“Xiaomi spies on its users’ data.” The producer: “It’s fake.”
The charge is those that make the walls tremble: Xiaomi would collect browsing data from users who use the integrated browser of the Chinese manufacturer’s phones. That’s what a security expert he works with says Forbes, which publishes the news exclusively.
This would also happen when users surf “in disguise” or when using the DuckDuckGo web browser, one of the most attentive and sensitive to the topic of privacy.
Gabriel Cirlig, the expert security safety researcher, using the model daily Redmi Note 8, noted that the device recorded practically everything he did on the phone and sent data to servers in Russia and Singapore, although the domains were hosted in Beijing. But what is the information captured by the smartphone? Screenshots, websites visited, folders open, changes to settings, music played and much more.
More than a device with a back door, this Redmi would be a back door with the functions of a smartphone, he wanted to joke Gabriel Cirlig.
Cirlig didn’t stop there, but went further by downloading the model Roma Xiaomi Mi 10, Redmi K20 and Mi Mix 3 and experiencing the same security vulnerability on everyone.
Another researcher, Andrew Tierney, has also found suspicious behavior on Mi Browser Pro and Mint Browser.
Xiaomi has responded to the accusations stating that Forbes’ accusations are misleading and false. A spokesman for the Chinese company said that Xiaomi respects local laws and regulations on the privacy of user data and that the navigation data collected is made anonymous. The reason why Xiaomi would collect them would be to improve the browsing experience of users according to a standard practice.
In response, Gabriel Cirlig sent Xiaomi a video showing how the browser sends its history to the servers even in incognito mode.
For Cirlig and Tierney, it’s not just data related to websites or web searches that are sent to servers. Xiaomi also collected data on the phone, including unique numbers to identify the specific device and Android version. Cirlig believes that with such “metadata” it should not be very difficult to trace the user.