At least one device from upstart Chinese smartphone maker Xiaomi has been found to transmit user data — including SMS messages and photos — back to servers in mainland China without the user's permission, according to reports from Hong Kong.
While testing Xiaomi's Redmi Note handset, Kenny Li of Hong Kong forum IMA Mobile discovered that the device continued to make connections with IP addresses in Beijing even after switching off the company's iCloud-like MiCloud service. The transmissions occur only over Wi-Fi, though the device does stay in contact with the servers via small "handshakes" while using cellular data.
Li says that data transmission persists even after erasing and re-flashing the handset with a different Android ROM, suggesting that the functionality could be built in to the phone's firmware.
It remains unclear whether this is the handset's intended mode of operation or if it is the result of a software glitch, as Xiaomi has yet to respond to the allegations. The company has previously said that it will store customer data in China, but only after the user opts in.
While attention has been focused on American technology companies in the wake of Edward Snowden's spying revelations, Chinese companies have also come under the microscope in recent years. Chinese telecom giants — and Xiaomi competitors — Huawei and ZTE were called out as "national security risks" in a 2012 report from the U.S. House Intelligence Committee, though both denied having cooperating with the Chinese government.