Xiaomi "Cemsorship and Spyware" in .eu rom


Pflaume

Members
Oct 23, 2016
23
13
Hi Xiaomi.eu team,

I know this is a bit of a hot issue, but I am sure a lot of us are using your room partially for this reason. New findings from the Lithuanian government found some troubling things on Chinese phones, especially Xiaomi. Article: https://reut.rs/3hTJkcr

Now while this is not a shock at all, I would like to know specifically on those 2 mentioned points (censorship ability, and traffic dump to Singapore server) if you guys ROM is cleared of those "features". I found this previous thread, but I am not sure if this includes the 2 mentioned above: https://xiaomi.eu/community/threads/do-you-remove-spyware-in-your-roms.56955/

Much appreciate the hard work gents, I am a fan.

Toni
 
Last edited:

Pflaume

Members
Oct 23, 2016
23
13
You serious? Care to elaborate why you would ignore such a privacy/security flaw? I have lived in China for 8+ years, this story sounds exactly like the way they operate (and force this onto their private industry as well, I have seen this first hand).

Thats the defense minister of a sovereign European nation outlining two specific built in features that I wouldn't want on my phone (Lithuania is pretty tech savy overall, probably the best national cyber defense team in the EU). This story is from Reuters, one of the worlds leading news agencies, has been picked up by plenty of outlets around the world. If you question the validity of this story, I think you are being naive, deliberately misleading or have direct knowledge we don't. If the latter applies, I would love to hear it.


If you want specifics, I am concerned about two functions:

1. The ability to block searches for certain phrases, such as "democracy movement", quoted in the article. It should be super easy to cross check that, you can dig for the mentioned phrases inside the Rom I would think.
2. Encrypted phone usage data being sent to a Xiaomi server in Singapore. Again, I would consider you guys uniquely qualified to assess this, and understand what is being packaged and sent.


Fairly surprised this is being met with skepticism instead of interest. If it can be disproven, even better!

Edit: here is the post from the ministry of defense, maybe less abstract phrasing for you: https://kam.lt/en/news_1098/current...igation_into_three_china-made_5g_devices.html

And here the full report, including plenty of technical details: https://www.nksc.lt/doc/en/analysis/2021-08-23_5G-CN-analysis_env3.pdf
 
Last edited:

JiaiJ

Members
Jun 11, 2020
660
182
You serious? Care to elaborate why you would ignore such a privacy/security flaw? I have lived in China for 8+ years, this story sounds exactly like the way they operate (and force this onto their private industry as well, I have seen this first hand).

Thats the defense minister of a sovereign European nation outlining two specific built in features that I wouldn't want on my phone (Lithuania is pretty tech savy overall, probably the best national cyber defense team in the EU). This story is from Reuters, one of the worlds leading news agencies, has been picked up by plenty of outlets around the world. If you question the validity of this story, I think you are being naive, deliberately misleading or have direct knowledge we don't. If the latter applies, I would love to hear it.

Fairly surprised this is being met with skepticism instead of interest. If it can be disproven, even better!
You seems to interpret a lot of negative in Igor Eisberg just asking to get more details.
 
  • Like
Reactions: biscoot

Igor Eisberg

Developer
Staff member
Oct 6, 2016
6,483
322
You expect me to read all this? Why in the hell would I want to do that? You got me confused with a Xiaomi customer satisfaction employee.
Again, if you have something specific, like URLs in specific apps that you recorded yourself from a cleanly flashed ROM, then go on, otherwise don't give me 32-page essays to read, here is not a book club.

As for the Sensors Data API thing, it's not present in the Mi Browser version we include in our ROMs, so might have been removed long ago.
And for the "MiAdBlacklistConfig" thing, all I see in that PDF is phrases in Chinese... what do you care? You don't write in Chinese.
 

Sage222

Members
Jun 19, 2021
27
15
I didnt expect you to do anything. you asked for some detail - i provided some. take it or leave it - no difference to me :)
 
Dec 3, 2020
866
182
Um, since I asked it too in the weekly thread I'm just gonna share the relevant posts:
Post in thread '21.9.15/17' https://xiaomi.eu/community/threads/21-9-15-17.63164/post-629699
https://xiaomi.eu/community/threads/21-9-15-17.63164/post-629718
https://xiaomi.eu/community/threads/21-9-15-17.63164/post-629725
https://xiaomi.eu/community/threads/21-9-15-17.63164/post-629727
https://xiaomi.eu/community/threads/21-9-15-17.63164/post-629739
https://xiaomi.eu/community/threads/21-9-15-17.63164/post-629766
https://xiaomi.eu/community/threads/21-9-15-17.63164/post-629779
https://xiaomi.eu/community/threads/21-9-15-17.63164/post-629805
The xda article (specifically for xiaomi.eu) and the official english pdf report probably help a lot.

(Personal) Verdict:
1)The "list" probably exists on your phone and it can be used a)to censor "inapropriate" stuff on the built-in video player of some devices, b)can be used to filter "inapropriate" ads and c)censor stuff IF Xiaomi ever orders the devices outside China to use the list.
2)Mi browser collecting sensor data probably isn't a big issue for us since Igor said that thing is removed. But using mi browser may not be a good idea generally.
3)I'm blocking access from my phone to the 2 xiaomi servers with adaway, so that xiaomi ~won't be able to update the list or something (~dunno if they can do it through weekly updates).
4)The report was kind of an attack on Chinese manufacturers as their verdict ~was to "throw away chinese devices". It's a bit too extreme. That may be why many were triggered here. They tested ~only 3 models from 3 firms in total. They could probably make a better report if they tested more devices and more firms (and firms that aren't based on China).
 
Last edited:
  • Like
Reactions: geoorg

Iain_B

Members
Mar 25, 2013
1,579
297
Whatever electronic equipment you may use, there is a race for whoever can obtain the most personal information about you. This is very valuable to sellers of personal information. Whatever information they cannot get, they estimate through profiling. For instance, 'points' cards from various stores obtain information from the application form, and then profile you from the type and price range of goods that you buy.

I am not entirely up to date now, but in the recent past out internet was censored. This became most apparent when Wikipedia was accidentally(?) censored and we could not access it. We used to be classified as the most surveilled country in the western world. The Regulation of Investigatory Powers Act 2000 is nicknamed the "Snooper's Charter". We are monitored when travelling (eg. season tickets), and on the roads with Automatic Number Plate Recognition (ANPR) software. And of course when walking around, with the software that we have on our phones - facial recognition.

A simple system monitoring app on your phone, or computer, can confirm the number of apps that are open, and the internet connections that are either open or pending. This is the current world that we live in, and we cannot really get away from it, whether it is Google, Xiaomi, Microsoft, Apple, etc.

Guardian: Are your phone camera and microphone spying on you?