After revealing that Xiaomi’s MIUI software discreetly uploads user data without informing its users, software security firm F-Secure has now confirmed that the latest MIUI update has fixed the issue.
The company conducted its test on the same Xiaomi Redmi 1S device that was found to ping a server in Beijing without the owner’s knowledge. After installing the new OTA update, which makes MIUI Cloud Messaging optional, the security firm concluded that no user data – or any data, for that matter – was being sent out from the device.
In addition, F-Secure also confirmed that Xiaomi has now added an encryption layer to all data that is being sent to its servers, which addressed another issue that many criticised Xiaomi over.
Earlier this week, Xiaomi pushed out an OTA update to all users of its popular MIUI software, an Android-based ROM that runs on all Xiaomi devices and is also available to be flashed on other Android phones, after F-Secure raised plenty of questions after its test revealed that a Xiaomi phone was pinging a server in Beijing before uploading sensitive data such as the user’s phone number, the phone IMEI number as well as phone numbers in the user’s contact list – all without the user’s knowledge.
Xiaomi Global VP Hugo Barra has since explained that this was due to MIUI Cloud Messaging – an iMessage-like service that required the information in order to run the service. After the update, MIUI Cloud Messaging is now an opt-in service, requiring users to explicitly agree to the terms – which includes uploads of sensitive data mentioned earlier – before using the service. Barra also issued an apology for all users for not being clear over the matter.