According to ocworkbench Xiaomi RedMi note is sending SMS’ and photos to server in China. There are already many articles on the net pointing to the same source. So are Xiaomi handsets really sending data to Chinese server?
RedMi handsets though launched are not yet available in India. The Mi3 is already popular in India and selling like hot cakes. I am not sure if the data is being sent to Chinese servers and neither can I trust the source (dated 19th July 2014) as there are several points missing.
Update : Statement from Mi India.
The image attached shows the messaging app that is actually sending the data to IP address in China. Note that is the only app that is doing so. As per the source the activity continued even when miCloud service was turned off, on 3G there just a handshake and on Wi-Fi the data is transmitted in the background.
The messaging app in question has a cloud messaging option that is switched on by default; you can disable it if you want. What this cloud messaging does is it lets you send messages to anyone else using MiUi. It supports both text and MMS. The MiCloud services also has the Cloud messaging option (that takes you to the messaging settings) plus gives you option to take backup of contacts, SMS’s photo, logs etc. Backups are off by default on the Indian Mi3 but Cloud messaging is enabled.
Moreover if you are really concerned about data privacy there is data restrict option and you can block data access to messaging app.
The source does not mention anything about if they tried the data restrict option and if they specially switched off cloud messaging. Also in security there is user experience program that is switched on by default. The source also tried flashing the RedMi note with a new ROM but the data was still being sent, I am not sure how that is possible? unless they flashed it again with the same MiUi ROM.
I downloaded the OS Monitor app and I do see the same IP address 42.62.48.157 used by some app like Music, service framework. I have disabled the same for Messaging app, did not find any for that yet.
I have checked a Micromax handset running on stock android it is also doing the same for settings, OS monitor, System however point to sever in the United states (Google). Even on Samsung handset the same pinging google servers in US. Since Xiaomi is using MiUi based on Android 4.4.2 (it is a Custom ROM) and they are from China it is natural they will use their servers, I think its normal and not a big issue.
Xiaomi forum is also buzzing with this news.
can anyone tell me how to enable background data?? my redmi note does not showing this option….
“Restrict Data Usage by app” only restrict the communication by mobile data connection.
It wont restrict the DATA transfer by Wifi for system app.
So no use of disabling the “Restrict Data Usage by app”, data will be sent when in wifi to cloud.
Hello everyone,
Just got a new miui kxdmibf22.0 update. Download and let us know if everything is fine now 🙂
http://en.miui.com/thread-32236-1-1.html (showing as 618.7 MB!!!)
Gogi I think xiaomi is become more dangerous and bigger threat than Pakistan now days and also created a lot of heat everywhere.
We forget to laugh after xiaomi. ‘china ne aake bhai bhai ko aapas me ladwa diya hai need some peace plz tell samsung to launch some more mobiles like galaxy a** nxt.
Just came across a site that lists the server under Forest Eternal Communication Tech. Co.Ltd. which in turn is hosted by http://www.cnnic.cn the Chinese Government server. Here surprisingly there are 2 servers; one listed as Xiaomi.cn and another one for miui.com i.e the custom interface of Xiaomi . That could explain the continuous ping even after the phone was rooted and loaded with a new ROM.
Check this website and maybe someone could make sense of this.
http://myip.ms/view/ip_owners/181436/Forest_Eternal_Communication_Tech_Co_ltd.html
Bro…thanks for ur regerous exercise…but what should we do ?
Someday might somebody will invent that…
htc ping to taiwan..
Samsung to s korea
nokia to us
asus to taiwan
jholla to finland probably (forget their origin)
oplus to taiwan
lenovo – one – huawei etc etc to china
and coming firefox will also somewhere
Blackbery to canada
really fed up with this discussion
finally what should we do ??
We left only with one option…..sorry 2 options
nokia 106 – for single sim
nokia 107 – for dual sim
Every phone and OS manufacturer will certainly need a port to listen to device and get debug info when needed.
there must be some code which triggers the search into the system logs, events etc and once found it would transmit to the destination server.
So I currently don’t own a Mi-3, but I managed to get one for a close friend thru my FK account on very 1st sale day. But for his security I would certainly do one thing next time he’s around.
Would root the phone, place a BLOCK to the URL and IP mentioned and are suspected.
anyone with root access can easily do so by adding the block for those IP/URL in “hosts” files under
/etc folder. That’s not a big of problem for a root users.
Coming back to the point, I strongly doubt the phone would collect any users private data and pics, they are in business for so long and thats not the first time they sold a phone, except the fact in India this was their first launch, and the phone would have gone some clearance before the were allowed to bring it to India.
Last but not the least, I was quite expecting such allegations for a phone which would make existing players to leave the chair and stand up to see the Big Daddy Of Specification which is bundled in 1/3 of price of they were happily selling here.
Every mail is read by shanghai server of xioami seems.
Nothing New in this to Do Blah! Blah! Bla! on Xiaomi Forum, they said they are collecting data but not private data, data like time consumption on full battery, Software issue, game issue, Force closing so they can overcome those issue in next update. Try To Think how is it possible to give solution for every problem in update without knowing details or tracking
This one is for Xiaomi haters Today Xiaomi become 5th largest mobile Brand in the world selling 15 million phone, by defeating LG and Nokia, but Hawaei is 3th to come, how come because in India Hawaei is like Hawa-Hawaii. It good to give more timme to Xiaomi u will love it
It shows that How much we are concerned about security.
I am very happy that after this post peoples are converted in security freaks……GREAT….
But why only xiaomi….
Pirated windows — no sec threat
Cracked MS office — no sec threat
90 % cracked software downloaded by cracked IDM.– no sec threat
believe in torrents as trust in GOD — no sec threat
India is among top three countries in world in watching online po*n — no sec threat
And The most interesting part comes when we have to do something to prevent us from these Sec Threats ,
We are stopping this threats with a pirated / cracked Antivirus (even we disable our AV for 10 minutes to install other cracked SW)– cracked spyware — cracked firewall — cracked internet sec prog.
Run the AV / spyware — complete system scan
Now PC is CLEAN and we are 100% secure.
100% true bro
well said!
Let me know if MiUi is Open source? yet! That answers all your questions. Gogi?
This is nothing new. Google nexus has a service Ok google now and the phone is listening always. Government is just collecting data.
Hehe… 😀 this is dam true bro! @Ankit. Now “OK GOOGLE NOW!”
Ok…we went through very serious discussion..Now time to reveal the truth….
OMG…. now understand the whole concept…Its really serious matter…Chinese are searching for geniuses, that’s why they are collecting data to correlating and putting them in complex algorithm to find out who are genius (via xiaomi phones )..but i think after finding the real geniuses they will hunt for them to take their DNA ( b’coz till date DNA’s could not be extracted via jpeg or bmp images *as i know) ………………
Source:
http://www.vice.com/read/chinas-taking-over-the-world-with-a-massive-genetic-engineering-program
http://www.infowars.com/chinese-eugenics-factory-collects-genius-dna-to-breed-enhanced-people/
I believe just because it is Chinese there is so much noise around this…I agree with Anurag though, if we are using all pirated s/w on computers and our data is being sent out why worry on the phone??
Its not a security threat…device data is collected by every manufacture…that is how boeing was able to trace mh370 after it went off the radar..apple has been collecting the data and so is google…
if the intentions are vice then it would be targeted rather than collect all data of millions of people..what the heck they would run out of storage space pretty quickly…but yeah Antivirus (free ones ) available should be installed for personnel security.
And did anybody even consider that it could be corporate targeting by samsung, lg or the likes just because it is getting popular and hitting these companies bottom lines?
GOGI ji. I understand the handsets pinging back to its parent server in USA i.e Google. But still this does not prove that your data is compromised because Google is in no way under any obligation to provide data to US government. However as you said the server was pinging back to China which I very much agree. But look at the address where the data is being uploaded to (www.cnnic.cn).
This is a Chinese Government Funded Website whose server is based in Beijing. One of their main task is “MALWARE DISTRIBUTION AND PRODUCTION”. Please check this link http://en.wikipedia.org/wiki/China_Internet_Network_Information_Center#Malware_Production_And_Distribution
If the data was being uploaded to XIAOMI Server it was hardly any concern. But this is damn serious.
Now it is clearly understood why MI devices are damm cheap!!! I feel its partly funded by chinese govt!!
It has chinese govt funding. one of the owner is one of the richest man in China. And wealth in china is a controlled commodity which one can get only by the “party” blessing. Dig up info and more dirt will come out.
Have you seen any AD of xiaomi on tv or on internet?
They are investing the money of advertising into manufacturing their products.
That is why their phones have very good specs!
Understood?
Who own’s the gmail ?
And one more thing my friend, If Gov rigid to get data, they have to provide any how no matter what.
Its only India whom no one listens, FB – Google – twitter every body is giving a sh** to Indian gov. instructions.
completely agree with you. lot of people keep shout that in Android your data will be accessed. yes it will be sure. But question is who is accessing it. Google accessing it or may be whatsapp accessing it is still tolerable than Chinese phones sending out our private messages to chinese funded company servers. Chinese products carry an inherent risk. Sadly tons of people due to cheap price will never understand.
Just stop the app using greenify matter solved -.-
We can try some new upcoming operating systems such as firefox,jolla,or samsungs Tizen…and see where their servers ping. Servers outside china and US will be prefered.
Might try firefox / sailfish …but never suggest to go with tizan…..samsung is real sh*tbag…..
I had spended lot for wave 2….but bada is turned in to ” kabada”
Gogi sir as said by you there is an option to restrict background data have you disabled that for messaging app and see whether data is sending to chinese server can you confirm that plz I was really confused whether to cancel my order or have it
I have disabled that and it was not showing. There is no issue with sending data to Chinese servers. Just disable the Could messaging and Mi-cloud if you are concerned. Also check this
Thanks Gogi for taking such interest into bringing this news to us, being a proud Mi3 owner I was shocked, but the Mi India’s facebook post made me little relieved.
Gogi sir, give a verdict . What is better , let infos being send to US or to China ??
Another thing can u please review the asus zenfone 5 it has a good price and good on board specs. Although we donno how the Atom performs with that graphics ? Plz say something…
I don’t think they are interested in our personal data but they do use some data for statistics like how many users using Android 4.2 / Kitkat and so on. As for China or a matter of fact any other country who needs secret info can simply read the Indian news papers they reveal almost everything. Asus have not sent me any unit yet.
So sir, whether its US or China …. It really doesn’t matters much … And u say that they don’t fondle our personal infos … So what infos do they really take from there ???
Many people around the country are complaining about it so really shouldn’t we worry about it !!! What do u you say sir…
Nirhar, all smartphones ping to some server or the other. That is how they know how many users using Android, Jelly Bean, Kitkat etc. They can also find how many users are using say samsung note 2 handset, Nokia X handset etc. If you download any app just go though the permissions, you will know.
Well.. its all in good faith. People who can differentiate between a ping and a piggybacked tcp packet [often termed as payload] will choose to refrain from buying or even thinking of buying this phone. Folks wondering about specs [display/looks/ram/Ncores] and wanted to showoff whatsapp and whatnot dont bother. Gogi : Your reviews are awesome . One suggestion -> see if you can talk a bit about security and privacy by using some tools/utilities.
Dear Nihar the data was being uploaded to cnnic.cn which is not a Xiaomi website. Look up cnnic on wikipedia and look at how they are involved in Malware distribution and Production. There is a separate link for the same.
Ok…so from today…due to security concern we should stop downloading and using any app from playstore ?
Does any body notice ? Or just press the accept button….that ….are jaldi khatam karo yaar.. I want to use this app…..
If did not notice then plz do this and read what they are forcing us to accept…and strangely we do not seen any secuity flaw in this….b’coz we need that app….
Why should a app need to access my contact ?
Why should app need access to gallery ?
Why my location is required ?
Anurag, true, depending on app they will need access and it is clearly mentioned when you install. For example whatsapp they need access to contact, gallery, location, without that it won’t work.
Right gogi and there are lots of app having nothing to do with our contacts and location..but still they demand access and refuse to install without accepting.
Well yes, some do use the location to get the statics users using the app county wise etc.
https://www.facebook.com/hbarra76/posts/10152156213696612?fref=nf
There is no doubt that servers in china are used. These servers come under the regulations of chinese govt/law, that you dont have any control upon. They can anytime read the data if they think you are important to them. Last year a group of Isro scientists discovered attacks from various countries on indian space org programme and later discovered that these vectors were originated from china, in another example some of the tenders of top indian it companies were leaked/hacked and some major Chinese IT companies were later awarded these contracts even when Indian counterparts were offering better.. see how much software work they have forked from India in these 2 years…Wake up people. You can probably rely on US cyber laws [google/microsoft/yahoo] but you better be not on Chinese.
I am exactly thinking the same. I think they need to provide an option of stock android rather then MIUI. MIUI seems eyecandy but it does a lot of brainwork behind the scenes. I would buy an MI3 if they have stock android.. I can’t rely on MIUI..
Stock android will ping google servers in USA. Technically it does the same what MiUi is doing or any other ROM would.
What a point bro….means if US is stealing something than it is good b’coz it is US…and what do u think that they will use these data for informative purpose ?
Do they doing research on indians that how indians are thinking ?
Whom indians are talking ?
Whose picture indians are clicking ?
What indians are surfing ?
What indians are downloading ?
Wake up bro…stealing is stealing……without a second thought….no matter who is stealing….
Chinese are capturing the world because we let them capture…….have u seen ur laxmi-ganesh idol or any other GOD’s idol ..just see the back…there will also u find ” made in china ” let it apart…15 aug is coming….just purchase a flag to put on ur cars dashboard and do see the back…there u also found ” made in china” ………so we are paralyzed to this extent that we can not make our own flag and idols ???
Whose fault is this ?
Yes or no …we are completely dependent on china for our life……….
Ohh..point was of stealing…and we simly cant tell that US is good in stealing b’coz he is US
Nice said.
Gogi I have also checked the issue with my lava iris pro 30 by downloading os monitor from play store but thank god my phone is not doing this also my phone runs on stock android and I think some of the Chinese phones is sending data have u checked with other company phones Gogi ?
Stock android will ping US servers, every ROM will ping somewhere. They do that to know the total users using the particular OS version and for many other reasons. If you install MiUi on any phone it will do the same. Data is not being copied to Chinese servers. If you need to understand what is going on you need to know android.
We should not trust chinese company. Their whole development based on piracy. These company can share our social behaviour data to anyone.
Gd to know that…chinese are watching our social behaviour……then what does fb and whatsapp is doing…..if u r so concern then just google..what fb and whatsapp is doing with us…..
Have u ever noticed that….when we update our married status then stangely the side advetisements changed to honeymoon pkgs and holiday pkgs…..when we update ” god has blessed us with baby……automatically the ads changed to pampers and baby dresses…..if we search something particular..the ads ae changing based on our search….how they know ? what do u think….FB is blammed hundred times for spying us…just google it bro…..
Stay away from Xiaomi. In fact all Chinese companies. Better to buy products from companies which are owned by Indians at least so that they are answerable to Indian Supreme court and Indian laws. Or may be companies which have presence in US and UK. This is for our own good. Misuse of data by Google will attract severe penalties. But Xiaomi? Its a small company which is trying to gain share by selling cheap in very thin margins so that they can earn from somewhere else. Big companies spend on innovation..Samsung apple HTC. Xiaomi is a glorified rebrander like our Micromax. At least owner of Micromax is an Indian.
You said “Or may be companies which have presence in US and UK.”. Seriously ? Don’t you know about prism program of CIA. America is doing their best to spy on our personal data, and you think sending our data to US is better than sending it to China. Further Owner of Micromax is Indian, but he can not be dragged to court for any such issue, because your android mobile comes with legal information, which you can find in system inforamtion section and all apps have their license aggreement on their website. They did their best to make sure that a common person can not understand these legal license but they can deny to take any responsiblity to any harm done to people due to their software and operating system. This is illuminati, government and corporate controlled world, and the way we people are not opposing it, we deserve invation of our privacy.
Dude i know about prisim. But honestly i would like US to steal my data than China. At least in US there is still a few laws. isnt it?? I have seen few CHinese factories myself during a project a year back and honestly nobody will like it. Only one thing i can say. Bonded labour. But thats a different topic. Bottomline US and UK stealing data is far better than Chinese.
If you prefer to provide your information to US government as compared to China government, then its your personal choice and I have respect for that. But if you are stating “Bottomline US and UK stealing data is far better than Chinese.” as a fact, then I disagree. The harm done by the US in the world is worse than harm done by China.
I thought the owner of micromax is in Indian Jail. LOL.
Micromax has 4 co founders/owners. One was arrested by CBI in a case not related to micromax. It was a bribery case and the bribe was paid to govt official for land related thing. He is long long back out of jail. Hope this updates your info.
http://www.livemint.com/Companies/7DRSktw9gaYLhqjbnmXx2L/Owners-of-Micromax-mobiles-arrested-in-bribery-case.html
shows the kind of people at the top.
hope it updates your info. old news though. out of jail on bail…
Xiaomi Small Company? Rebranding? Now Is It That You Were Unfortunate Not To Get A Mi3 And Have Started Trolling Here… Its A New Era In Smartphones And Xiaomi Is At Its Apex… Go Spend Your Hard Earned Money On Petty Specs Offered By HTC,Samsung etc Offering Substandard Quality At 20k..?Innovation Lol.. Heart Rate Sensor And Fingerprint Scanner Are An Absolute Necessity In Your Life… Its Because Of People Like You That These So Called Biggies Are Thriving In The Indian Market… !
All Major Companies trying to access users data, thats the next big thing happening you may not even be aware what information your sharing using your smart phones, what matters is who is using our data for what purpose, and when it is Chines we are all afraid !!!!!!!!!
Xiaomi will obliviously dont say they are tracking you or your data nor does samsung or google
if you have some time please check out this very nice video which explains what could be happening in few years
https://www.youtube.com/watch?v=vnM0Xilq4Gw
Thank you Gogi sir to let us know I was really scared it makes me to avoid buying mi3 I thought to cancel my order thank you
But,the fact it that now google has knowledge of your every move…..
They have all data of us with them….if you not aware of this read following:
http://www.pcworld.com/article/168224/google.html
https://m.facebook.com/story.php?story_fbid=10152156213696612&id=717846611&refid=28&_ft_=qid.6041901185952976558%3Amf_story_key.-6064315164793792848&__tn__=%2As
Read this from facebook entry from Hugo Barra, Global VP of Xiaomi.
Gentlemen, just download Malwarebytes mobile from Play Store into your smartphone, and run a scan. You may be surprised by the result. You may find that several apps in your smartphone contain trojans, which are famous for transferring data. Reason? In China, the supply chain is not well controlled, so somewhere in the supply chain, someone may include a trojan in the app, to make money. And when the re-branding companies in India import these phones, the trojans are already inside.
What to do? Disable or force close these apps, and check that they are disabled every time you power on the phone. Sometimes you may not be able to do this. Apps may not get disabled or fore closed. In that case, be an optimist, like some of the other posts here, and think that nothing will happen.
Or, next time you buy a phone, especially online, do the Malwarebytes test within the replacement period.
Just in…
Thanks Manish, adding this in the article.
I couldn’t go to China myself atleast i would be content with myself dat my data is travelling to China… 😛
well said Prithish 😀
What do we have that is so valuable to chinese?? I dont have anything on my mobile that is even valuable to me.
This is Serious Matter and could be possible. So beware of China and avoid it’s products. Be Indian and only buy Indian products. This will improve our currency…
Please name any Indian company which make their own mobile, not rrebranded.
+1
(y)
super lyk…!
Its a wrong though. Beware the software like this. Not beware of china. If one will keep faith on Indian products with this type of dangerous software / hardware, then we are foolish too. Because of either in Chinese or Indian products, finally we are loosing our data (online banking user name and password, very secret data, etc).
Since last week I already posted this news but don’t want any thing against xioami, they delete my messages deliberately.
maybe. 🙁
I don’t think this to be any big issue. If they really wanted to steal data then they would have stolen it from other devices which have miui patch roms , ports and official releases like nexus 5 and 4 have official release miui. Then they can also steal data from them(If they really wanted so , but I never seen some one complaining about that on XDA) I think its just something related to user exp.
Its Just My opinion things can be worst also.
Oh no 🙁 jab maine ek redmi note/1s phone kharidne ka man banaya tab ye sab…..sasta maal, mehenga pad raha hai ab! :'(
Every phone will do the same depends on you want it done by china or USA.
Ye opposition walo ki sajish hai, jalte hai saaaaale.
Excellent Post Gogi, Thanks for the heads up, even i have read many of such posts before, we may not be that clever to identify such flaws in Chines or any other handsets, but my only advise to all my friends out there dont store your personal data or photos on your smart phones use it smartly
Vvenkatesh, it is not a major issue, if you have read the last two para.
Foreign intelligence agencies had already been saying this for so many years. Some no-name china made handsets send user data to unknown servers located in china. such mobile handset companies are fully funded by china military….they do not make any profit out of handset business…..and the main purpose is really to spy and carry out activities which we are yet to discover.
Sachin, I have updated the article pls check again. Every handset does it depends on the OS you are using if its is stock android many apps / services will ping the google servers in United states. As for Xiaomi they are Chinese hence pinging Chinese servers.
Well in that case every android sends data to U.S. based servers then why no one think that U.S. can also be stealing data (can you trust just because name of Google after all android is their own , who knows what going on there)
The chances are really high, because it might be another source of income for them. For example, Mi3 in India sold for 14K (almost) while they import this phone for approx. 12K. While, MMX Canvas Gold is imported from China at lower price than Mi3, but still its price is high.
So definitely, Mi3 has another source of income through India, or may be not.
I’m not saying from confidence, but there might be little chance that they are selling those collected data to Chinese Government!
They have other sources of income. Yes! What you said is right. Their business model is similar to that of Google(collect user data for advertising), and Apple(make their own high end product with software ecosystem which is not free, its a paid service) and Amazon (online shopping stuffs)
Did you seriously think that they were making their money from these smartphones with razor thin margin? Even Google fle, Amazon sells smartphones with razor thin margins to grow their business, which is their major source of income and these smartphones are just tools to achieve this.
China nahi sudhrega.
Don’t take tnsn. Apne pass kuch ni hai aisa.