Security Audit

Objective

For Mi Ecosystem products, we conduct security audit to help to avoid serious user privacy and data security issues during the beta testing stage or after official release.

Focus

We focus on auditing data acquisition, storage, transmission, and access control, etc. If you are using products and cloud services from non-Ecosystem enterprises, please specify the corresponding information. (such as Mi FDS, Aliyun database services, KSYun Virtual Machine, Mi Accounts, Mi Cloud, MIoT/MIIO, etc.)

Process

The security documents of new products should be submitted for security audit prior to beta testing stage. Beta testing can start only if the audit is approved (any serious problems must be rectified). Engineering machine of new products should be provided for security testing and analysis prior to crowdfunding or sale. The products can be released to the market only if the audit is approved (any serious problems must be rectified).

Background

In 2015, we found some security and privacy issues in a number of new Mi Ecosystem enterprise products. Starting from 2016, all new Ecosystem enterprise products, especially for Mi Brands, need to proceed Mi Security's security audit during design stage and prototype testing prior to the beta testing. Previously released products will be audited in due course. Depending on the actual situation of the product, Mi Security may spend a lot of time conducting several audits at different stages, or just carry out a single audit.