http://www.engadget.com/2014/08/10/xiaomi-privacy-issue-cloud-messaging/
So apparently anyone could've just read all your messages and a lot of your contact details.
Earlier this week, Finland's F-Secure looked into claims that Xiaomi
was secretly sending data from its MIUI-powered phones back to its
servers, and it turned out to be true. Despite having not added any
cloud accounts, F-Secure's brand new Redmi
1s -- Xiaomi's budget smartphone -- still beamed its carrier name,
phone number, IMEI (the device identifier) plus numbers from the address
book and text messages back to Beijing. Worse yet, the data was
unencrypted, thus allowing F-Secure and potentially anyone to, well, get
to know your Xiaomi phone very easily. Earlier this week, Finland's F-Secure looked into claims that Xiaomi
was secretly sending data from its MIUI-powered phones back to its
servers, and it turned out to be true. Despite having not added any
cloud accounts, F-Secure's brand new Redmi
1s -- Xiaomi's budget smartphone -- still beamed its carrier name,
phone number, IMEI (the device identifier) plus numbers from the address
book and text messages back to Beijing. Worse yet, the data was
unencrypted, thus allowing F-Secure and potentially anyone to, well, get
to know your Xiaomi phone very easily.
This is partly the reason why I never touched MIUI.
But then in the end, it's pick NSA or MSS, or both. Like Skype, I'd think it highly probably Wechat and other similar apps reported to their home governments with juicy data. Lots and lots and lots of meta data.
____________________________________________________________________________
Also, I have been upgraded to a Sony Xperia Z1 from my Desire HD ("Karuu") this year, which I used after upgrading from the Dopod WinMo5-6 in 2010/2011. In light of my recent rooting and flashing exploits, and having experienced rooting and flashing custom ROMs on HTC (Desire HD), Samsung (S III, Tab), Sony (Z1), ASUS (TF300T), Yuandao (N90), Dopod/HTC (838 Pro), Zopo (ZP950) devices, and dealing with each manufacturer's quirks, here are a list of tips I should follow (while also following my
flash guide/checklist):
- Do these even when you've done this many times, because a false (or true) sense of proficiency can be misleading and lead to mistakes being made.
- Read everything, then re-read it! (Luckily most chefs/devs highlight potentially bricking hazards with warnings in red text. But still read everything in the OPs, and if more info is needed straight after OPs and latest posts in the thread and use search within thread/sub-forum).
- Don't assume each sub-forum (for each device on xda) is similar. Know your sub-forum by exploring. Also, each device handles differently.
- Plan the whole process - like using the waterfall methodology in SDLC. Know your aim, and define each step of how to get there. (Regain workable recovery: try flashing this 1st via fastboot, if that doesn't work, then ... etc.)
This would save lots of headaches and having to do work-arounds which take literally hours longer than I'd have had to if I'd read (all the related threads!), understood, planned it out properly and followed the steps. This is one process where the Agile model way of doing things would work poorly, costing you more time. (And probably brick your device if you're not careful).
When you start trying the more labour-intensive/involved 'solutions', you start losing your shorter simple options because of wipes and incompatibilities between different partitions of your device. It's kind of like in cooking how you can always add more X but once it's mixed in, you can't take X out.
You can see why people operators like
NASA,
SpaceX, pilots, etc. have a pre-flight/launch checklist and the whole launch sequence timelines. One little mistake can have catastrophic consequences (not just bricking a device, more like death).
