China –based Xiaomi tracks usage data and sends to servers remotely
A new research from Gabi Cirlig claims that the China-based Xiomi is tracking the sensitive information about users on Mi browser included with all Redmi and Mi phones.
As reported by Forbes, the Xiaomi’s Mi browser app sends the Internet searches by users to Xiaomi servers in Singapore and Russia.
The most concerning is that these data can easily be associated with a particular user that allows the company single out users they wish to track. Cirlig states:
“My main concern for privacy is that the data sent to their servers can be very easily correlated with a specific user”.
The data are sent on remote servers in Singapore and Russian while the domains are registered on an organization in Beijing.
The researchers say, the Xiaomi phones can record the folder a user opens, the screens he/she views and configured settings. Also, they can even record what and when the user plays songs.
On investigating, Cybersecurity researcher Andew Tierney found that the Mi Browser Pro and the Mint Browser collected the same data.
In response to these claims, the Xiaomi states that “the research claims are untrue” and that it “strictly follows and is fully compliant with local laws and regulations on user data privacy matters.”
“Xiaomi was disappointed to read the recent article from Forbes. We feel they have misunderstood what we communicated regarding our data privacy principles and policy. Our user’s privacy and internet security is of top priority at Xiaomi; we are confident that we strictly follow and are fully compliant with local laws and regulations. We have reached out to Forbes to offer clarity on this unfortunate misinterpretation.”
Their statement was shown not to be the case when the Cirlig created a video that tells how the Mi Browser search results are set to remote servers even in Incognito mode. Forbes provided this video to the Xiaomi, but the company defended its privacy protocols. According to the company, the video “shows the collection of anonymous browsing data” and that it “is one of the most common solutions adopted by internet companies.”
Manu Kumar Jain, vice president of Xiaomi India and Managing Director, also responded to the security allegation in a video. Here is what he said:
“A news report claims that Mi Browser collects unnecessary information while browsing and sends the user data to other countries. This is incorrect and not true”.
In a Twitter post, Tierney also showed how the Mint browser uploads usage data to Xiaomi’s servers. At present, we are waiting for the company response to this twitter post.