Fast-growing Chinese device maker Xiaomi apologised to its “users and Mi fans” after it was revealed that devices were sending personal subscriber information to the company’s servers.

It was initially reported late last month that Xiaomi devices were sending information to an IP address in Beijing. Security company F-Secure then used a new RedMi 1S device to test the premise, and found that among the information sent was the phone numbers of contacts added to the phone book and from received SMS messages.

In a Google+ post, Xiaomi’s Hugo Barra said that the issue was related to its MIUI Cloud Messaging service, which enables users to send each other messages via IP with SMS as a back-up – similar to Apple’s iMessage.

In order to do this, it uses information including phone numbers, IMSI and IMEI numbers for routing.

“As we believe it is our top priority to protect user data and privacy, we have decided to make MIUI Cloud Messaging an opt-in service and no longer automatically activate users,” Barra wrote.