Xiaomi acknowledges unauthorized user data access

Chinese company Xiaomi has upgraded its operating system after being "hacked" by security company F-Secure, stealing user data.

Xiaomi acknowledges unauthorized user data access Picture 1

Xiaomi said it has patched the vulnerability in the messaging system that triggered unauthorized data transmission. The system update was released on Sunday ( August 10) . Chinese phone company only admitted to seeing personal user information after being condemned by Taiwanese security company F-Secure and media. Like Apple's iMessage service, Xiaomi allows users to save SMS charges when sending messages over the Internet instead of mobile networks.

Lei Jun , founder and CEO of Xiaomi , during the announcement of Xiaomi Phone 4 in Beijing ( China ) on July 22, 2014. Photo: Reuters

In a rather long blog post posted on Google Plus , Xiaomi Hugo Barra Vice President apologized for data collection without permission of the user and confirmed that the company only collected phone numbers in the directory to see people whether that is online or not. According to Mr. Barra, from now on any number sent to Xiaomi server will be encrypted and not stored.

Although more and more applications are exploiting all kinds of personal information such as real-time locations, contacts are still extremely sensitive assets. The US Federal Trade Commission once punished the social network Path $ 800,000 in 2013 after security experts demonstrated that the company silently stored user contacts on the server.

As a result of Path 's scandal, some technology enterprises have to change policies. Typically, Apple had to upgrade the iOS operating system so that the programmer had to get the user's consent before accessing the directory data.