Yes, Xiaomi does collect personal data from users in India and sends it to servers in China. That’s how it enables its users to exchange free messages on the cloud, via IP (internet protocol), rather than the SMS gateway of their telecom carriers. Cloud services also enable users to back up data and sync it across multiple devices – if they choose to use it.
This is not unique to Xiaomi. Most of the cloud-based services from companies like Google, Microsoft, and Apple involve passing data to servers outside the country. But then, those are American companies, whereas Xiaomi is Chinese, and that raises hackles in the Indian security establishment, given the political history of conflict between the two large Asian neighbors.
Xiaomi got red-flagged over two months ago, when a software security monitoring firm, F-Secure, tested the Redmi 1s just before its launch in India, and reported that it was passing phone numbers, contact lists, messages, and device identification codes to Xiaomi’s servers in China. This set off ripples on social media, especially after the Indian Air Force, no less, said the phones were a security threat in a circular.
Since then, Xiaomi has made several moves to allay the security concerns over its hugely popular phones. For starters, it turned its default mode to ‘off’ for cloud services. Earlier, users had to figure out how to opt out of such services, whereas now they have to explicitly opt-in for cloud messaging or anything else that involves sending data to the cloud.
F-Secure came out with a second report, confirming that Xiaomi phones were no longer sending out data, until cloud messaging was turned on.
But Xiaomi is also going to the root of the issue – the servers. It has been migrating its services and data for users outside China from data centers in Beijing to Amazon AWS data centers in Singapore and the USA. Hugo Barra, Xiaomi vice-president, says in a Google Plus post that the migration will be completed by the end of 2014. And next year, Xiaomi plans to have a local data center in India, where it already has a research and development center.
“These efforts help significantly improve the performance of our services and also provide some peace of mind for users in India,” says Hugo Barra.
But the Indian Air Force still has the Chinese phone-maker in its sights, and there is no sign of any let-up. Just last week, it asked all its personnel to ensure neither they nor any of their family members use a Xiaomi phone.
Xiaomi is at its wit’s end. “We are attempting to reach the Indian authorities to learn the specifics,” it says in a statement, adding that the IAF circular apparently related to the F-Secure test done months earlier, which had already been addressed.
Xiaomi is not the first Chinese company to get into strife in India. Earlier, Huawei was stopped from supplying telecom equipment to the Bharat Sanchar Nigam Limited (BSNL) when fears were expressed that it could be used for Chinese cyber-snooping.
So it might take more than a shifting of servers for Xiaomi to earn the trust of the Indian authorities. A change in attitudes may be more fundamental, and this applies as much to India as well as China, where international companies like Apple have attracted snooping charges.
See: Why Xiaomi faces a Catch-22 situation in India
Why is the Indian Air Force so trigger-happy in shooting down Xiaomi?
No comments:
Post a Comment