Xiaomi smartphone owners might want to keep off the company’s browsers if they care about their privacy.
The Chinese tech company was caught recording a worrying amount of user activity in its Mi Browser Pro and Mint Browser apps. According to the report published by Forbes, researchers found two apps which have collectively accumulated over 15 million downloads on Google Play Store. They also reportedly gathered immense amounts of data about any website a user visits even in incognito mode.
The default browsers that ship with Xiaomi smartphones were found to record search engine queries from Google and other privacy-oriented services. The tested device also extracted data about what folders users open and to which screens they swipe, including the status bar and the settings menu.
The report goes ahead to state that the data was then compiled and sent to remote servers in Singapore and Russia, through the web domains the company hosted in Beijing. Additionally, some of the data was allegedly sent to servers Xiaomi rented from fellow Chinese fellow tech giant, Alibaba.
One of the researchers, Gabi Cirlig, discovered the breach on his Redmi Note 8 handset. Later on, after reviewing the firmware of other Xiaomi devices, he reported of suspecting that the issue is affecting many more smartphones. This is mostly because he found the same code in all the phones tested that included Xiaomi Mi 10, Redmi K20 and Xiaomi Mi Mix 3.
After much pressing about the issue, Xiaomi did come out to deny all these allegations, arguing that all data is encrypted and anonymised. However, Cirlig was able to easily decrypt the data into readable information which could be tiled back to an individual. Xiaomi has ironically still stuck to denying the claims even after being provided with the videos and photos as proof.
“Privacy and security are of top concern,” the company said, adding it “strictly follows and is fully compliant with local laws and regulations on user data privacy matters.”
The report did note that Xiaomi collects such data “to better understand its users. And yes, this is a practice that has been adopted by many other major companies including Google and Apple. But the worrying bit would be Xiaomi’s secretive approach to data collection and the utter denial when asked about it.
Huawei too has received similar accusations of building back doors in its devices to snatch data in the past. Luckily for the company, the cases faded away over time following little evidence to support the claims. The situation for Xiaomi though is very different keeping in mind the plenty amounts of proof presented so far.