With articles circulating on the net several times over, we’re sure you’re aware of what really happened with the security firm Bluebox and its botched research on Xiaomi’s flagship Mi 4 smartphone. To set the record straight, Xiaomi has reached out to us to provide a detailed account.
Bluebox has updated its post about the security firm’s investigations on the Xiaomi Mi 4 smartphone, finally revealing that the product that it tested was a “very good” clone of the Mi 4. It reiterates, however, that Xiaomi’s widely-known online-only sales model poses a security threat to those who unknowingly purchase a compromised device off physical outlets, as Bluebox did.
That being said, Xiaomi provided us with a statement that described the whole affair in detail. Essentially, the statement refutes Bluebox’s findings from its investigations, since the product in question is not even a Mi phone, all of Bluebox’s findings are deemed inaccurate. The Chinese company also suggested that Bluebox’s efforts to contact Xiaomi were “inadequate” considering the “severity of their accusations”.
With the incredible rise of Xiaomi, the Western world is slowly taking notice – which explains why Bluebox was interested in Xiaomi phones in the first place. Xiaomi’s business model – online-only, selling at close to cost – is a hugely unfamiliar one compared to traditional Western markets. Furthermore, the rampant availability of imitation devices is an industry on its own in China, which again is perhaps something new to Westerners.
The following is Xiaomi’s statement in full:
—<Start of statement>—
On March 5 2015, Bluebox published an initial report on their website claiming that a Mi 4 bought in China comes pre-installed with malware. Here’s our response after careful investigation:
– Xiaomi and Bluebox have confirmed that the device Bluebox obtained is a counterfeit product.
– Bluebox’s reported findings are therefore inaccurate and not representative of Mi phones.
– We always recommend our users buy Mi phones only through our official channels, including Mi.com and select partners such as mobile operators and authorised retailers.
– All Mi phones sold around the world are verified to be fully Android compatible.
We have concluded our investigation on this topic — the device Bluebox obtained is 100% proven to be a counterfeit product purchased through an unofficial channel on the streets in China. It is therefore not an original Xiaomi product and it is not running official Xiaomi software, as Bluebox has also confirmed in their updated blog post.
1) Hardware: Xiaomi hardware experts have looked at the internal device photos provided to us by Bluebox and confirmed that the physical hardware is markedly different from our original Mi 4.
2) IMEI number: Xiaomi after-sales team has confirmed that the IMEI on the device from Bluebox is a cloned IMEI number which has been previously used on other counterfeit Xiaomi devices in China.
3) Software: Xiaomi MIUI team has confirmed that the software installed on the device from Bluebox is not an official Xiaomi MIUI build as our devices do not come rooted and do not have any malware pre-installed.
As this device is not an original Xiaomi product, and not running an official Xiaomi MIUI software build, Bluebox’s findings are completely inaccurate and not representative of Xiaomi devices. We believe Bluebox jumped to a conclusion too quickly without a fully comprehensive investigation (for example, they did not initially follow our published hardware verification process correctly due to language barrier) and their attempts to contact Xiaomi were inadequate, considering the severity of their accusations.
With the large parallel street market for mobile phones in China, there exists counterfeit products that are almost indistinguishable on the outside. This happens across all brands, affecting both Chinese and foreign smartphone companies selling in China. Furthermore, “entrepreneurial” retailers may add malware and adware to these devices, and even go to the extent of pre-installing modified copies of popular benchmarking software such as CPU-Z and Antutu, which will run “tests” showing the hardware is legitimate.
Xiaomi takes all necessary measures to crack down on the manufacturers of fake devices or anyone who tampers with our software, supported by all levels of law enforcement agencies in China.
We have so far not received meaningful reports of counterfeit Mi phones outside of China. However, to give our international users peace of mind, an English version of our verification app (that certifies the authenticity of Mi hardware) is in the works.
Like all other consumer electronics brands, we always recommend buying Mi phones through authorised channels. Xiaomi only sells via Mi.com, and a small number of Xiaomi trusted partners including mobile operators and select authorised retailers, such as Flipkart in India and others that will be announced in the future.
In addition, contrary to what Bluebox has claimed, MIUI is true Android, which means MIUI follows exactly Android CDD, Google’s definition for compatible Android devices, and it passes all Android CTS tests, the process used by the industry to make sure a given device is fully Android compatible. All Xiaomi devices sold in China and international markets are fully Android compatible.
—<End of statement>—