XIAOMI HAS DEFENDED its data collection and retention policy after concerns mounted about the privacy of users of its handsets.
Xiaomi, an almost unknown name in the West, is one of the major players in the Chinese smartphone boom, with new models of phones often selling out within minutes.
On Friday, security company F-Secure reported that in testing of the company's Mi Cloud instant messaging service, data including numbers from the contact list and SMS messages were forwarded to a Xiaomi server along with the IMEI and phone number.
F-Secure's testing involved a brand new Xiaomi Redmi 1S smartphone, ilustrating that this is a present fault not a legacy products issue. Mi Messaging is an implementation of the open source MIUI messaging service.
It's debatable how sinister the reported behaviour actually is, and it might just be necessary functionality for the app, but regardless of the reason, the messaging app is uploading private data from the Xiamoi smartphone and that could have been avoided.
Xiaomi has responded to the claims with ex Google employee Hugo Barra, who is now Xiaomi's head of global expansion, saying on Google+, "We believe it is our top priority to protect user data and privacy. We do not upload or store private information or data without the permission of users."
In a lengthy Q&A, he explained, "MIUI Cloud Messaging uses SIM and device identifiers (phone number, IMSI and IMEI) for routing messages between two users, in the same way as some of the most popular messaging services. Some technical implementation details are provided below.
"Users' phonebook contact data or social graph information (i.e. the mapping between contacts) are never stored on Cloud Messaging servers, and message content (in encrypted form) is not kept for longer than necessary to ensure immediate delivery to the receiver."
He goes on to explain that in order to quell concerns over the issue a software patch will be issued soon giving users the option to opt-out of the Mi Message service if they are concerned, though this will deactivate the service.
Cloud storage service Dropbox made a similar promise recently after telling The INQUIRER that customers should consider using encryption if they have privacy concerns, but pointed out that it would deactivate some of the more advanced functionality of the product.
This privacy controversy is the latest chapter in a recent escalation of paranoia in China, which saw the Chinese government accuse Microsoft of using Windows 8 as spyware, banning it from government procurement and declaring on a primetime news programme, "Whoever controls the operating system can control all the data on the computers using it." µ