Topic: Awas Pencurian Data di HP RedMi
Heboh dengan spek "dewa", meskipun performa oke aja, Redmi yang laris manis dengan flash salenya di Lazada dilaporkan mengirim data pengguna ke server yang berlokasi di Cina.
Berikut laporan dari FSLabs:
We saw that on startup, the phone sent the telco name to the server api.account.xiaomi.com. It also sent IMEI and phone number to the same server:
The phone number of the contacts added to the phone book and also from SMS messages received was also forwarded.
Next we connected to and logged into Mi Cloud, the iCloud-like service from Xiaomi. Then we repeated the same test steps as before. This time, the IMSI details were sent to api.account.xiaomi.com, as well as the IMEI and phone number.
Tanggapan dari Vice President Xiaomi yaitu dengan tidak mengaktifkan MIUI Cloud Messaging secara otomatis.
A recent article in Taiwan and a related report by F-Secure raised privacy concerns by stating that Xiaomi devices are sending phone numbers to Xiaomi’s servers. These concerns refer to the MIUI Cloud Messaging service described above. As we believe it is our top priority to protect user data and privacy, we have decided to make MIUI Cloud Messaging an opt-in service and no longer automatically activate users. We have scheduled an OTA system update for today (Aug 10th) to implement this change. After the upgrade, new users or users who factory reset their devices can enable the service by visiting “Settings > Mi Cloud > Cloud Messaging” from their home screen or “Settings > Cloud Messaging” inside the Messaging app — these are also the places where users can turn off Cloud Messaging.