Xiaomi under investigation for sending user info back to China
Summary: Xiaomi has been accused of sending user information back to nine servers in Mainland companies in Beijing and Guangzhou.
After an information security company accused Xiaomi of sending user information without consent back to servers in mainland China, the privacy authority of the Hong Kong Special Administrative Region government announced that it has launched an investigation on the Chinese phone maker, asApple Daily reported on September 9.
According to Nexusguard Consulting, a multinational information security solution provider, WhatsApp downloaded from Xiaomi's pre-installed App market could have been modified to send user information back to as many as nine servers on the mainland, while the Google Play version sends info to the US.
Among the alleged information receivers are state-owned telecommunications giant China Unicom, and two internet companies based in Beijing and Guangzhou, the Apple Dailyreported.
The local privacy authority responded that it recently recorded nine cases of complaints and has carried out an investigation on the Chinese phone maker's Hong Kong office to collect evidence.
In response, Xiaomi's official Facebook page published astatement on September 9 that the company hasn't received any letter regarding the aforementioned investigation, and its products are not sending personal information to the company's servers without users' consent.
"The connections between the phone and Xiaomi's servers found out by some users are internet services that do not concern user privacy," said the statement. "Such connections include but are not limited to calendar updates, MIUI system warnings, APP updates, system SMS intelligent identification, and weather services."
In August, Xiaomi apologised for collecting user information without consent, but the recent development seemed to suggest that the patch released by the company after the scandal to fix the leak is not working. An investigation initiated by Apple Daily found out that after installing the patch, Xiaomi's phone keeps uploading information automatically.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Android app security
Liu Jiayi — a basic Android security feature you might want to look into is the fact that any Android app is digitally signed using a private key securely held by that developer. It's not technically possible for anyone other than the original developer to create a modified version of an Android app containing a legitimate signature. Just wanted to point that out considering that Apple Daily isn't exactly the world's most credible source :)