RedMi Note alleged to be sending photos and sms to China servers secretly?

Goto Page : «« Previous Page Next Page »»

The 小米 XiaoMi and 紅米 RedMi phones have been hot sellers in China and in South East Asia lately. Most of it are sold out in seconds on their website which operates only for 5 minutes per week. The proclaimed sales is largely due to it’s low price and better specifications than the competitors.

Lately, a Taiwanese internet media has uncovered that the RedMi Note is actually sending data back to a server hosted in China behind the scenes.

A Hong Kong discussion group IMA Mobile user Kenny Li discovered that his RedMi Note has been connecting to an IP address in China and transferring data back to the server when he is operating in Wi-Fi mode. When he is on 3G, it is just a handshake (low data transmission).

So what is being sent to the servers?  What surprises the tester is that even if you root the phone and flash it with another firmware, the background transmission continues. It seems that the process is hard coded into the phone.

According to his observation, the RedMi seems to be sending pictures from MEDIA STORAGE. On top of that, your SMS and messages also gets channeled through the Chinese servers. It looks like XiaoMi is ‘helping’ users to automatically make a backup of your data on their servers without explicit permission from the user.

* The micloud service was never turned on during the test.

Discuss

xiaomi-note-connect-to-china-2

xiaomi-note-connect-to-china

 

Current IP Range:

42.62.48.0 – 42.62.48.255

IP Range Location: China,    Beijing,    Beijing
IP Owner: Forest Eternal Communication Tech. Co.ltd
Owner Full IP Range:
42.62.0.0 – 42.62.127.255
Owner Address: Beijing, China
Owner Country: China
Owner Phone: +86-010-51659311
Owner Website: www.cnnic.cn
All Owner IP Ranges:   42.62.0.0 – 42.62.127.255,   125.254.128.0 – 125.254.191.255,   124.243.192.0 – 124.243.255.255
All Owner IP Reverse DNS (Host)s:   42.62.0.45,   125.254.166.0,   124.243.198.166
Whois Record Updated: 29 Jun 2011


Goto Page : «« Previous Page Next Page »»


11 Comments

  1. ocworkbench August 11, 2014 9:50 am  Reply

    These messages seems encoded so it will be hard to know what is sent exactly.

    Another connection to a server in Guangzhou, China (112.90.17.54) sending a get on that server:
    GET /?u=pgv_base_network&u1=C46AB7DA5772004V%7C000000000000000&u2=10031&u3=1.0&u4=WIFI%7CMYWIFIHERE&u6=1406844103 HTTP/1.1Copy the CodeThis contains my wifi network name (replaced by MYWIFIHERE)…
    This server corresponds to the host pgv.m.xunlei.com. Xiaomi is the major shareholder of Xunlei, a company which deals with video streaming, game platform, etc.

    Another call to 122.143.5.60 in Jilin, China. The assiociated host is wapstat.wap.sandai.net which dns is ns1.xunlei.net, ns2.xunlei.net, etc…
    A post is sent:
    POST http://wapstat.wap.sandai.net:83/ HTTP/1.1

    Content-Length: 138

    Content-Type: application/octet-stream

    Connection: Close

    ……..~…………………+c“.Wf`….z…..zFz.F.`f….Cb^JQ~fJ|..w……P]…_…sHh.k.P0″3Q.h…………!………V00p0….9..z…HTTP/1.1 200 OK

    Content-Length: 20

    Content-Type: application/octet-stream

    Connection: Close

    ………….#……Copy the Code
    Then, my phone ping 58.68.235.232 every 5 minutes sending an xml message:
    t:367Copy the Code

  2. caligula_gandhi August 2, 2014 4:58 am  Reply

    MiCloud and cloud messaging are two different things.
    MiCloud is managed via the account settings. Cloud messaging is managed at the settings of the mms.apk. Cloud messaging can be activated or turned off at these settings. Two different things. Where is the proof that photos were sent? Did you analyze the traffic? I guess you got something wrong and in various online mags your article is spread like it was a big thing that is going on. This is bullshit.

  3. Bob July 31, 2014 2:06 am  Reply

    Worth pointing out that the user can just be an astroturfer (search for it). They are from Taiwan – home of HTC – who are in direct competition with the likes of Xiaomi

  4. Joshua July 30, 2014 8:29 pm  Reply

    Please read more about it here, this is not true: en.wikipedia.org/wiki/China_Internet_Network_Information_Center

  5. RICKY July 30, 2014 3:36 pm  Reply

    i wonder why there people so idiot to believe everything ther read.
    IS SENDIND DATA FOR AN CLOUD SERVICE FROM YOU, THAT’ ALL.
    There is no provacy problem, no more than Apple, Google, Microsoft.
    dont’ be stupid

  6. Hetz Ben Hamo July 29, 2014 5:34 pm  Reply

    Sir, please learn a bit more about Android. You can replace the Firmware, replace the recovery, even the boot loader and nothing from the OEM will be left on the device, so a paragraph like “that surprises the tester is that even if you root the phone and flash it with another firmware, the background transmission continues” is simply not true. If you’re so sure that it’s doing what you’re mentioning, just install Titanium backup and freeze the app or remove the APK from /data/system or /data. Thats it.

    • Sujit Uchil July 31, 2014 1:40 pm  Reply

      If you expect every tom dick and harry to do that then you are definitely not from this world. We all know what to do to absolutely stop an app from sending Private Data. But to hard code and making it really difficult to stop such an activity is definitely only a crooks job.

  7. cell July 28, 2014 11:52 pm  Reply

    I wonder why would anyone bother to buy a cheap phone that compromise privacy?
    Are you guys able to find the SAR rating of this phone? Is this phone EC and FCC approved ? How high or low is the radiation level?

Leave a comment

Your email address will not be published. Required fields are marked *


× 2 = four