Xiaomi phones collect browsing data According to the report
According to a security researcher working with Forbes magazine, Xiaomi has been amassing browsing info from users that are using Xiaomi phones and also the built-in browser. And the shocking part is that the browser does so even in incognito mode.
Gabriel Cirlig, the security researcher, is using a Redmi Note 8 as a daily driver and discovered the device records pretty much everything he does on the phone and transmits the data to servers in Russia and Singapore. However, the domains are hosted in Beijing. We’re talking displays, sites visited, folders opened, settings he changed, music played around the default app, etc..
The information itself is poorly encrypted with the base64 format, so it was quite simple for him to transcribe the information into plain text.
Cirlig went further and downloaded the ROMs for Xiaomi Mi 10, the Redmi K20, and the Mi Mix 3 and discovered the same security vulnerabilities on all of them. Another security researcher, Andrew Tierney, found the same suspicious behavior on the Mi Browser.
Xiaomi has responded to these allegations saying that Forbes’s findings are untrue and misleading. A spokesperson for the firm said that Xiaomi complies with all local laws and regulations on user information privacy, and the collected browsing data has been anonymized. As to why Xiaomi is receiving it, it’s because the firm is trying to improve the user’s browsing experience, and it’s standard practice. More to the point, the information can’t be traced back to a particular user. But, Gabriel Cirlig delivered a video into Xiaomi, revealing the way the browser sends its background to the stated servers in incognito manner.