Xiaomi moving Indian user data to servers outside China

Xiaomi Corp. is moving Indian users’ data away from servers in China after the Indian Air Force warned its staff the company’s smartphones pose a security threat.
The transfer to Amazon.com Inc. servers in Singapore and the U.S. will be completed this year before Xiaomi opens an Indian data center in 2015, the Beijing-based smartphone maker said in an e-mailed statement yesterday. The Indian Air Force in August told staff and their families not to use Xiaomi phones because information from the devices is sent to servers in China, S.S. Birdi, its spokesman, said by phone.
Xiaomi is trying to reach the Air Force to understand its concerns, which the company said probably relate to an advisory from security provider F-Secure Oyj about three months ago. The Chinese company started Indian sales in July as it targets new markets as part of a global push to sell 100 million phones.
F-Secure found that data from users of the RedMi 1S smartphone was automatically sent to Xiaomi’s server, including the customer’s wireless service provider, telephone number and the phone’s unique identification number.
“We immediately addressed the concerns raised, which was directly acknowledged by F-Secure four days later,” Xiaomi said yesterday. “We take rigorous precautions to ensure that all data is secured when uploaded to Xiaomi servers and is not stored beyond the time required.”
Taiwan’s National Communications Commission in August responded to the F-Secure test and said it was investigating whether Xiaomi handsets collect personal data and transmit that information to remote servers, commission deputy director James Lou said at the time.
Even after Xiaomi updated its software in response to the claim, its phones were still transmitting personal data, including mobile phone numbers, to a server overseas, Lou said Oct. 2. The commission is investigating Xiaomi phones with no set timeline for completion, Lou said. Bianca Vázquez Toness, Bloomberg