2014 15:42
HIGHLIGHTS

The IAF had recently issued an alert to its personnel about not using Xiaomi smartphones. The company has already announced that it will be moving its servers to India.

Chinese smartphone maker Xiaomi has issued a press release following the alert issued by the Indian Air Force (IAF) to its personnel. The company, which has often come under fire in privacy related issues, has addressed the concerns. Xiaomi’s clarification consists of a few pointers about its devices and Mi Cloud.

Attached below is the advisory from Xiaomi. It is important to note that Xiaomi global VP Hugo Barra has already announced about the company's plans to move its cloud servers to India for users here.

There have been reports about an IAF circular claiming that Xiaomi phones are a security threat. While we are attempting to reach Indian authorities to learn specifics, we would like to clarify a few points to assure our users that we treat your privacy seriously.

1. We provide opt-in secure Internet services that greatly benefit users

We offer various opt-in Internet services that bring great user benefits, are free of charge, and require personal data to be stored in the cloud. For example:

? Mi Cloud enables users to back up their data as well as sync it to other devices
? Cloud Messaging allows users of Mi devices to exchange text messages free of carrier charges by routing messages via IP instead of carrier’s SMS gateway

These services are optional (opt-in). Users can turn them on and off at any time. Users can also opt to use similar services from other Internet companies instead, such as Google, Whatsapp, Dropbox and others.

2. We do not collect user data without permission

We do not collect any data associated with services such as Mi Cloud and Cloud Messaging until the user provides explicit consent by turning on the corresponding service(s). Even after users have turned on these services, they can turn them off at any point of time.

We take rigorous precautions to ensure that all data is secured when uploaded to Xiaomi servers and is not stored beyond the time required.

3. We use very high encryption and security standards to protect user data

? We encrypt data using AES-128 standard before storing, which makes it practically impossible for anyone to steal this information
? We protect user passwords and identifiers such as IMEI number using cryptographic one-way hash functions *before* they're uploaded, which means we never actually receive the original information
? No single person, including Xiaomi employees, can decrypt user data stored in Mi Cloud, even if they get access to the hard drives
? We use extremely strict access control policies with multiple authorizations being required for engineers building services that access any personal data
? All access to servers is logged and audited

4. We are moving our Indian users' data to servers outside of China, and to India in 2015

Since early 2014, we have been migrating our services and corresponding data for Indian users from our Beijing data centers to Amazon AWS data centers in Singapore and USA. Parts of this migration will be completed by the end of October, and all of it will be completed by the end of 2014. In 2015, we plan to launch a local data center in India to serve the needs of (and store data for) our Indian users.

These efforts help significantly improve the performance of our services and also provide some peace of mind for users in India, ensuring that we treat their data with utmost care and the highest privacy standards.

For detailed information, refer this recent post by Hugo Barra on this:

https://plus.google.com/110023707389740934545/posts/9ARVCHczyvb

5. The concerns raised by F-Secure have been fully addressed

We believe the advisory circular issued by IAF is based on events about 3 months back. It refers to the F-Secure test done on the Redmi 1S in July 2014 about the activation of our Cloud Messaging service (which enables users to send text messages for free, similar to other popular messaging services).

We immediately addressed the concerns raised, which was directly acknowledged by F-Secure 4 days later.

Please refer to this post by F-Secure confirming their concerns were addressed:

http://www.f-secure.com/weblog/archives/00002734.html

Main Image: Livemint

Prasid Banerjee

Prasid Banerjee

Trying to explain technology to my parents. Failing miserably. View Full Profile

New Mobiles
Apple IPhone 15Redmi 12 5GRealme 11 Pro+ 5GApple IPhone 15 PlusNothing Phone 2
Top-10s
Best Mobile Phones under 15,000Best Mobile Phones under 20,000Best Mobile Phones Under 10,000Best Mobile PhonesBest 5G Mobile Phones
Terms of Use Privacy Policy About Us Advertise with us Contact Us SiteMap Current / Past Issue Magazine Subscription
9.9 Group

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

We are about leadership – the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry.

logo logo logo logo logo logo
Copyright © 2007-24 9.9 Group Pvt.Ltd.All Rights Reserved.
Digit.in
Logo
Digit.in
Logo