Similar to Apple’s iMessage service, Xiaomi’s Cloud Messaging service uses Wi-Fi to send messages to others, so if you’re a Xiaomi user and message another Xiaomi user, no texting charges apply. Unfortunately, a report from security firm F-Secure alleges that the service collects user phone numbers and other device identifiers.
There were already reports that Xiaomi’s smartphones silently sent out user data to remote servers, but F-Secure used a RedMi 1S (a Xiaomi phone) to try and confirm them. Upon startup, the firm noticed that the phone’s IMEI and phone number, as well as phone numbers of contacts added to the phone book and text messages the phone received, were forwarded to the server api.account.xiaomi.com.
Responding to the reports on Google+, Xiaomi vice president Hugo Barra made it clear that, while the service does use “SIM and device identifiers for routing messages between two users,” Xiaomi does not save personal information. Nevertheless, for those concerned about privacy, Barra announced than an update will be issued to the Cloud Messaging service that will make it opt-in.
In addition to the update, Barra revealed that Xiaomi will encrypt phone numbers sent to Cloud Messaging. Even though he announced the update, Barra did “apologize for any concern caused to our users and Mi fans.” The update should already available for those who own any of the company’s Mi phones as an over-the-air update.