China's smartphone manufacturer Xiaomi has rejected the Lithuanian cyber security agency's findings that its devices have security vulnerabilities and plans to engage a "third-party agency" to assess the allegations.
In a statement released this week, the manufacturer said its phones do not restrict or filter communications to or from their users, and have not done so in the past.
Xiaomi's phones use advertising management software that has limited ability to manage paid and push advertisements sent to the devices via apps, according to the company.
"It is software that can be used to protect users from offensive content, such as pornography, violence, hate speech and references that could be outrageous to users," it said. "It is a common practice in the smartphone and web industry around the world."
The manufacturer said it regularly reviews the policies of its advertising management system to ensure that they meet users' needs and expectations.
"The report incorrectly claims inappropriate data handling. Xiaomi is fully compliant with all GDPR requirements, including the handling, processing and transfer of end-user data," according to the statement.
"Our compliance applies to all systems, apps and services. Any use of personal data is subject to the user's prior consent and is always subject to local or regional laws and regulations of the European Union and its member states."
Xiaomi also said it would engage an unnamed "independent and professional third party agency" to assess the allegations found in the report by Lithuania’s National Cyber Security Centre on security risks found in Chinese flagship phones sold in Lithuania.
In the report released last week, the centre said that the analysed Xiaomi smartphone has built-in censorship capabilities. When a user chooses to use Xiaomi cloud services, the user's phone sends an encrypted registration SMS that is not saved anywhere on the device, which creates a risk of personal data leakage, according to the report.
Another security risk comes from the fact that the Xiaomi phone uses not only the usual Google Analytics, but also a Chinese module that has been found to collect and periodically send out statistical information on 61 parameters about user activities on the device.
The analysis also identified cybersecurity risks in a Huawei smartphone, which the manufacturer has dismissed.