wordpress blog stats
Connect with us

Hi, what are you looking for?

Xiaomi devices have censorship capabilities that can be remotely activated: Lithuania Defence Ministry

These devices have the built-in ability to filter content which poses serious concerns of misuse by the Indian government.

Xiaomi devices have the built-in ability to detect and censor terms like “Free Tibet”, “Women’s Committee”, and “Long live Taiwan’s independence”, Lithuania’s Defence Ministry said in a report published by its National Cyber Security Centre (NCSC). The censorship capability is turned off for phones sold in the European region, but the company has the ability to remotely activate them, the report said.

Xiaomi refuted these allegations and told Reuters: “Xiaomi’s devices do not censor communications to or from its users. Xiaomi has never and will never restrict or block any personal behaviors of our smartphone users, such as searching, calling, web browsing or the use of third-party communication software.” But this statement does not deny the allegation that such a capability is there on its phones.

Xiaomi leads the smartphone market in India with nearly a 30 percent marketshare, raising concerns on how this alleged capability can be misused by the Indian government.

Cybersecurity assessment of Chinese smartphones

Lithuania’s NCSC discovered the censorship capability when it carried out a cybersecurity assessment of Chinese-made 5G smartphones sold in Lithuania. The assessment was carried out on three devices: Huawei P40, Xiaomi Mi 10T, and OnePlus 8T mobile devices. The study identified the following major cybersecurity risks associated with these devices:

  • Censorship capabilities of Xiaomi devices: The study found that Xiaomi apps including MiBrowser, Security, Themes, Cleaner, and MIUI Package Installer regularly download a configuration file called “MiAdBlacklistConfig” from a server located in Singapore. “This file contains a list composed of the titles, names and other information of various religious and political groups and social movements (at the time the analysis was performed, 449 records were identified),” the report said. When NCSC analysed the applications, it found code that allows filtering of content based on the downloaded blacklist. “This allows a Xiaomi device to perform an analysis of the target multimedia content entering a phone: to search for keywords based on the MiAdBlacklist list received from the server. When it is determined that such content contains keywords from the list, the device blocks this content. It is thought that this functionality can pose potential threats to the free availability of information,” the report revealed.
  • Risks associated with installing apps on Huawei devices: “Installing mobile applications on Huawei devices is characterised by cybersecurity uncertainties,” the report said. “It is worth noting that most of the application distribution platforms are located in countries not covered by the General Data Protection Regulation, which creates a corresponding risk of leakage of user metadata,” the report added. More importantly, the study “found that a portion of the mobile applications contained on the application distribution platforms are imitations of the original applications, with malicious functionality or virus infestation; such applications can be downloaded and installed by the user on the mobile phone, thereby jeopardising the security of the device and the data contained in it.”
  • Data security risks associated with Xiaomi devices: The report said that pre-installed apps on Xiaomi send a variety of statistical data to servers of the Chinese cloud service provider Tencent, located in Singapore, the USA, the Netherlands, Germany, and India. The company reportedly collects data using two modules. “The Google Analytics module installed on the device allows the browsing and search history to be read, to send this data to analytics servers which Xiaomi accesses” and “the Sensor Data module has been found to collect statistical information on 61 parameters (time of activation of application, language used, etc.) about the activity of applications used,” the report said. “The collected statistics are sent via an encrypted channel to Xiaomi servers in Singapore, which is not covered by the General Data Protection Regulation. According to international sources, clear cases of unauthorised collection of user data by Xiaomi have been identified. Potentially excessive collection and use of analytical data can be said to pose a threat to the privacy of personal data,” the report concluded. Sensor Data reportedly has more than 1,500 customers, including some of the largest corporations in the People’s Republic of China, such as China Telecom, Baidu, CYTS, Sichuan Airlines, etc, the report stated.

Why does this pose a serious concern in India?

The NCSC report found that the blacklist is regularly updated and that the terms in the list can be in any language. More importantly, the censorship functionality can be activated remotely by the manufacturer. Although the functionality currently appears to be targeted at Xiaomi devices sold in China, the Indian government can ask the manufacturer to activate it for its Indian users and can even specify what terms should be on the blacklist.

India’s Information Technology (IT) Rules 2021 require social media platforms to proactively identify and take down illegal content using automated tools. This includes content that depicts rape, child sexual abuse (CSA), or any information that that is “exactly identical” to information that was previously removed or access to which was disabled. The last criterion basically covers information that the government has previously deemed illegal or asked to take down. Social media companies, however, have been reluctant to adhere to this requirement because of censorship concerns. The revelation of Xiaomi’s blacklist now allows the government to directly mandate manufacturers to enable this kind of proactive content censorship. It is, however, not known if Xiaomi can deploy this functionality on all apps on the device or only its own apps.

Advertisement. Scroll to continue reading.

Also Read

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ