Hugo Barra Addresses the Xiaomi MIUI Privacy Issues on Google+ (Again)


There have been grumblings and rumors running around concerning Xiaomi and privacy issues – one was a rumor that their RedMi devices were sending off collected personal data and storing it on Chinese servers without the knowledge of their customers.  The whole issue revolves around their MIUI Cloud Messaging service built into Xiaomi’s newest devices.  It offers their users the ability to send and receive text messages without going through their carrier’s messaging system and being charged.  Cloud Messaging text messages are routed via IP instead of the carrier’s SMS gateway. This Cloud Messaging is activated by default when the user turns on their MI phone through an IP communications protocol with Xiaomi’s servers.  The MIUI Cloud Messaging uses the device identifiers – phone number, IMSI and IMEI – in order to route the message between the two users, just as other popular messaging services use.  The phonebook and contact data is NOT stored on their servers and the message is only stored in an encrypted format long enough to insure delivery to the recipient.

While Xiaomi does not believe they are violating anyone’s privacy, they are now making the default to their Cloud Messaging service, turned off, so the user will have to personally opt-in if they desire to use the service and agree to its terms – you know, the long agreement that we never read.  The user will actually have to go to ‘Settings=>Mi Cloud=>Cloud Messaging’ from their home screen or ‘Settings=>Cloud Messaging’ from inside the messaging app to activate the service.  When asked exactly how does the MIUI Cloud Messaging system handle phone numbers?  Hugo answered directly with a list of facts about how the system works:

“The primary identifiers used to route messages are the sender and receiver’s phone numbers.  IMEI and IMSI information is also used to keep track of a device’s online status – When a user sends a text message, if there is an Internet connection available, the Cloud Messaging system will attempt to route the message via IP.  If the receiver is offline (i.e. not immediately reachable via IP), the system falls back to sending a normal SMS message from the sender’s device – When a MIUI user opens a text message or a phonebook contact, or creates a new contact, the device connects to the Cloud Messaging servers, forwards the phone number of that contact and requests the online status of the corresponding user, which is indicated by a blue icon when that user is online or gray icon if that user is offline (or is not a Cloud Messaging user).  This allows the sender to immediately know whether they can text that user without incurring SMS costs – In any of these flows, the receiver’s phone number is only used to look up online status and to route messages.

No phonebook contact details or social graph information (i.e. the mapping between contacts) is stored on Cloud Messaging servers, and message content (in encrypted form) is not kept for longer than necessary to ensure immediate delivery to the receiver – The OTA system update made available today (Aug 10th) adds an extra layer of security by encrypting phone numbers whenever they are sent to Cloud Messaging servers.” He also said that Xiaomi would continue to make changes and improvements over time as they are needed.  Please hook up with us on our own Google+ Page and let us know what you think of Hugo’s answers and Xiaomi’s policy and changes about their free Cloud Messaging system…as always, we would love to hear from you.