According to a report from Forbes, Chinese tech giant Xiaomi has been accused of collecting users private information via their smartphones. In a post published April 30, 2020, a Redmi Note 8 user by the name Gabi Cirlig, told Forbes that he noticed that his personal data was then being sent to remote servers hosted by another Chinese tech giant, Alibaba, which were ostensibly rented by Xiaomi.
According to him, all the websites he visited, where recorded by Xiaomi’s default browser, even when on private “incognito” mode. Cirlig also revealed that the device also recorded what folders he opened and to which screens he swiped, including the status bar and the settings page. In his words, all this data was being packaged up and sent to remote servers in Singapore and Russia.
Cirlig revealed he went even further to download the ROMs for Xiaomi Mi 10, the Redmi K20 and the Mi Mix 3 and found the very same security vulnerability on all of them. Another security researcher, Andrew Tierney, found the suspicious behavior on the Mi Browser Pro and the Mint Browser too.
Cirlig found out that the data copied were poorly encrypted using the base64 format, so it was very easy for him to transcribe it, into plain text. Cirlig said it took just a few seconds to change the encrypted data into plain text.
Xiaomi has responded to the claim by Forbes saying that the research were untrue. According to the company, privacy and security are of top concern,” adding that it “strictly follows and is fully compliant with local laws and regulations on user data privacy matters.
A spokesperson for the company, however, revealed that the company those collect browsing data, but said the information was anonymized so wasn’t tied to any identity. They said that users had consented to such tracking.
If the report is anything to go by, then this could be worrisome problem since Xiaomi is currently the world’s 4th smartphone maker. It is ranked behind Apple, Samsung and Huawei. The company’s Play—Mi Browser Pro and the Mint Browser has more than 15 million downloads from Google Playstore.