In its circular, the IAF had accused Xiaomi of sending user data to remote servers located in China. The note was prepared by the intelligence unit based on the inputs from Indian Computer Emergency Response Team (CERT-In), and quotes several reports in the past which have put question marks over Xiaomi’s handling of user’s private data. “F-secure, a leading security solution company, recently carried out a test of Xiaomi Redmi 1s, the company’s budget smartphone, and found that the phone was forwarding carrier name, phone number, IMEI (the device identifier) plus numbers from address book and text messages back to Beijing,” the IAF note says. Speaking to Technology Personalized, Manu Jain, general manager and head of India operations of Xiaomi, tried to defend the company and clarify few things. This is pretty similar to what Xiaomi has been saying ever since the concerns broke out earlier this year. Manu went on to say: The changes he mentions above came right after F-secure’s report in August this year which IAF cites in its note. Below are the two blog posts from Hugo Barra, Xiaomi’s global face, which details the changes made. July 30, 2014 – https://plus.google.com/+HugoBarra/posts/9GL9h2fT8H6 August 20, 2014 – https://plus.google.com/+HugoBarra/posts/bkJTXzyXXmj F-secure clarified in a following report that the OTA released by Xiaomi had in fact addressed the privacy concerns, specifically the one which revolved around Mi Cloud messaging service. We are not sure when exactly the IAF note was released, but it doesn’t include the references to the changes made by the company since August this year. Interestingly, Hugo Barra has just posted about Xiaomi’s decision to move its data centers and servers outside of China. Is it a mere co-incidence or was Xiaomi forced to announce this after the news about IAF note got publicized? Your guess is as good as mine. In his post, Hugo Barra explains- This is a significant move to address the privacy concerns of users. Indian market is pretty significant for Xiaomi and they just can’t carry on with security and privacy concerns hanging above their head. It is true that the company has responded fast to release fix for most of these issues, but hasn’t really managed to explain or defend itself as to why such an issue was present in the first place. Currently, the company is facing cyber security investigation in Taiwan for similar reasons. Under the law in mainland China, firms storing data on China’s soil are to comply with any data requests from the government. By moving the data completely away from Chinese territories, Xiaomi will exhibit the seriousness associated with such issues. Although, it has kicked off its Indian operations in style, Xiaomi has a huge task at hand to get rid of its Chinese tags completely and looked upon as a global company. As per Hugo Barra, in 2015, the company is planning to work with local data center providers to completely localize the server infrastructure particularly in India and Brazil. In addition to speeding up the service for users in these markets, it can hopefully cut off the Chinese angle, at least to an extent. Mere talks about valuing data security of users just won’t cut it. Real actions as planned above are much needed.

Xiaomi Responds to Indian Air Force Circular Branding it a Security Threat - 71