61 comments

[ 4.4 ms ] story [ 119 ms ] thread
Very likely this is to avoid US sanctions.
Yup. Don't blame Xiaomi, blame the regulatory authorities and the grey market importers.
There is nothing wrong with "grey" market.

Trying to render "grey" market as something bad is a trick of brands.

It Depends™, and different parties use the term differently, including at least "probably stolen", "probably counterfeit", "genuine but broken and fixed unofficially", and "genuine but vendor only acknowledges original buyers or mountains of cash". Some sellers like "grey market" because they want ambiguity that their goods might not be stolen, and some vendors (cough, Cisco) like the label to pretend there's something wrong with any hardware lacking a current, fully paid-up support contract.
(comment deleted)
Or sometimes bought from a cheper distributor which i saw in europe. Cisco - after all they backdors - can claim anything.
Gray market to me means the legal sale of goods in a way that isn't approved by the manufacturer.

Anything illegal is automatically black market, as that is the definition of black market.

I don't work for Xiaomi.

But as a manufacturer, we have to get regulatory compliance for our products from the countries we sell to.

Yes, this is a Big and Expensive deal.

Of course, a grey marketer can physically ship our products from one regulatory regime to another without our permission.

So a countries regulatory authority finds our product for sale in their country and it doesn't comply with the regulations.... what recourse do they have?

The most common one is confiscation from the sellers.

But if the problem is sufficiently widespread, they may choose to put pressure on the manufacturer.... do something about this or we will block the sale of your goods in our country.

In this case "grey market importers" and moving product into countries under global sanction. Not fully committing to sanctions on countries like North Korea both prolongs the suffering of the people on the ground and fails to meet the goals of the sanction itself.
The sanctions are not against the country, are against the people. That's why for some countries there is a specific list of people which are sanctioned.
(comment deleted)
Is China really worried about the US's OFAC controls? At first thought that seems unlikely to me, but I guess I'm not super knowledgeable here.

It just seems weird to me; have we heard reports that other brands (even US brands) of Android phones have been soft-bricking themselves if brought to disallowed countries?

China is not a hivemind that acts as a whole. Xiaomi is definitely worried since they're not a state-owned company - the government won't save them so they must act carefully on their own.

Even state-owned companies like ZTE were hit seriously after sanction. They admit they only did the violation because they underestimated the enforcement.

Companies get so careful is because themselves could be sacrificed as political bargains.

right to repair should kick in, & require bootloaders be unlocked. so users can run operating systems of their own choice, now that their brand has abandoned them (perhaps for legal reasons here).
Unlocking bootloaders is nice, but relockable bootloaders that can take custom keys are even better.
Xiaomi is by the way blocks users with more than 10 activations per username, and as of late doesn't let you register a Xiaomi account without giving up your SMS number in some markets.
Xiaomi as of late is making way more money outside of China than in it, and they are not in hurry to repatriate money back to China.

Lei Jun is now quickly relocating Xiaomi to India. Xiaomi phones you can buy in most of the world now are made, and sold by Xiaomi India, and have no link to Xiaomi Communications (China) whatsoever.

Interesting. Do you have any links? I've been ongoingly looking for reasonable devices that are neither manufactured in nor connected to China.
A Xiaomi phone is super duper connected to China no matter where it's manufactured.

"No link whatsoever" is quite likely not accurate, after all they are licensing the brand, the technology and probably the firmware from the parent entity.

> Xiaomi as of late is making way more money outside of China than in it

Easy to debunk. The 2020 annual report (the latest available financial report I can find) clearly says

> As we continue to expand our overseas business, revenue from overseas markets amounted to RMB122.4 billion in 2020, representing a year-over-year increase of 34.1% and accounting for 49.8% of our total revenue.

https://i01.appmifile.com/webfile/globalweb/company/ir/annou...

49.8% is not “way more” than 50.2%. Overseas revenue does appear to be growing faster than domestic revenue (the overall revenue grew 19.4% YoY which means domestic revenue grew by 7.7%) so at this rate it could overtake soon, but even then way more is a stretch. I also somehow doubt the low-end business in India is higher margin than their flagship business in China. Hard to imagine earning much profit when you have to compete against $50 or something Jio phones.

Does it include Xiaomi India, or just Xiaomi China revenues from handsets sold abroad?
You can easily search for the word India in the linked report. Why even bother asking.
Xiaomi India is not directly owned by Xiaomi Communications, the Chinese company, but Xiaomi Communications still does sell some device lines in India as imports.
to the territory in which you have attempted to activate it

Is this a common "dark-pattern" these days, to require "activation" for an Android phone? My last experience with a generic Chinese Android smartphone of close to a decade ago was basically "insert battery, SIMs, microSD, and turn on" whereupon it booted quickly to the generic Android "desktop" and was ready to use with no other steps required.

Every Xiaomi phone I had started with a variation of the regular Android first start wizard. I suppose this is a kind of activation. These were supposed to be unmodified, original devices.

I say this because you can also buy modified devices, for instances Chinese devices that have been reflashed with an international ROM. If it booted without a wizard, you probably had one of these devices. Xiaomi always hated this, I'm not sure why, though a benign explanation is that sometimes these devices are said to come with malware pre-installed, and that's not a good look for Xiaomi (who like all Android manufacturers wants an exclusive right to install their own malware). This is one of the reasons unlocking the bootloader is rate limited and comes with a wait time.

there is another possible, more charitable explanation for the wait period for device unlocking: as a cooldown period to help people avoid being scammed into unlocking their phones
Was that a common scam before the cooldown?
I don't think so. OTOH what GP described (reseller earn money by batch unlocking phone and pre-installing not uninstall-able apps/malwares before selling to consumers) is very common some time ago.

China is wild.

"uninstall-able apps/malwares before selling to consumers"

Isn't this what American mobile operators do?

True about uninstallable for cheap phones at least eg. Boost mobile phone <= $150 from my experience. I've seen notification I can't swipe close, the voice mail app having built in ads...
At least they don't push snake-oil ads to your grandparents.
(comment deleted)
(comment deleted)
to add to that: in order to unlock, you need to register with your phonenumber and the wait time is a random interval of a few days to a few weeks.

i think you can unlock one phone per month per registered phone number.

this is done expressly with the intent to prevent mass unlocking by 3rd party resellers.

I had this many years ago with my Samsung Galaxy S4. I lived and worked in China back then and ordered the phone from Germany. It arrived, but it could not be activated. I tried every ROM I could find, but nothing helped. I ended up waiting a few months until I was back to Germany to activate the phone.

I stopped buying SAMSUNG after that experience.

I bought a Samsung phone in Europe for someone in South America, and the phone wouldn't recognize their SIM card. It turned out that the phone will accept any SIM card but only if you turn it on first for ~5 minutes with an European SIM.
Yes, there is a sticker on the device box that says so. In my case it was 15 minutes of talk time with EU SIM card being required.
For carrier devices it's quite common - and not just Android. I have an iPhone at home which refuses to work until you connect it to the internet and plug in a SIM card. It has to check for carrier unlock since it was sold as a locked phone in UK originally and now needs activation before functioning on each reset.
I have an "older" (not really that old, an S10 5G) phone that I keep as a backup. It didn't need anything to start being usable after a full reset, not even a sim card; you just had to skip all the login prompts.
Yes, "common on carrier devices" doesn't mean "every device has it". It's more common on some carriers - e.g. I had a lot of fun times getting Verizon test devices to work in Europe because they wanted to activate on CDMA network (non-existent on the continent) as part of their setup process.

These locks have started to become less and less common these days though.

Ah, that's interesting - and that would have to be a very strong "good luck with that" case.

My S105G is a carrier device (Telstra), but as you say they're moving to not lock them down anymore which is a lot nicer experience.

I don't know about Android but my last couple of experiences with Chinese-designed gear have been along these lines.

First was a DJI drone (this was a few years ago so might be different now). In order to even boot it up you have to download and run their firmware installer on a desktop computer (requiring internet access and potentially gathering God-knows-what data) with the drone plugged in. Then to use the drone you have to install their app which demands access to all sorts of things only tangentially related to the main function of the drone.

Second was a wifi security camera. I'd expect a wifi camera setup to go "turn on, connect to camera's access point, configure via web interface, reboot camera". This one was "install app, grant app all permissions, create account on company web page, verify email address, use account to log in to app, point phone camera at QR code on security camera, app autoconfigures camera with your wifi password, all video+audio goes to their servers, you may access it via (and ONLY via) their phone app."

We did NOT keep that camera much less buy any more of them.

I think the process with the drone is at least partly due to aviation regulations, but with the camera it sure sounds like the Chinese have started copying the Western pattern of "cloud-ifying" products unnecessarily.

Then again, perhaps avoiding the bigger companies and going to the OEMs or other small manufacturers directly (who would specialise only in hardware, and essentially wouldn't have the resources to set up and maintain the server side, or even an app) might be a better choice.

I bought my Xiaomi to use Telegram and Google Authenticator. However I then realized I can't unlock my phone without having a phone number. The only reason I currently pay for a sim card is so I can unlock it when I find the time.

It does not feel like MY device at all.

My device required an agonizing 30-day wait time after unlock request. De-Googling worked, but it was a bumpier ride than my previous OnePlus and Samsung devices.
Xiaomi CEO probably doesn't want to get arrested in Canada.
This is very unfair to the users of these phones, who may very well have bought the devices from grey market importers Xiaomi turned too blind of an eye to.

Owners in of these phones probably invested a large portion of their earnings to purchase these devices and may need them for critical functions. I wonder if the brick message will even be displayed in the user's local language?

Most likely sanctions are to blame as other commenters suggest.

I am Chinese, I don't buy Chinese products. You should too.
Flashing a custom ROM is not exactly a possibility if the device is remotely disabled on first activation, as unlocking the bootloader is a relatively lengthy process that requires waiting from few days to weeks for approval, needing also a working Mi account. I'd suggest doing so in these devices anyway, as MIUI has quite a lot of bloatware, and likes to send in China a lot of data with the many applications asking more permissions than one may consider necessary.
Yes, the internal Xiaomi apps even start playing video adds now. When flashed with LineageOS the battery lasts nearly twice as long. I also noticed that the device now feels cold to the touch, whereas before it was always ever so slightly warm.
It’s weird to me that in this instance the software can withstand an “attacker” having the device. I see this adage when reading about social engineering, That once the person has the device, they can take control of it. Ofc that doesn’t mean they can read all the data but yeah this is something I’ve seen a few times.
I don't think it's uncommon, the rule is more that you can't rely it not being hacked (with sufficient time, skills, etc.) than vice versa.

Whether or not it is depends on how much effort the world is willing to put into it.

There's plenty of software/devices that have never been hacked, but the ones that really test the rule to me are those where the effort to secure them is closely matched with the opposite, iOS, Denuvo, games consoles etc.

It must be hard to keep a straight face while saying "we don't know why" with this list of countries. Xiaomi is clearly afraid of the US using its sanction stick to cause problems as they did with Huawei.
Yeah, for people who can’t be bothered to read TFA, the list is

> Cuba, Iran, Syria, North Korea, Sudan, and the Crimea region

“I heard you seized a good part of the market share Huawei was forced to cede. It would be a damn shame if something were to happen to you too…”

The practical problem is modern Chinese electronics gets security right and you can’t just feed a random script through Bash to unlock them anymore. It used to be the opposite.
Xiaomi requires a sim card and a xiaomi account to enable USB debugging even in countries where their phones are officially sold. This doesn't surprise me one bit.
I haven't set any xiaomi account, and usb debugging works just fine.
Not for the phone I tried last year. Can't remember the model, I returned it the next day and got a different brand.

It may depend on model and location where you buy it.

Cuban here. This was going on for a week or two. Yesterday the phones began to be unlocked when connected to internet.
In terms of security, privacy or even usability, no one should ever consider Xiaomi a valid option for Android phones tbh.