[FSec] Testing the Xiaomi RedMi 1S - now with OTA update

Newsfeed

Nachrichtenbote
On August 10 Xiaomi addressed privacy concerns related to the MIUI Cloud Messaging function of its smartphones by releasing an OTA update intended to make this an opt-in feature, rather then a default one.

Since we already had the phone set up, we downloaded and applied the update to the same Redmi 1S phone we used in the previous testing:

xiaomi_otaupdate.jpg
xiaomi_phone.png


Then we factory reset it. Once the phone restarted, we noted that cloud messaging is now by default set to Off under Settings:

xiaomi_phone_settings.png


We then went through the following steps:

• Add a new contact
• Send and receive an SMS message
• Make and receive a phone call

During these activities, we did not see any data being sent out from the phone.

Next, we activated the cloud messaging function and logged into the Mi Cloud. At this point, we saw base-64 encoded traffic being sent to https://api.account.xiaomi.com:

for_xm_cropped_blurred.png


Note that this is now over HTTPS rather than HTTP, as seen in our previous testing. We had to use a HTTPS proxy in order to view what was being passed:

traffic_cropped.png


This was a quick test to check if the update had addressed points highlighted in various media reports. Xiaomi VP Hugo Barra has also posted more details of the MIUI Cloud Messaging implementation.
On 14/08/14 At 05:42 AM

Weiterlesen...
 
Zurück
Oben