Xiaomi Might Be Able to Remotely Activate Censorship on Your Phone [UPDATE]
[UPDATE] Folks over at Android Authority have received a statement from Xiaomi that states the following.
Xiaomi’s devices do not censor communications to or from its users. Xiaomi has never and will never restrict or block any personal behaviors of our smartphone users, such as searching, calling, web browsing or the use of third-party communication software. Xiaomi fully respects and protects the legal rights of all users. Xiaomi complies with the European Union’s General Data Protection Regulation (GDPR).
Unsurprisingly, the statement does not clearly deny the allegations that have been put on Xiaomi. At the same time, it does not disseminate blocked keyword lists either. The statement does claim that Xiaomi won't censor communication but it does not deny it could have the capability to do so. We will kee you posted as there is any more development.
[ORIGINAL STORY] 2021 has been a great year for Xiaomi; regardless of the chip shortage, the company managed to cross Samsung and become the biggest smartphone manufacturer. However, if the claims made in a new government report are valid, there are some severe concerns about Xiaomi and future smartphones.
Lithuania government's cybersecurity agency has released a report that claims that some Xiaomi phones can remotely detect and censor specific terms. The agency specifically looked at the Mi 10T, Huawei P40, and the OnePlus 8T.
Xiaomi's Control Over Your Smartphone is a Lot Scarier Than One Would Think
Specifically, the report claims that several of the pre-installed apps on the Mi 10T, including the Mi Browser, occasionally receive a blocked keyword list from Xiaomi. The offending keywords are related to Taiwanese independence, freeing Tibet, and more. Once the list is received, the device can block content based on any of these keywords.
However, the report claims that the content filtering feature was disabled on Xiaomi phones sold in Lithuania and the EU at large; this means that this function is primarily meant for Chinese markets, but it also claims that Xiaomi could remotely activate this function.
An interesting point from the report suggests that the alleged filter "ist is called "MiAdBlocklist." The report also claims that the functionality was applied to the apps like the Cleaner, package installer, and Security tools. This makes it sound like that the blocklist could be related to system ads rather than communication.
The report also pointed out the amount of data that Mi Browser collects and the sending of an encrypted SMS from a user's device when registering for Xiaomi's cloud service. In the latter case, the agency talks about how this is a risk for personal data leakage as there's no way of figuring out what the SMS sending is.
Xiaomi has not commented on the situation at the moment. But this report is a concerning issue for Xiaomi and a lot of people who are actively using their devices. In a world where barely anything is transparent, having your device being controlled to this extent is a lot more problematic than some might think.