iSK
Contributor
- Joined
- 16 Jul 2013
- Messages
- 17,825
- Reaction score
- 12,983
Singapore: When popular Chinese
handset maker Xiaomi Inc admitted
that its devices were sending users'
personal information back to a server
in China, it prompted howls of
protest and an investigation by
Taiwan's government.
The affair has also drawn attention to
just how little we know about what
happens between our smartphone
and the outside world. In short: it
might be in your pocket, but you
don't call the shots.
As long as a device is switched on, it
could be communicating with at least
three different masters: the company
that built it, the telephone company
it connects to, and the developers of
any third party applications you
installed on the device - or were pre-
installed before you bought it.
All these companies could have
programed the device to send data
'back home' to them over a wireless
or cellular network - with or without
the user's knowledge or consent. In
Xiaomi's case, as soon as a user
booted up their device it started
sending personal data 'back home'.
This, Xiaomi said, was to allow users
to send SMS messages without having
to pay operator charges by routing
the messages through Xiaomi's
servers. To do that, the company
said, it needed to know the contents
of users' address books.
"What Xiaomi did originally was
clearly wrong: they were collecting
your address book and sending it to
themselves without you ever agreeing
to it," said Mikko Hypponen, whose
computer security company F-Secure
helped uncover the problem.
"What's
more, it was sent unencrypted."
Xiaomi has said it since fixed the
problem by seeking users' permission
first, and only sending data over
encrypted connections, he noted.
Industry issue
Xiaomi is by no means alone in
grabbing data from your phone as
soon as you switch it on.
A cellular operator may collect data
from you, ostensibly to improve how
you set up your phone for the first
time, says Bryce Boland, Asia Pacific
chief technology officer at FireEye, an
internet security firm. Handset
makers, he said, may also be
collecting information, from your
location to how long it takes you to
set up the phone.
Read more Beware! You have no idea what all information your smartphone may be giving away
handset maker Xiaomi Inc admitted
that its devices were sending users'
personal information back to a server
in China, it prompted howls of
protest and an investigation by
Taiwan's government.
The affair has also drawn attention to
just how little we know about what
happens between our smartphone
and the outside world. In short: it
might be in your pocket, but you
don't call the shots.
As long as a device is switched on, it
could be communicating with at least
three different masters: the company
that built it, the telephone company
it connects to, and the developers of
any third party applications you
installed on the device - or were pre-
installed before you bought it.
All these companies could have
programed the device to send data
'back home' to them over a wireless
or cellular network - with or without
the user's knowledge or consent. In
Xiaomi's case, as soon as a user
booted up their device it started
sending personal data 'back home'.
This, Xiaomi said, was to allow users
to send SMS messages without having
to pay operator charges by routing
the messages through Xiaomi's
servers. To do that, the company
said, it needed to know the contents
of users' address books.
"What Xiaomi did originally was
clearly wrong: they were collecting
your address book and sending it to
themselves without you ever agreeing
to it," said Mikko Hypponen, whose
computer security company F-Secure
helped uncover the problem.
"What's
more, it was sent unencrypted."
Xiaomi has said it since fixed the
problem by seeking users' permission
first, and only sending data over
encrypted connections, he noted.
Industry issue
Xiaomi is by no means alone in
grabbing data from your phone as
soon as you switch it on.
A cellular operator may collect data
from you, ostensibly to improve how
you set up your phone for the first
time, says Bryce Boland, Asia Pacific
chief technology officer at FireEye, an
internet security firm. Handset
makers, he said, may also be
collecting information, from your
location to how long it takes you to
set up the phone.
Read more Beware! You have no idea what all information your smartphone may be giving away