Finnish security firm F-Secure, had recently exposed some serious privacy issues in the Xiaomi smartphone‘s OS, MIUI.
Xiaomi was quick to react, and announced that it had fixed the bugs reported by rolling out an update.
F-Secure re-tested the phone, and found that the issues have indeed been patched by the Chinese Smartphone manufacturer.
Here is how they tested it. They downloaded and installed the OTA update, and factory reset the phone, to ensure that MI Cloud Messaging was off by default.
Then they added a new contact to their phonebook, sent and received an SMS message,made and received a phone call. No data was found to be sent from the phone during this test.
After this. they enabled MI Cloud messaging and repeated the test process. The phone sent base-64 encoded data to https://api.account.xiaomi.com. (see the first image in this article)
It is worth noting that during the first test, which reported the security issues, the phone transmitted the data over http connection, while it now uses a secure https connection after the OTA update.
So the claims by Xiaomi are true, they have indeed fixed the privacy issues. Kudos to F-Secure for discovering it, and to Xiaomi for being transparent and fixing it.
