Chinese electronics giant Xiaomi will be opening a data center in India in 2015 to address the privacy concerns of some customers.

The announcement follows the news that the Indian Air Force (IAF) has asked personnel not to use Xiaomi devices, claiming they send detailed user information to servers in China and thus pose a security risk.

Xiaomi says the software issue mentioned in the IAF memo has been fixed more than a month ago.

While the new facilities are being built, Indian user data will be temporarily stored on AWS infrastructure located in Singapore and Oregon, US.

“These efforts help significantly improve the performance of our services and also provide some peace of mind for users in India, ensuring that we treat their data with utmost care and the highest privacy standards,” said the company in a statement.

Suspicious minds
In little over a year, Xiaomi went from a niche player to a major vendor, thanks to its aggressive marketing and low device prices. According to Canalys, in the second quarter of the year the company overtook Samsung as the best-selling smartphone brand in China, the world’s largest mobile device market.

It even managed to headhunt Hugo Barra, the former Google VP and spokesman for the Android project.

Xiaomi devices are especially popular in developing countries like India and Russia, despite well-documented suspicion towards Chinese technology companies.

The real trouble for Xiaomi began in August, after Finnish security vendor F-Secure reported that the Redmi 1S smartphone, which retails in India for around US$98, was forwarding carrier name, phone number, IMEI (the device identifier), address book numbers and even whole text messages back to Beijing.

On October 19, IAF issued a memo, advising 175,000 military personnel and their families to stop using Redmi 1S. Even though the Air Force said it relied on information supplied by the Indian Computer Emergency Response Team (CERT-In), the wording of the memo seemed to echo the report by F-Secure.

What the organization apparently failed to notice was the second report, which explained that an over-the-air update had addressed all of the privacy issues pointed out by F-Secure and actually added certain encryption features.

On Monday, Xiaomi published a statement saying it has never collected personal information without explicit permission. The company has already started moving foreign user data out of China, and expects the process to complete by the end of 2014. In another year, all of the user data originating in India will be stored in a purpose-built, local data center.

“Our primary goal in moving to a multi-site server architecture was to improve the performance of our services for Mi fans around the world, cut down latency and reduce failure rates,” explained Barra, VP of International business at Xiaomi, in a post on Google+.

“At the same time, it also better equips us to maintain high privacy standards and comply with local data protection regulations. This is a very high priority for Xiaomi as we expand into new markets over the next few years.”

Finally, Xiaomi reiterated that it has addressed the concerns raised by F-Secure regarding the Redmi 1S. “We believe the advisory circular issued by IAF is based on events about 3 months back,” said the statement. “We immediately addressed the concerns raised, which was directly acknowledged by F-Secure four days later.”

The Chinese vendor will have to regain user trust to deliver on the promises to sell 100,000 handsets in India every week. Xiaomi previously said it plans to expand operations in Indonesia, Mexico, Russia, Thailand and Turkey during the second half of the year.