TAIPEI, Taiwan - Users of China's Xiaomi phones may be unknowingly passing personal data to servers in China, the National Communications Commission (NCC) said yesterday.
According to the NCC, Xiaomi phones provide a free service that downloads anti-virus software from servers in China, and after scanning the phone, will pass the results and data back to the servers. Since Xiaomi does not explicitly tell its customers of this operation, it constitutes an information security breach, the NCC said.
Xiaomi admitted in August that its phones do send data back to servers without first obtaining users' approval. The company said, however, that the problem has been resolved after a system update.
NCC spokesperson Yu Hsaio-cheng confirmed in an interview yesterday that the commission has been testing Xiaomi phones for some time, and found that the company has been making improvements, continuously updating software and operation procedure.
While Xiaomi has performed a system update, the phone's second version still has some problems. It still downloads anti-virus software from servers automatically, the NCC said.
The NCC said it will continue testing Xiaomi phones, and will send the results to the public as well as Xiaomi Corp. to verify test results.
The NCC believes that the company should first obtain users' consent before providing the free anti-virus service. Consumers have the right to say no to the service, the NCC said.