RIGHT BG
Reported privacy breach a common problem of Android phones: experts
The security breach concerns surrounding Beijing-based Xiaomi Inc are common with mobile phones running Google's Android system, experts said Wednesday, after Taiwan authority revealed it was considering whether to ban the use of Xiaomi phones by its public servants.
"It is just a mobile phone. People should not attach too much importance to it. At the same time, I believe Xiaomi is wildly popular among compatriots across the Taiwan Straits," Ma Xiaoguang, spokesman for the State Council's Taiwan Affairs Office, told a regular press conference in Beijing Wednesday when he was asked to comment on the information security issues concerning Xiaomi in recent months.
Taiwan authority is now discussing whether to prevent public servants from using Xiaomi phones and a decision could be taken in three months, Taiwan-based Economic Daily News reported Wednesday.
Taiwan has prohibited public servants from discussing work-related matters on the popular messaging app LINE which is offered by a South Korean vendor, the report said.
Authority of the island has asked its "National Communications Commission" (NCC) to draw a plan to require all handsets to be sold in the Taiwan market to go through a security certification process, a report on news portal chinatimes.com said on August 14.
The NCC did not respond to Global Times' e-mail request for comment by press time.
"As a company, we are not in a position to comment on the statements of officials," a PR staff from Xiaomi, who declined to be named, told the Global Times Wednesday.
The NCC reportedly will roll out the plan by the end of 2015, which will require mobile phone manufacturers to "voluntarily" check the soundness of their products and built-in apps in terms of information security. The NCC noted that the policy will not be discriminatory as it will apply to all brands such as Apple, Samsung, and Taiwan-based HTC.
Some users in Taiwan discovered that Xiaomi's cloud messaging service uploaded their phone identification code and other information to the company's servers in Beijing without asking the consent of the users beforehand.
Xiaomi Inc has issued a statement on August 10 saying that it has provided a patch to fix the reported problem.
Tang Wei, a security expert with antivirus provider Rising, said the messaging service is similar to Apple Inc's iMessage, and enables users to text another Xiaomi user free of charge.
"Enabling such services inherently requires feeding the identification code to the company server, wherever it is located," Tang said.
A great number of apps gather and upload users' data to servers at headquarters, but the question is whether the company guarantees the users' right to know, Tang said.
"One possibility is that it was a deliberate act of gathering information without disclosing it to the users. The other scenario could be that the company overlooked this issue, as the function is a minor one," Tang noted, "What exactly happened and what was the motive behind it, only Xiaomi knows."
Jiang Yong, director of the Economic Security Studies Center at the China Institutes of Contemporary International Relations, said the Taiwan compatriots' concerns over privacy issue is understandable, as these days issues like this can be really annoying, such as enabling rogue software to harass users with tailor-made advertisements.
However, making a fuss over the Xiaomi phone or any other smartphone manufactured in the Chinese mainland is groundless, Jiang said.
"It is possible that some low-level privacy breach occurred. But there couldn't be any sophisticated, or systemic breach like the intelligence gathering project PRISM of the National Security Agency of the US, as Chinese companies currently do not possess the needed core technologies, in both hardware and software, to do so," Jiang told the Global Times Wednesday.
Jiang noted that government agencies will not use such phones anyway due to security concerns.
Android's nature as an open source ecosystem means such issues cannot be avoided. Built-in apps by mobile-phone makers are relatively safe, but those provided by third-party vendors or telecom operators can pose a threat, Tang said.
An NCC official pointed out in August that there are currently no global precedents of requiring phone makers to test their products and the security of built-in apps.
Copyright ©1999-2018
Chinanews.com. All rights reserved.
Reproduction in whole or in part without permission is prohibited.
