Last week we reported a news about Xiaomi and a report made by a Lithuanian security company commissioned by the Ministry of Defense: according to Margiris Abukevicius, the deputy minister, Lithuanian citizens (and Europeans too) should throw away Xiaomi phones because they integrate functions that could censor the contents.
After having seen, read and translated the report, it seems that this is however a partial fake news and we apologize to the readers for not being able to deepen, as we always do, this news. Unfortunately on September 22, when we published the story, we did not have all the tools to understand exactly what the Lithuanian security experts had found. Now, with the report finally available even if it needs to be translated, we have been able to outline a more precise perimeter of what would be the problem linked to censorship which, we will see, censorship is not.
Let’s start with Xiaomi’s official statement this morning, with which the company wanted to clarify that “Xiaomi devices do not restrict or filter communications to or from their users. Xiaomi has never restricted or blocked any personal behavior of its customers, such as searches, calls, web browsing or the use of third-party communication software, and never will. The NCSC report in question does not support such action on our part.”
Adding that “The report highlights Xiaomi’s use of advertising management software that has the limited ability to manage paid and push advertisements on devices through Xiaomi apps, such as Mi Video and Mi Browser. It is software that can be used to protect users from offensive content, such as pornography, violence, hate speech and references that could be outrageous to users. It is a common practice in the smartphone and web industry around the world.”
The offending file, the one that would count the censored words, actually includes words like “Free Tibet” or “Taiwan Independence” together though to thousands more terms, some in English and some written in Chinese. The file name, “MiAdBlacklistConfig”, It should be clear enough: Mi Advertising Blacklist Config.
We took it from an updated Redmi, and as the report writes it is downloaded the first time an application is started from a server with address globalapi.ad.xiaomi.com to make sure it is always the updated version.
It is useless that we provide you with the list of terms: there is every type of possible insult, in addition to every word that certainly deserves to be on a blacklist designed to identify content of a political, sexual, religious or offensive nature that may in some way hurt. the sensitivity of users. Without any discrimination: it is a truly comprehensive list, which not only looks at China but looks at the whole world.
Some Xiaomi phones, those who use them are aware of it, have an advertising banner within some system apps that is managed directly by the Xiaomi advertising servers. Often these creatives are sold with an “auction” system, whoever offers more wins the space, and it is the advertiser who manages the campaigns and modifies the banners by changing the creatives.
This means that an attacker, even paying, could upload a banner with sexual organs and obscene writing and it would appear on all phones around the world.
Xiaomi, instead of filtering these server-side advertisements as is done by Google and many other large companies in the advertising world, simply adds a sort of “adblocker” in the apps that searches for some keywords and, if it finds them, does not show that advertisement.
The code inside the apps that manages that part is quite clear, and we don’t understand how the researchers who created the report didn’t understand that the one mistaken for censorship it was simply a filter for ad creatives.
To be precise, the call
iNativeAd.getAdBody() uses a method of the iNativeAd class to recognize the writings inside advertisements, whether they are in text format or are present on an image (through machine learning) and compares them with those present in the database. If it finds them, it writes a log string and avoids showing the content.
In addition to uncomfortable terms, references to sexual acts and insults, there are also brands and models of competing brands: advertising an Oppo phone in a Xiaomi app would be an own goal.
All of this has nothing to do with what a user types or searches in the browser, or sees on their phone. If there is anyone who is being censored, it is the one who is planning to run an offensive or misplaced advertising campaign on a phone.