According to the National Communications Commission (NCC), Xiaomi smartphones might be passing personal data to a Chinese sever without user consent.

Xiaomi phones, as per NCC, offer a free service that automatically downloads anti-virus software from a Chinese server. The software then scans the device and passes the result and data back to the server, claims a new disclosure by the China Post via Gforgames.

Since Xiaomi does not reveal this operation to its customers, its act is an information security breach, explains NCC.

Earlier in August, the Chinese electronics company admitted that its phones send data back to the server without users' knowledge. The problem, the company explained, has been resolved after a system update.

Hugo Barra, Xiaomi's vice president and former Google executive through a G+ blog post announced that, "A recent article in Taiwan and a related report by F-Secure raised privacy concerns by stating that Xiaomi devices are sending phone numbers to Xiaomi's servers. These concerns refer to the MIUI Cloud Messaging service described above. As we believe it is our top priority to protect user data and privacy, we have decided to make MIUI Cloud Messaging an opt-in service and no longer automatically activate users. We have scheduled an OTA system update for today (Aug 10th) to implement this change. After the upgrade, new users or users who factory reset their devices can enable the service by visiting "Settings > Mi Cloud > Cloud Messaging" from their home screen or "Settings > Cloud Messaging" inside the Messaging app — these are also the places where users can turn off Cloud Messaging."

Meanwhile, Yu Hsaio-cheng, the NCC spokesperson, confirmed in an interview that the commission has been testing Xiaomi phones, and its manufacturer has been making improvements through frequent software updates and other operation procedure.

The NCC further asserts that the Xiaomi phones still download anti-virus software from the servers automatically. Regardless of Xiaomi's system update, the phone's second version still contains some issues.

The agency to regulate the information, communications and broadcasting industry in Taiwan confirms that it will continue testing Xiaomi phones and send the result to the public as well as Xiaomi for verification.

Xiaomi should first get users' permission before providing the free anti-virus service, and consumers always have the right to say no to such services, added NCC.