Xiaomi is a giant smartphone manufacturer company in the world. It is among the top selling smartphones in the world and second largest smartphone company in India. Smartphone is a daily usage gadget and we store lots of private information that we can not share with anyone. According to the reports from Forbes, Xiaomi is collecting users web usage and phone usage. Let’s dig into the whole story.
A person named Cirlig reported Forbes that his Redmi Note 8 smartphone is collecting data and is being sent to remote servers hosted by Alibaba, which were ostensibly rented by Xiaomi. After investigating the result found was shocking. Result says that Xiaomi default web browser records all the website visited, including search engine query even from privacy focused search engines. Not only that, Xiaomi also records users activity in private mode (Incognito mode).
Further investigation adds that the device records which folder user opens, to which screen they swipes including the status bar and settings page. All these data was being packed and sent to remote servers in Singapore and Russia through web domain registered in Beijing.
On further investigation from Forbes, they says browsers from Xiaomi on Google Play Store that includes Mi Browser Pro and Mint browser also collects the same data. Further this issue was checked on other Xiaomi device that includes Redmi K20, Mi 10 and Mi Mix3. All these Xiaomi phone confirmed the same browser code thus pointing to same privacy issue.
All these issue were sent to Xiaomi with photos and videos as a proof but Xiaomi denied everything. The company claimed that all the data was being encrypted when transferred in an attempt to protect user privacy. But the Cirlig (cybersecurity expert) was able to quickly see what is being sent by decoding the information with base64 crackable encoding.
In all the response, Xiaomi said , “The research claims are untrue and privacy and security is of top concern”. adding that “It strictly follows and is fully complaint with the local laws and regulations of user data privacy matters”. Company keeps denying all the issues.
Upon further digging, Forbes found that to better understand user behavior Xiaomi is using services of a behavioral analytics company called sensor analytics. Sensor analytics is a provider of an in-depth user behavior analysis platform and professional consulting service. Forbes found that sending data to domains appeared to reference sensor analytics. When clicking on one of the domains, the page contained one sentence “Sensor analytics is ready to receive your data”.
Xiaomi spokesperson said, “While sensor analytics provides data solution for Xiaomi, the collected anonymous data are stored on Xiaomi’s own servers and will not be shared with the sensor analytics”.