IAF personnel and their families have been asked not to use Chinese 'Xiaomi Redmi 1s' phones on the ground that data was allegedly transferred to their servers in China and it could be a security risk, a charge denied by the company.
"F-secure, a leading security solution company, recently carried out a test of Xiaomi Redmi 1s, the company's budget smartphone, and found that the phone was forwarding carrier name, phone number, IMEI (the device identifier) plus numbers from address book and text messages back to Beijing," says an advisory issued by the IAF to its personnel.
The note, issued some weeks ago, has been prepared by the intelligence unit based on the inputs from Indian Computer Emergency Response Team (CERT-In), according to IAF sources.
The company in a statement to PTI said though it does not have full information about the IAF circular, it believes that the advisory is based on events about two months ago.
"We believe, it refers to the F-Secure test done on the Redmi 1S in July 2014 about the activation of our Cloud Messaging service by default. We immediately addressed the concerns raised by F-Secure. We scheduled an OTA system update on August 10 to implement a change, which ensured that all the users had to manually activate the Cloud services, instead of being activated by default. After the upgrade, new users or users who factory reset their devices can enable the service by 'settings' section. Once users have activated the services, they also have an option to turn it off at any point of time," the company said.
It added that this change was directly acknowledged by F-Secure four days later, when they confirmed that their concerns were addressed.
However, the circular is dated post the event and mentions other details besides the concerns raised by F-Secure.
The company said it does not collect any information without user information.
In a general statement two days ago, the company had said it was fully committed to storing its users' data securely at all times. Xiaomi said it is migrating some data on non-Chinese customers away from its servers in Beijing due to performance and privacy considerations.
It said that earlier this year, its e-commerce engineering teams started migrating its global e-commerce platforms and user data for all international users from their Beijing data centres to Amazon AWS data centres in California (USA) and Singapore.
This migration process will be completed by the end of October and will benefit users in all of our international markets - Hong Kong, India, Indonesia, Malaysia, Philippines, Singapore, and Taiwan, it said.
Incidentally, the Taiwanese government is investigating whether Xiaomi Inc is a cyber security threat due to privacy issues.