(with inputs from Nikhil Pahwa) Chinese mobile maker Xiaomi has been accused of violating user privacy, but the company has until now maintained its stance that it is not accessing user's confidential information. That was until last week, when security firm F-Secure found that Xiaomi’s MIUI-based smartphones are indeed sending user data - including text messages, contacts, phone numbers, ISP’s name, IMEI number and other details - back to Xiaomi’s server, whether you sign up for the company’s cloud-based services or not. F-Secure also found that this data wasn't encrypted. In simplest terms, it means that anyone using a packet sniffing tool among many other ways could look at your personal data. MIUI is a heavily customized version of Android, and offers cloud messaging service in its devices. This service allows its users to send and receive text messages for free. The text messages are routed via IP instead of carrier’s gateway. The Chinese company has for the first time acknowledged that its phones are sending text messages back to its servers. However, the company says that this was being done to test whether text messages sent out by a user could possibly be sent over using data connection instead of carrier's SMS gateway to save user's money. Xiaomi’s VP Hugo Barra also mentioned that this option is turned on by default: "As we believe it is our top priority to protect user data and privacy, we have decided to make MIUI Cloud Messaging an opt-in service and no longer automatically activate users. We have scheduled an OTA system update…
