Handset manufacturer Xiaomi, which recently dethroned Samsung in China, is mired in a controversy after security firm F-Secure accused it of security and privacy breaches. Separately, Xiaomi — hailed as the ‘Apple of China’ – has said it has issued a fix for the breach.

F-Secure’s allegation In its report, F-Secure alleged that Xiaomi Redmi 1S phone was sending user’s data including the handset’s International Mobile Equipment Identity (IMEI) information, phone numbers stored and text messages exchanged to a remote server in China.

“This happens as soon as the handset is booted. This is both a security and a privacy issue,” F-Secure Country Manager (India and SAARC) Amit Nath said.

The data were being sent to a server named api.account.xiaomi.com, even when Mi Cloud (free cloud messaging services) was not activated.

This breach was detected by the security firm’s Kuala Lumpur laboratory, which also tracks India market.

“We immediately flagged this to the company, and the company has come out with a fix. It has made its cloud messaging service as an option-in service, and hence it is unlikely to have a major impact in India,” he added.

“We believe it is our top priority to protect user data and privacy. We do not upload or store private information or data without the permission of users,” Xiaomi Global Vice-President Hugo Barra said in a response posted on social network sites.

“Xiaomi is a mobile Internet company committed to providing high-quality products and easy-to-use Internet services,” he added.

Cloud messaging The company decided to make its cloud messaging an opt-in service, and hence it will no longer automatically activate users.

comment COMMENT NOW