A few days ago, the Lithuanian Ministry of Defense lashed out at Xiaomi by a media fuss about privacy and security of Chinese smartphones. The charge is that he introduced a genuine automatic censorship of more than 400 terms into his software, including “Free Tibet” or “Long live the independence of Taiwan”.
Today, Xiaomi refuted the statements by issuing the following press release:
Statement from a Xiaomi spokesperson
Xiaomi is aware of the report “Cybersecurity assessment of 5G-enabled mobile devices” recently published by the Cybersecurity and Information Authority of Lithuania (NCSC) and has taken the allegations in the aforementioned report very seriously.
While we disagree on the nature of some of the findings, we plan to engage an independent third party to review the points raised in the report. We are absolutely certain of the integrity of our devices and of the compliance rules that apply to our business, so we believe it is necessary to engage a third-party company that is authorized to perform the appropriate checks for the benefit of our Partners and our Customers .
In particular, Xiaomi wants to shed light on two key points highlighted in the report:
1. Alleged Censorship
Xiaomi devices do not restrict or filter communications to or from their users. Xiaomi has never, and never will, restrict or block any of its customers’ personal behaviors such as searches, calls, web browsing or the use of any third-party communication software. The NCSC report in question does not support such action on our part.
The report highlights Xiaomi’s use of ad management software that has limited ability to manage paid and push ads on devices through Xiaomi apps, such as Mi Video and Mi Browser. It is software that can be used to protect users from offensive content, such as pornography, violence, hate speech, and referrals that may be outrageous to users. It is a common practice in the smartphone and web industries around the world.
We review the policies of our ad management system from time to time to ensure it meets the needs and expectations of our users. Xiaomi is committed to operating responsibly and transparently in all jurisdictions. We are constantly striving for improvement and innovation and welcome collaboration with users, regulators and other stakeholders.
2. Processing and transfer of data
The report falsely claims inappropriate data processing. Xiaomi is fully compliant with all GDPR requirements, including the processing, processing and transfer of end-user data. Our compliance applies to all systems, apps and services. Any use of personal data is subject to the user’s prior consent and is always subject to local or regional laws and regulations of the European Union and its member states.
Xiaomi operates in accordance with ISO/IEC 27001 Information Security Management Standards and ISO/IEC 27701 Privacy Information Management System. Also, since 2016, our company has received the Enterprise Privacy Certification from TrustArc annually. This ensures the best possible protection in terms of privacy and security for the end user.
Finally, Xiaomi would like to reiterate its commitment to the privacy and security of its users and that it operates according to the highest standards, respecting all local and regional regulations.