Xiaomi makes its cloud messaging service optional for users following security concerns

Xiaomi makes its cloud messaging service optional for users following security concerns

Fast-growing Chinese smartphone company Xiaomi is making the cloud messaging service that is automatically activated on its devices optional for users, following security concerns raised during the past week.

The MIUI Cloud Messaging service works much like Apple’s iMessage. It routes SMS sent between fellow MIUI device owners via the internet, meaning that they can message each other for free.

However, a recent report from F-Secure highlighted that the service appears to share a range of information with a server in China — including the device’s IMEI number, customer’s phone number, phone contacts and text messages received. The idea of sharing such data to a server in China, where it could be open to access from the government, naturally raised some concerns, particularly since there was no way to opt out.


Now Xiaomi is introducing a way for users to opt out of the service if they wish, as a Google+ update from Hugo Barra, the former Google executive who is Xiaomi’s Global VP, explained:

These concerns refer to the MIUI Cloud Messaging service described above.  As we believe it is our top priority to protect user data and privacy, we have decided to make MIUI Cloud Messaging an opt-in service and no longer automatically activate users.  We have scheduled an OTA system update for today (Aug 10th) to implement this change.

After the upgrade, new users or users who factory reset their devices can enable the service by visiting “Settings > Mi Cloud > Cloud Messaging” from their home screen or “Settings > Cloud Messaging” inside the Messaging app — these are also the places where users can turn off Cloud Messaging.

In response to a range of conspiracy theories offered following F-Secure’s findings, Barra said that the MIUI Cloud Messaging service does not store information about a user’s phone book or their social graph (i.e. details of overlap between users) on its servers. He explained that all data that is stored is encrypted and “not kept for longer than necessary to ensure immediate delivery [of a text message] to the receiver”.

“We believe it is our top priority to protect user data and privacy. We do not upload or store private information or data without the permission of users,” Barra added.

This is the second time in the past two weeks that Xiaomi has clarified its access to user data on smartphones.

Barra issued a company statement on July 30, which explained how the company’s Mi Cloud storage works following a “misinterpretation” of the Dropbox-like service, which includes an opt out option for users.

Xiaomi recently introduced its smartphones in India. The company’s unveiled its new flagship device, the Mi 4, at an event in Beijing last month, while last week it released a 4G version of its low-end Redmi device.

Also read: Xiaomi’s Hugo Barra defends ‘sensational’ copycat claims, says Apple is an inspiration

Headline image via Wang Zhao / Getty Images, screenshot via F-Secure

Read next: Should you constantly evolve your software, or stick with what you do best?