Lithuania reckons some Xiaomi phones have hidden censorship tools

A study by Lithuania’s state cyber security agency found Xiaomi flagship smartphones come with dormant censorship features that can be activated remotely.

The news comes courtesy of Reuters, which had a look at the investigation. Apparently it found some Xiaomi phones come with capability to ‘censor’ certain terms. While that capability is switched off in Lithuania and the EU it can be activated remotely. Exactly how this censorship takes place when it is activated isn’t clear from the reporting, but presumably it finds a way of certain words and phrases being exported from the phone.

Another report claims the secret censorship module can detect 449 sets of keywords in both the Chinese and Latin alphabets. Unsurprisingly they include “Free Tibet”, “Democratic Movement” and “Longing Taiwan Independence”. The Chinese state seems to think censorship is a great way to make things it doesn’t approve of go away and is trying to get the mobile internet genie back in the bottle.

“Our recommendation is to not buy new Chinese phones, and to get rid of those already purchased as fast as reasonably possible,” Defence Deputy Minister Margiris Abukevicius is quoted as saying in the Reuters report.

The Record notes that the Xiaomi phones it looked at also sent a secret, encrypted SMS to Xiaomi servers whenever a user accessed its cloud service. On top of that they noted the Mi Browser app also collected a few datapoints about the devices and its owner and sent them to Chinese servers. Lastly a Huawei phone was found to redirect searches for various apps to some kind of malware.

With all due respect to Lithuania’s cybersecurity people, these findings need to be independently verified before any sweeping conclusions can be made about Chinese smartphones. If they are, however, the security of not just smartphones with Chinese brands, but any manufactured in that country could be called into question. Since that covers the majority of them, this story has the potential to be huge.

UPDATE 17:00 22/9/21 – Xiaomi’s people got in touch and offered the following statement:

“Xiaomi’s devices do not censor communications to or from its users. Xiaomi has never and will never restrict or block any personal behaviors of our smartphone users, such as searching, calling, web browsing or the use of third-party communication software. Xiaomi fully respects and protects the legal rights of all users. Xiaomi complies with the European Union’s General Data Protection Regulation (GDPR).”