Xiaomi smartphone maker is being investigated by authorities in Singapore and Taiwan
Singapore’s Straits Times reports that the best selling smartphone manufacturer in China, Xiaomi has got itself into legal hot soup in Singapore. A few weeks ago, we translated a story from a Hong Kong smartphone user where he uncovers the ‘secret’ connections of his smartphone to Beijing servers without his authorisation (micloud and mimessaging features were turned off). XiaoMi denied the allegations. A few days ago, the F-Secure, a Finland security firm confirmed that XiaoMi has actually been sending mobile numbers, IMEI in clear text to it’s servers back in Beijing. F-secure stopped at that and did not go into details of other connections that goes to other servers residing in China.
After F-secure’s report made it to the headlines in Asia, Xiaomi apologised and issued a OTA (over the air) firmware update to fix that ‘bug’. F-secure has confirmed it has been fixed by a post on their website.
In Singapore, a complaint has been filed by a phone user, alleging that his personal data had been disclosed without consent. He claimed he had received unsolicited calls from overseas after using his Xiaomi phone. Singapore’s privacy watchdog, the Personal Data Protection Commission, told The Straits Times it is investigating.
In Taiwan, the National Communications Commission (NCC) of Taiwan is planning to establish a certification system for mobile phone security following reports that Chinese smartphone vendor Xiaomi automatically sends personal information to its servers in Bejing without first securing the consent of users.
The commission said it told the Chinese company to inspect all types of phones — not only the two mentioned in the F-Secure blog — that it sells in Taiwan and determine if they have the same issue.
“We have notified them that they should provide a written explanation of how they plan to address the issue,” said Lo Chin-hsien (羅金賢), director of the commission’s Resources and Technologies Department. “We will ask them to come in and answer questions if necessary.”
The commission is to meet with other mobile phone manufacturers soon to discuss how they address information security issues, Lo said.
He added that the Executive Yuan has determined that the applications built into mobile phones will be tested by the commission, while applications downloaded via mobile phones will be supervised by the Industrial Development Bureau. While the commission has a certification system for mobile phone interfaces, batteries and other specifications, it does not have one yet for information security.
It is aiming to establish an information security mechanism by the end of next year, he said.
“Currently, there is no country in the world that demands that mobile phone manufacturers have national certifications for information security. We can only encourage mobile phone manufacturers to take such certification when it becomes available,” he said. Lo said the mechanism would not only target mobile phones produced in China, but it would apply to other manufacturers as well.
Xiaomi was co-founded by eight partners on June 6, 2010. In the first round of funding, institutional investors included Temasek Holdings, a Singaporean government-owned investment vehicle, the Chinese venture capital funds IDG Capital and Qiming Venture Partners, and mobile processor developer Qualcomm.
Do you own a XiaoMi smartphone? Have you been receiving unsolicited calls from strange numbers after using the smartphone ?