Mobile Giant Xiaomi is known for the quality phones at a very less cost. The products of Xiaomi are preferred by a large number of people. The users of Xiaomi made it among the top four smartphone company in the market share. However, getting features like higher-end smartphones at a low cost will come at the cost of their privacy. Recently, Forbes released a report on Xiaomi accusing them of recording the private data of millions of users. A White Ops security researcher named Gabi Cirlig was speaking with Forbes about the Scenario. He discovered that his new phone Redmi Note 8 is tracking his activities on the phone. Cirlig said the Xiaomi phones act as “a backdoor with phone functionality”. He also said to Forbes that the data was being sent to the remote servers named Alibaba. Alibaba is rented by Xiaomi.
Researcher about the security of his privacy on the Xiaomi Phone
The researcher found that Xiaomi’s browser was recording his behavior. Data harvesting was also done on various types of data. He added that his identity and private life were no more private to him. Furthermore, he noticed that the device’s default Xiaomi browser was recording all the websites he visited, including search engine queries. Even when he used Google or the privacy-focused DuckDuckGo, the results were the same. Switching to the incognito mode was also giving the same results. It is a matter of concern because Incognito mode focuses on the privacy of the user, it does not save the browsing history and cookies. Cirlig said that his device was recording the folders that he visits and the screens he swiped. It was more worrying that the data was then packaged and sent to the remote servers in Singapore and Russia and the web domains they hosted were registered in Beijing.
The cybersecurity researcher Andrew Tierney found Xiaomi’s browsers (Mi Browser Pro and the Mint Browser) which are available on Google Play were also doing the same with the privacy of their users. Cirlig described that many people will be affected by the same issues because if we refer to statistics these browsers were downloaded by 15 Million people on Google Play. Cirlig suspected that the issue remains the same with other Xiaomi smartphones. So he downloaded the Firmware for other Xiaomi devices. The devices were Xiaomi MI 10, Xiaomi Redmi K20, and Xiaomi Mi MIX 3. He was right about it as the issues persisted on other devices too.
Xiaomi’s reply on the issue
Xiaomi responded to the report of Forbes and said that “The research claims are untrue”. The company also said “privacy and security are of top concern,” and they are “strictly followed and is fully compliant with local laws and regulations on user data privacy matters”, they added. A spokesperson confirmed that the user’s consent was asked for collecting their information. He confirmed that the company collects data. However, all of the information is not linked to someone’s identity. The data was anonymized. Xiaomi’s intention was only to understand the behavior of the users from the beginning. The company also confirmed its relationship with the services of a behavioral analytics company, Sensors Analytics.
Both Cirlig and Tierney agreed on the fact that Xiaomi browsers behavior is more invasive than other browsers like Google Chrome or Safari. Tierney also said that the browser is a lot worse than the mainstream browsers. The browsers only take analytics about usage and crashing. Xiaomi browsers do many more than that without explicit consent even operating in Incognito Mode.
There are many proofs to support these privacy invasion claims. Although the Chinese tech giant continues to deny these accusations, nothing definitive can be said without a proper investigation of these claims.