The Chinese phone manufacturer Xiaomi's products imitate the features of phones from companies like Samsung and Apple, but offer them at much lower price points. What you save in cash, though, you might pay for in lost personal information.
Xiaomi has been accused of stealing users' data in the past, but the Finnish cyber security company F-Secure has just unveiled the proof. The security firm has shown that the Xiaomi RedMi 1S handset that's helping the company take over the Chinese and Indian phone markets sends personal data about you and your friends to one of its servers in Beijing.
Information sent includes:
1. The IMEI Number of your phone
2. The contacts in your phone and their details
3. Text Messages
4. The IMSI Number of your phone
China is infamous for its corporate and tech espionage practices, what with its army having its own group of hackers. The practice of spying and data collection is so prevalent in China that it seems to have pervaded even smartphone production. South Korea, for example, won't let any government communications go through another Chinese phone manufacturer, Huawei's phones for fear of that information being sent to the Chinese government. And before the exposure of Xiaomi's shady practices, there was the Star N9500, which came with hardcoded spyware and malware.
The German security firm G DATA revealed that the Star N9500 came with the Uupay.D Trojan horse, which masqueraded as the Google Play Store App. From this platform, criminals could "retrieve personal data, intercept calls and online banking data, read emails and text messages or control the camera and microphone remotely."
While Xiaomi has responded to the allegations by changing their policies and ostensibly stopping the acquisition of private data, the N9500 can still be found on eBay and other sites, and already exists in the hands of many a Chinese consumer. Perhaps it's best, in this case, to buy American.