SINGAPORE: When popular Chinese handset maker Xiaomi Inc. admitted that its devices were sending users’ personal information back to a server in China, it prompted howls of protest and an investigation by Taiwan’s government.
The affair has also drawn attention to just how little we know about what happens between our smartphone and the outside world. In short: it might be in your pocket, but you don’t call the shots. As long as a device is switched on, it could be communicating with at least three different masters: the company that built it, the telephone company it connects to, and the developers of any third party applications you installed on the device — or were pre-installed before you bought it.
All these companies could have programmed the device to send data ‘back home’ to them over a wireless or cellular network — with or without the user’s knowledge or consent. In Xiaomi’s case, as soon as a user booted up their device it started sending personal data ‘back home’. This, Xiaomi said, was to allow users to send SMS messages without having to pay operator charges by routing the messages through Xiaomi’s servers. To do that, the company said, it needed to know the contents of users’ address books.
“What Xiaomi did originally was clearly wrong: they were collecting your address book and sending it to themselves without you ever agreeing to it,” said Mikko Hypponen, whose computer security company F-Secure helped uncover the problem. “What’s more, it was sent unencrypted.”
Xiaomi has said it since fixed the problem by seeking users’ permission first, and only sending data over encrypted connections, he noted
No comments:
Post a Comment