wordpress blog stats
Connect with us

Hi, what are you looking for?

Xiaomi phones do not have censorship capabilities, finds German cybersecurity watchdog

This contradicts what was reported by the Lithuania Defence Ministry on an alleged blacklist that comes with certain Xiaomi apps.

Germany’s Federal Office for Information Security (BSI) on January 13 said that it has found no evidence of censorship capabilities in Xiaomi phones, Reuters reported.

In September last year, Lithuania’s Defence Ministry published a report alleging that Xiaomi devices have the built-in ability to detect and censor terms like “Free Tibet”, “Women’s Committee”, and “Long live Taiwan’s independence” and although this censorship capability is turned off for phones sold in the European region, the company has the ability to remotely activate it. Following these allegations, Germany’s cybersecurity watchdog launched a technical investigation into the Chinese manufacturer.

Since Xiaomi leads the smartphone market in India with a 23 percent market share, these allegations raised concerns on how this alleged capability can be misused by the Indian government, especially in light of the Information Technology Rules 2021, which requires platforms to proactively identify and take down content deemed illegal by the government using automated tools.

However, a BSI spokesperson told Reuters that the cybersecurity agency was “unable to identify any anomalies that would require further investigation or other measures.” The agency did not provide any additional details to back its claim.

This finding must come as a relief to Xiaomi, especially since the company is currently being investigated by Indian tax authorities for allegedly evading customs duty worth Rs 653 crore.

Advertisement. Scroll to continue reading.

What were the allegations against Xiaomi?

A cybersecurity assessment carried out by Lithuania’s National Cyber Security Centre (NCSC), found the following major cybersecurity risks associated with Xiaomi and Huawei devices:

  1. Censorship capabilities of Xiaomi devices: The study found that Xiaomi apps including MiBrowser, Security, Themes, Cleaner, and MIUI Package Installer regularly download a configuration file called “MiAdBlacklistConfig” from a server located in Singapore. “This file contains a list composed of the titles, names and other information of various religious and political groups and social movements (at the time the analysis was performed, 449 records were identified),” the report said. When NCSC analysed the applications, it found code that allows filtering of content based on the downloaded blacklist. “This allows a Xiaomi device to perform an analysis of the target multimedia content entering a phone: to search for keywords based on the MiAdBlacklist list received from the server. When it is determined that such content contains keywords from the list, the device blocks this content. It is thought that this functionality can pose potential threats to the free availability of information,” the report revealed.
  2. Risks associated with installing apps on Huawei devices: “Installing mobile applications on Huawei devices is characterised by cybersecurity uncertainties,” the report said. “It is worth noting that most of the application distribution platforms are located in countries not covered by the General Data Protection Regulation, which creates a corresponding risk of leakage of user metadata,” the report added. More importantly, the study “found that a portion of the mobile applications contained on the application distribution platforms are imitations of the original applications, with malicious functionality or virus infestation; such applications can be downloaded and installed by the user on the mobile phone, thereby jeopardising the security of the device and the data contained in it.”
  3. Data security risks associated with Xiaomi devices: The report said that pre-installed apps on Xiaomi send a variety of statistical data to servers of the Chinese cloud service provider Tencent, located in Singapore, the USA, the Netherlands, Germany, and India. The company reportedly collects data using two modules. “The Google Analytics module installed on the device allows the browsing and search history to be read, to send this data to analytics servers which Xiaomi accesses” and “the Sensor Data module has been found to collect statistical information on 61 parameters (time of activation of application, language used, etc.) about the activity of applications used,” the report said. “The collected statistics are sent via an encrypted channel to Xiaomi servers in Singapore, which is not covered by the General Data Protection Regulation. According to international sources, clear cases of unauthorised collection of user data by Xiaomi have been identified. Potentially excessive collection and use of analytical data can be said to pose a threat to the privacy of personal data,” the report concluded. Sensor Data reportedly has more than 1,500 customers, including some of the largest corporations in the People’s Republic of China, such as China Telecom, Baidu, CYTS, Sichuan Airlines, etc, the report stated.

Back then, Xiaomi refuted these allegations and told Reuters:

“Xiaomi’s devices do not censor communications to or from its users. Xiaomi has never and will never restrict or block any personal behaviors of our smartphone users, such as searching, calling, web browsing or the use of third-party communication software.”

Xiaomi also hired an independent third-party expert to investigate the allegations made by Lithuania.

Also Read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ