- A Lithuanian cybersecurity report has claimed that Xiaomi phones can remotely detect and censor specific terms.
- The report alleges that some Xiaomi phones occasionally download a blocked keyword list.
- It’s claimed that this content filtering isn’t active in the EU but could be remotely enabled.
- Xiaomi denies the allegations.
Update, September 22, 2021 (10:39 AM ET): We have received a statement from Xiaomi regarding the news below. Here is the statement in full:
Xiaomi’s devices do not censor communications to or from its users. Xiaomi has never and will never restrict or block any personal behaviors of our smartphone users, such as searching, calling, web browsing or the use of third-party communication software. Xiaomi fully respects and protects the legal rights of all users. Xiaomi complies with the European Union’s General Data Protection Regulation (GDPR).
Interestingly, this statement doesn’t deny the allegation of Xiaomi phones having the ability to censor information, nor that it disseminates blocked keyword lists to some of its apps. In other words, the statement only says that Xiaomi won’t censor communication but doesn’t deny it could have the ability to do so or is even possibly preparing to do so. We have reached out for further comment.
Xiaomi has enjoyed a fantastic 2021 in terms of shipments, as the company actually passed Samsung for the number one spot globally in June. However, a new government report makes some rather serious claims about the company’s phones.
Lithuania’s government-run cybersecurity body has released a report (h/t: Reuters) that claims some Xiaomi phones have the ability to remotely detect and censor specific terms. The cybersecurity body specifically looked at the Mi 10T, along with the Huawei P40 and the OnePlus 8T.
More specifically, the report alleges that several pre-installed apps on the Mi 10T (including the Mi Browser) occasionally receive a blocked keyword list from the manufacturer. The offending keywords relate to Taiwanese independence, freeing Tibet, and more. The device is then able to apparently block content based on any of these keywords.
More Xiaomi coverage: 6 things we want to see from the Mi 12 in 2022
The report did however claim that the content filtering functionality was disabled on Xiaomi phones sold in Lithuania and the EU at large (the function is presumably meant for China). But it also claimed that Xiaomi had the ability to remotely activate this function.
One rather interesting tidbit from the report is that the alleged blocklist is dubbed “MiAdBlocklist.” The Lithuanian report also claims that the functionality applied to apps like the Cleaner, package installer, and Security tools as well. This sounds like the blocklist could be related to system ads rather than communications.
The report also took umbrage with the amount of data collected by the Mi Browser and the sending of an encrypted SMS from the user’s device when registering for Xiaomi’s cloud service. In the case of the latter, the cybersecurity body says this risks personal data leakage as there’s no way of knowing what exactly is being sent in the message.
We’ve contacted Xiaomi for comment regarding this report and will update the article if/when it gets back to us. Nevertheless, this latest report also comes amid rising tensions between China and Lithuania in recent weeks after the European country allowed Taiwan to open a mission under its own name. China reacted by urging Lithuania to recall its Chinese ambassador, saying it would recall its envoy to Lithuania as well.
What about the other tested phones?
Moving on to the Huawei P40, Lithuania’s cybersecurity body found one security issue here. The report took issue with the fact that Huawei’s App Gallery directs users to third-party app repositories when a desired app isn’t found, saying that many of these third-party stores contain malicious apps.
It goes without saying that Huawei doesn’t have much of a choice here, as it’s been blocked from using the Google Play Store and other Google services. But we hope it either works with the offending app repositories to suss out sketchy apps or ditches these repositories altogether.
The report also looked at the OnePlus 8T, but didn’t find any security issues here. But the cybersecurity body still recommended that people don’t buy new Chinese phones, which seems rather strange given that it found no issues with a device from one Chinese brand.