A couple of weeks ago, there was a report on OCWorkbench regarding the Xiaomi Redmi Note secretly sending personal data (e.g., SMS messages and photos) to servers in China when the device is connected to a Wi-Fi network. And apparently, the transmission doesn’t stop if the phone is rooted and flashed with a different firmware. Since this news broke, we’ve noticed it being shared quite frequently in other news outlets and social media channels.
Yesterday, Xiaomi responded to these allegations on its Mi India Facebook page (a Chinese version of this response was actually posted on Xiaomi’s Hong Kong Facebook page about two weeks ago). In a nutshell, Xiaomi says that while MIUI connects to the company's servers from time to time, non-personal data is transmitted or uploaded. The only time personal info is sent to Xiaomi is when the user knowingly uses the company’s Mi Cloud data backup service, which is turned off by default. Even when Mi Cloud is used, the data is encrypted.
Of course, even with this clarification, there will still be doubters out there. Some will go as far as to block all traffic to and from the identified IP range, but that isn’t really a wise move if you’re using Mi Cloud.
On why consumers should believe Xiaomi, the company has this to say:
Source: Xiaomi’s Mi India Facebook page.