The Lithuanian state cybersecurity authority has published a report according to which Xiaomi can remotely detect censored content and hide it on some smartphones. This was reported by Android Authority, citing Reuters. The Lithuanian department tested the Mi 10T based on the MIUI Global 12.0.10 QJDEUXM firmware (Android 10 QKQ.200419.0P2), as well as the Huawei P40 and OnePlus 8T smartphones.
The report claims that some components built into the Mi 10T shell (Mi Browser, Cleaner, MIUI Package Installer, Security, Themes, Music and Downloads) send a JSON file to the Xiaomi server in Singapore, which in turn sends them the MiAdBlacklistConfig file – block list containing a list of forbidden words. Censored topics relate to the independence of Taiwan, the liberation of Tibet and others (there are at least 449 prohibited phrases in the list).
By recognizing keywords, the firmware appears to be able to block prohibited content. The report claims that this censoring function is disabled on Xiaomi smartphones sold in Lithuania and the EU, but the manufacturer can remotely activate this function. Presumably this option is for China.
Lithuanian experts are also concerned about the amount of data collected by Mi Browser and the sending of an encrypted SMS message when registering a user in the Xiaomi cloud service (since it is impossible to find out the contents of this letter, there is a risk of personal data leakage).