Xiaomi’s Response to the recent Privacy and Security concerns


Xiaomi (now MI) was founded in 2010 and they have reached great heights in just 4 years. They’ve brought together some real smart people from Microsoft, Google, Motorola Yahoo and other big players in the industry with a focus of making great stuffs at affordable prices. They released Mi3 and RedMi 1S Smartphones in India this year.

Recently, they have been in news on some privacy and security concerns raised by few blogs where the Redmi 1S smartphone was sending back some data to servers in China. Ever since F-secure reported this, there has been various blogs/websites quoting the same and spinning different stories.

I did reach out to the leadership team of MI and this is what they have to say,

We are extremely cautious about protecting user data; we are 100% compliant with all local laws, including the ones related to data security.

We offer various internet based services such as Mi Cloud, cloud based message etc., which require data to be stored in the cloud. However, we take rigorous steps to ensure that the data is encrypted and secured while being sent to the server, and is not stored beyond the time required. In fact, we made changes to our system to ensure that Mi Cloud is by default deactivated, and does not send data to servers automatically. Only when a consumer consciously activates Mi Cloud services, the data is backed-up. We made these two blog posts in July and August, which explains the entire situation.

After we made these posts, various blogs updated their earlier stories confirming that there is no data threat from Xiaomi devices. This article confirms that the phones so not automatically send data to Mi Cloud anymore.

We are keen to clarify that Xiaomi is serious about user privacy and takes all possible steps to ensure our Internet services adhere to our privacy policy. We do not upload any personal information and data without the permission of users.

Earlier this year, Mi e-commerce Engineering teams started migrating their global e-commerce platforms and user data for all international users from the Beijing data centers to Amazon AWS data centers in California (USA) and Singapore.  They also began using Akamai’s global CDN infrastructure to speed up static page loads. This migration also includes Mi Account, Cloud Messaging and Mi Cloud services.

This migration process is expected to be completed by the end of October and will benefit users in all of their international markets — Hong Kong, India, Indonesia, Malaysia, Philippines, Singapore, and Taiwan.  Users are already experiencing website speed boosts of at least 30% in markets such as Singapore, Hong Kong, Taiwan and as much as 200% in India. Hugo Barra explained the plans and schedule of server and data migration process in his post yesterday.

In India and Brazil, where Amazon AWS services aren’t yet available, Mi will be working with local data center providers to set up their service infrastructure.  Once that has been completed, users in these markets will be much closer to their data and enjoy even faster speeds by connecting to local servers; and most importantly, your data lives in your region.