Categories
Latest
Popular

This Chinese Manufacturer’s Smartphone Could Be Spying on Its Users?

Screenshot of the official Xiaomi page for the Redmi Note (http://www.mi.com/en/redminote)

Screenshot of the official Xiaomi page for the Redmi Note (http://www.mi.com/en/redminote)

The iPhone is not alone when it comes to controversies related to privacy, data security, or the possibility of spying on users’ data. Other devices also have their own share of the issue. One of the recent ones suspected to be posing a threat to users’ information security is a device designed and produced by a Chinese company.

The suspicious activity was reported by a user in hong Kong who claims that his device has been connecting with an IP address identified to be located in China. The device in question is the highly popular Xiaomi Redmi Note, a phablet device that appears to be a competitor to the Samsung Galaxy Note series. Xiaomi is not new to controversies. Years back, it was already singled out for copying almost everything Apple has been doing. From the undeniably imitated device designs to even the kind of presentations used in launching the devices, Xiaomi is controversially being referred to as the Chinese Apple or the Apple of China.

The Xiaomi Redmi Note Covert Data Transmission

So what is the Xiaomi Redmi Note secretly transmitting? According to Kevin Li, the Redmi Note owner who scrutinized his device, he discovered that his Redmi Note had been sending data to a Chinese server when it was operating in Wi-Fi mode. When he set the device to run connect online via 3G, the data transmission was limited to a “handshake.” Li shared his discovery on the Hong Kong discussion group IMA Mobile.

According to Li, the data being sent without the user’s permission or knowledge include pictures and SMS. In particular, the device sends pictures from the media storage. The text messages are allegedly being channeled through Chinese servers. When viewed without malice, it would appear that the Xiaomi Redmi Note simply wants to back up users’ contents. It’s like an automatic backup mechanism users don’t know and are unable to disable.

It is also worth noting that the alleged covert data transmission proceeded without the MiCloud service turned on. The transmission did not stop with the MiCloud service turned on and then turned off, so it’s unlikely that it’s just a simple software bug or a minor glitch. Moreover, Li claimed that even the act of rooting the device did not get rid of the suspect connection with Chinese servers. The same goes with a firmware change. It appears to be hard-coded into the device.

Kevin Li's device screenshot as posted on IMA Mobile

Kevin Li’s device screenshot as posted on IMA Mobile

This report is increasing speculations about the spying of Chinese government with the help of Chinese companies. Earlier, there have been reports of other Chinese companies also involved in possible spying activities. Even in the United States, the Chinese company had been accused of

The Proof

Li released screenshots of his device showing the different connections. The connection suspected as Xiaomi’s unpermitted data transmission logs the IP address TCP6 42.62.48.157:80. The IP range  42.52.48.0 to 42.62.48.255 is identified as an IP based in Beijing, China owned by Forest Eternal Communication Tech, Co. Ltd. The phone number was even listed: +85-010-51659311.  it has a Whois record updated on June 29, 2011.

Xiaomi’s Response

Expectedly, Xiaomi denied any attempt to spy on Redmi Note users. The company’s CEO, Hugo Barra, who happens to be a former Apple executive, posted on his Google+ account the following messages:

Q: Online articles recently referred to some privacy issues with the Redmi Note, claiming that photos and text messages are sent to China secretly. Are they true?

A: An article severely misinterpreted a discussion thread asking about the Redmi Note’s communication with a server in China. The article also neglected to refer to a Chinese version of this Q&A already posted on the Xiaomi Hong KongFacebook page (https://www.facebook.com/Xiaomihongkong/posts/799059896795602). MIUI does not secretly upload photos and text messages.

Xiaomi’s representatives, in a Q&A presentation, also emphasized that the data transmitted were only related to the MiCloud service which supposedly backs up the contacts, text messages, photos, and other data stored in the device’s local storage. It’s interesting to note how Li’s claim that stopping MiCloud did not stop the transmission. It’s either Li is lying or Xiaomi is. Xiaomi also adds that MiCloud can be turned off but they their Q&A does not mention anything about the transmission getting cut as the MiCloud service is deactivated.

Kevin Li's device screenshot as posted on IMA Mobile

Kevin Li’s device screenshot as posted on IMA Mobile

Privacy and security issues are serious issues especially now when almost every information about anyone can be obtained and shared online. Hopefully, government authorities can step into this controversy to clarify everything and to make sure that mobile devices are not going to be used against their respective owners.