On August 10 Xiaomi addressed privacy concerns related to the MIUI Cloud Messaging function of its smartphones by releasing an OTA update intended to make this an opt-in feature, rather then a default one.
Since we already had the phone set up, we downloaded and applied the update to the same Redmi 1S phone we used in the previous testing:
Then we factory reset it. Once the phone restarted, we noted that cloud messaging is now by default set to Off under Settings:
We then went through the following steps:
• Add a new contact • Send and receive an SMS message • Make and receive a phone call
During these activities, we did not see any data being sent out from the phone.
Next, we activated the cloud messaging function and logged into the Mi Cloud. At this point, we saw base-64 encoded traffic being sent to https://api.account.xiaomi.com:
Note that this is now over HTTPS rather than HTTP, as seen in our previous testing. We had to use a HTTPS proxy in order to view what was being passed:
This was a quick test to check if the update had addressed points highlighted in various media reports. Xiaomi VP Hugo Barra has also posted more details of the MIUI Cloud Messaging implementation.