F-Secure Country Manager (India and SAARC) Amit Nath said, “This happens as soon as the handset is booted. This is both a security and a privacy issue.”

The further allegation stated that the data were being sent to a server named api.account.xiaomi.com, even when Mi Cloud (free cloud messaging services) was not activated.

“We immediately flagged this to the company, and the company has come out with a fix. It has made its cloud messaging service as an option-in service, and hence it is unlikely to have a major impact in India,” he added.

“We believe it is our top priority to protect user data and privacy. We do not upload or store private information or data without the permission of users,” Xiaomi Global vice-president Hugo Barra said in a response posted on social network sites.

“Xiaomi is a mobile Internet company committed to providing high-quality products and easy to use Internet services,” he added.