Xiaomi, China’s largest smartphone player and the fifth largest worldwide, came under fire recently after a report by Finnish security firm F-Secure uncovered evidence that Xiaomi’s cloud-based messaging service was collecting phone and IMEI numbers from users’ address books.
In a blogpost on Google Plus, Xiaomi Vice President, Hugo Barra stated that Xiaomi servers do not store any personal data but that the cloud messaging app, which works like Apple’s iMessage app “uses SIM and device identifiers (phone number, IMSI and IMEI) for routing messages between two users.”
He further explained that when a user “opens a text message or a phonebook contact, or creates a new contact, the device connects to the cloud messaging servers, forwards the phone number of that contact and requests the online status of the corresponding user, which is indicated by a blue icon when that user is online or gray icon if that user is offline (or is not a cloud messaging user). This allows the sender to immediately know whether they can text that user without incurring SMS costs.”
Barra then went on to apologise, “We apologise for any concern caused to our users and Mi fans. We would also like to thank the media and users who have been sending us feedback and suggestions, allowing us to improve and provide better internet services.”
To allay these concerns, Xiaomi released an update on Sunday. Besides giving potential users the ability to opt out of the service, the update will also encrypt the phone numbers of users who decide to use the cloud messaging app.