14 DAY TRIAL // Following reports regarding privacy concerns that Xiaomi mobile phones send personal user information to a remote server operated by the manufacturer, security researchers tested one device and observed that it really initiates communication with a server.
Researchers at F-Secure ran some short tests on a Xiaomi RedMi 1S in order to check if the allegations in online media were correct.
They did not do anything complicated, but simply monitored the traffic exchanged between the device and a remote location.
According to F-Secure, the initial test was conducted without setting up any accounts on the device.
They simply added the SIM card, connected to the Internet via WiFi, activated the GPS service and populated the address book with some names. Some calls and messages have been exchanged, in order to add personal content on the device.
Right from the beginning, the phone delivered the IMSI number, the device IMEI and the phone number to a server (api.account.xiaomi.com). A while later, the phone numbers in the address book and those of the short text messages were also uploaded to the same server.
After creating an account for the Xiaomi cloud service and logging in, the researchers noticed the same information being sent.
The IMSI (international mobile subscriber identity) is a unique number that identifies a GSM subscriber. It includes codes for the country the subscriber has the account in and for the network operator.