[cptskippy]

The worst thing about Xiaomi is their invasive software. In order to use a Mi Fit band you have to create an account with them and grant their app every permission under the sun.

I love their hardware, it's a frugal premium grade that's hard to come by. I just wish it were more open and their software wasn't so questionable.

[al_chemist]

That's interesting, because when I've got my Xiaomi Mi3 I've compared it with my Samsung Galaxy Tab. Mi3 was rooted, had almost no crapware and allowed me to pick what permissions app gets. On the other hand Tab required Samsung Account and rooting it voided guarantee.

Mi Band vibrates on incoming connection, sms and apps so maybe that's why it requires permissions to phone, sms and notifications.

[cptskippy]

Take a look at the permissions required by the official "Mi Fit" app (https://play.google.com/store/apps/details?id=com.xiaomi.hm....) vs the indie "Tools & Mi Band" app (https://play.google.com/store/apps/details?id=cz.zdenekhorak...).

The official app has more features admittedly, but nothing that justifies the level of permissions it asks for. At most it should need access to the camera/photos to allow you to set a profile photo, and full network access to create/sync your account data to the "cloud".

Nothing that the official app does justifies the following permissions it asks for:

  Device & app history

    retrieve running apps
    read sensitive log data

  Identity

    find accounts on the device

  Location

    approximate location (network-based)
    precise location (GPS and network-based)

  SMS

    receive text messages (SMS)

  Phone

    directly call phone numbers

  Photos/Media/Files

    access USB storage filesystem

  Wi-Fi connection information

    view Wi-Fi connections

  Other

    view network connections
    connect and disconnect from Wi-Fi
    read Google service configuration
    draw over other apps
    control flashlight
    reorder running apps
    modify system settings

[keverets]

Even better is Gadgetbridge (available on F-droid): https://github.com/Freeyourgadget/Gadgetbridge

It's not as slick as the official app, but requires much less in the way of permissions and is more flexible.

[ianai]

That's not all that's questionable about them.

[yompers888]

Would you care to elaborate?

[ianai]

well, http://www.zdnet.com/article/former-pentagon-analyst-china-h...

[cptskippy]

Xiaomi isn't explicitly mentioned in that article and I have no doubt they put backdoors in their products for the Chinese Government. I guess my question is, would you feel differently if they were a US company and it were the the US Government holding the keys to backdoor?

There's a reason China has been investing in developing it's own CPUs and telecommunications hardware and it isn't so that it can more easily spy on others. It's because they themselves no longer wish to be spied on... and maybe so they can spy on everyone else a little too.

I'm not saying it's right. I don't know what I'm saying actually. I'm just going to grab some tin foil...