Top

Data security issues force Xiaomi to setup data server in India

Xiaomi will set up a data centre in the country by next year to host services for Indian customers

New Delhi: Chinese smartphone maker Xiaomi will set up a data centre in the country by next year to host services for Indian customers as it looks to enhance quality of service and address concerns around data security.

The company -- also called Apple of China -- has already partnered Amazon Web Services (AWS) to migrate data of its international (non-Chinese) customers to centres in the US and Singapore. The process is expected to be completed by the end of this month. "We are already in discussions with local data centre operators here.

We expect to have one in place by early next year. These efforts help significantly improve the performance of our services and also provide some peace of mind for users in India, ensuring that we treat their data with utmost care and the highest privacy standards," Xiaomi Vice President Hugo Barra told PTI. He added that the decision to set up a data centre in India was driven by the strong demand that Xiaomi has seen in the last few months.

"At the beginning of 2014, we knew that we will add India (data centre) but what would determine that would be the progress that we made here. The growth that we have seen here is beyond our expectations. Xiaomi entered the Indian market in July this year with its Mi3 smartphone priced at Rs 13,999 through e-Commerce major Flipkart.

Also Read: How to know if your smartphone is leaking data, and where

It currently has another device Redmi 1S in the country. It is estimated that the firm has sold about half a million Redmi devices and 1.2 lakh Mi3 handsets. "The potential that we see in India played an important part in the decision. The smartphone market here has grown at a phenomenal pace and is the second largest market for us outside of China.

With 4G coming in, we want to offer the fastest service possible and bringing the data centre closer to the users is a step in that direction," Xiaomi India head Manu Jain said. The move will also help the Chinese firm address concerns around security of user data. Last week, the Indian Air Force had asked its IAF personnel and their families to desist from using Chinese 'Xiaomi Redmi 1s' phones as these are believed to be transferring data to their servers in China and could be a security risk.

The company is now engaging in discussion with Indian authorities to address these concerns. "We are trying to get to the bottom of this. So far, we have not heard anything from the IAF or any other authorities and have only read media reports. We will reach out to authorities and engage with them to address any concerns that they might have," Barra said.

Countries across the world are putting in place regulations to ensure that data is hosted within the country and this will gain traction as more data moves to the cloud.

Earlier this year, security solutions provider F-Secure had, in a report, demonstrated how a Xiaomi Redmi 1S phone was sending data including the user's IMEI, phone number, and phone numbers of contacts added to the phone book to a remote server. Based on the report and inputs from Indian Computer Emergency Response Team (CERT-In), the IAF note was prepared.

Xiaomi has always maintained that it collects data only with the user's permission to offer specific services like cloud. "We do not collect any data associated with services such as Mi Cloud and Cloud Messaging until the user provides explicit consent by turning on the corresponding service(s). Even after users have turned on these services, they can turn them off at any point of time. We take rigorous precautions to ensure that all data is secured when uploaded to Xiaomi servers and is not stored beyond the time required," he said.

He added that the company encrypts data using AES-128 standard before storing, which makes it "practically impossible" for anyone to steal this information. "We protect user passwords and identifiers like IMEI number using cryptographic one-way hash functions before they're uploaded, which means we never actually receive the original information. No single person, including Xiaomi employees, can decrypt user data stored in Mi Cloud, even if they get access to the hard drives," he said.

( Source : PTI )
Next Story