Caught in the middle of a storm after Indian Air Force asked its personnel not to but smartphones manufactured by Xiaomi as they were a security threat, the Chinese company has promised to move its Indian users’ data to servers outside China and eventually to India in 2015.
“Since early 2014, we have been migrating our services and corresponding data for Indian users from our Beijing data centres to Amazon AWS data centres in Singapore and USA.
Parts of this migration will be completed by the end of October, and all of it will be completed by the end of 2014,” said an official release quoting a October 22 post by Vice-President Hugo Barra.
“In 2015, we plan to launch a local data center in India to serve the needs of (and store data for) our Indian users. These efforts help significantly improve the performance of our services and also provide some peace of mind for users in India, ensuring that we treat their data with utmost care and the highest privacy standards.”
The company release said it “offers various opt-in Internet services that bring great user benefits, are free of charge, and require personal data to be stored in the cloud”.
Citing examples the release said:
● Mi Cloud enables users to backup their data as well as sync it to other devices
● Cloud Messaging allows users of Mi devices to exchange text messages free of carrier charges by routing messages via IP instead of carrier’s SMS gateway.
Xiaomi said these services are optional (opt-in) and users can turn them on and off at any time. “Users can also opt to use similar services from other Internet companies instead, such as Google, Whatsapp, Dropbox and others.”
Clarifying that it “did not collect user data without permission”, the release said Mi Cloud and Cloud Messaging users have to provide explicit consent by turning on the corresponding service(s). These services can be turned off at any point of time. “We take rigorous precautions to ensure that all data is secured when uploaded to Xiaomi servers and is not stored beyond the time required.”
The release said Xiaomi uses very high encryption and security standards to protect user data. The company claimed it encrypts data using AES-128 standard before storing, :which makes it practically impossible for anyone to steal this information”. “We protect user passwords and identifiers such as IMEI number using cryptographic one-way hash functions before they’re uploaded, which means we never actually receive the original information,” it said.
It further clarified that no single person, including Xiaomi employees, can decrypt user data stored in Mi Cloud, even if they get access to the hard drives. The company claimed it has extremely strict access control policies with multiple authorisations required for engineers building services that access any personal data and “all access to servers is logged and audited”.