Chinese smartphone maker Xiaomi Inc reported on Monday, August 11th, that it had upgraded its operating system so users would be fully informed that it was collecting data from their address books. This announcement came in response to a report by a computer security firm saying the rapidly-growing smartphone maker was removing personal data from customer address books without permission.
The firm apologized for the problem and said it had fixed the bug its cloud messaging system that caused the unauthorized data transfer. The OS upgrade was complete as of Sunday.
Xiaomi problem identified by by security firm F-Secure Oyg
The Xiaomi address book privacy issue was first noted last week in a blog post by security firm F-Secure Oyg. In a similar fashion to Apple Inc. (NASDAQ:AAPL)’s iMessage service, Xiaomi allows users to avoid SMS charges by sending text messages via the Internet instead of through a carrier’s network.
New Xiaomi Vice President Hugo Barra wrote a lengthy apology explaining the unauthorized data collection issue, and emphasized the firm only checks phone numbers in address books to make sure that users are online (so they can receive message).
Barra elaborated that Xiaomi’s smartphone’s messaging system would now only activate on an “opt-in” basis, and that all phone numbers that were sent back to the company’s servers would be encrypted and not stored.
Address book privacy is sensitive topic
Many smartphone apps today harvest large amounts of personal data, but users address books are generally considered private and are not trolled for data.
The U.S. Federal Trade Commission recently penalized the social network Path $800,000 after researchers proved the firm accessed users’ address books without their knowledge and stored the purloined data on its servers.
Following the Path controversy, which even prompted a brief Congressional inquiry, Apple decided to modify its iPhone operating system so that app developers must have explicit permission from users before accessing address book data.
