Dhruv Bhutani / Android Authority
TL; DR
- A Lithuanian cybersecurity report claimed that Xiaomi phones can remotely recognize and censor certain terms.
- The report claims that some Xiaomi phones occasionally download a list of blocked keywords.
- It is claimed that this content filtering is not active in the EU but could be activated remotely.
Xiaomi had a fantastic 2021 in terms of shipments as the company overtook Samsung as number one in the world in June. However, a new government report makes some fairly serious claims about the company’s phones.
Lithuania’s state cybersecurity agency published a report (h / t: Reuters) which claims that some Xiaomi phones are able to remotely recognize and censor certain terms. In addition to the Huawei P40 and the OnePlus 8T, the cybersecurity agency looked specifically at the Mi 10T.
Specifically, the report claims that several preinstalled apps on the Mi 10T (including the Mi Browser) occasionally receive a blocked keyword list from the manufacturer. The offensive keywords are related to Taiwan’s independence, liberation of Tibet, and more. The device is then able to appear to block content based on one of these keywords.
More Xiaomi coverage: 6 things we want to see from Wed 12 in 2022
However, the report claimed that the content filtering feature was disabled on Xiaomi phones sold in Lithuania and the EU as a whole (the feature is believed to be for China). However, it has also been claimed that Xiaomi could remotely activate this feature.
A rather interesting tidbit from the report is that the alleged blacklist is called “MiAdBlocklist”. The Lithuanian report also claims that the functionality also applies to apps like cleaner, package installer, and security tools. Sounds like the blacklist might be related to system indicators rather than communications.
The report was also stimulated by the amount of data that the Mi browser collects and the sending of an encrypted SMS from the user’s device when registering for Xiaomi’s cloud service. In the latter case, according to the cybersecurity agency, there is a risk of personal data being lost because it is not known what exactly is being sent in the message.
We have contacted Xiaomi for a comment on this report and will update the article when it reaches us. Still, this latest report comes amid mounting tensions between China and Lithuania in recent weeks after the European country allowed Taiwan to open a mission under its own name. China responded by asking Lithuania to recall its Chinese ambassador and saying it would also recall its envoy in Lithuania.
What about the other phones tested?
Lithuania’s cybersecurity agency has identified a security problem with the Huawei P40. The report criticized the fact that Huawei’s app gallery directs users to third-party app repositories when an app they want isn’t found, and said that many of those third-party stores contain malicious apps.
It goes without saying that Huawei does not have a large selection here, as it is blocked from using the Google Play Store and other Google services. But we hope it either works with the obnoxious app repositories to find sketchy apps or ditch those repositories altogether.
The report also looked at the OnePlus 8T, but found no security issues here. But the cybersecurity agency still recommended not to buy new Chinese phones, which seems pretty strange as they haven’t found any issues with a Chinese-branded device.