Serious issues for Xiaomi – collects data from browser and phone

According to a security researcher at Forbes, Xiaomi collects browsing data from users who use the browser provided by the manufacturer. This happens even in Incognito mode.

Researcher Gabriel Cirlig uses a Redmi Note 8, and he found that everything he does on the phone is recorded and sent to servers in Russia and Singapore, although the domains are hosted in Beijing, China. Other data came from servers rented by Xiaomi from Alibaba.

What kind of data? From browser browsing data to background music, folders, websites, settings and even the screen itself. That is, what the user sees directly.

The data itself is encrypted in base64 format, so it was very easy for him to transcribe the data into text and find out what it is about. Moreover, he decided to see if the problem was only on his phone or not.

He downloaded the ROMs for Xiaomi Mi 10, Redmi K20 and Mi Mix 3 and found the same security issue for all. Another researcher found the same problem on Mi Browser Pro and Mint.

Xiaomi responded to the allegations by saying that they were misleading and untrue and that it complied with all local laws and regulations regarding the confidentiality of user data. Also, the navigation data has been anonymized and the procedure is a standard one. Xiaomi also stated that the data cannot be tracked to a specific user.

But Gabriel Cirlig sent a video to Xiaomi showing how the browser collects data even in Incognito mode.

He also says that having vital information from the phone such as series, pictures, locations and saved addresses, can be easily correlated with a real person. So Xiaomi can know without problems whose data it is.

Xiaomi also denied the accusation, even though the evidence was put in front of them. Both Tierney and Gabriel Cirlig mentioned that Xiaomi’s browser is much more aggressive in collecting data than Safari or Chrome.

Once again we have proof that really cheap things are not cheap. It will probably take some time for an ordinary person to really know the value of personal data. Regarding the practices of Chinese companies, you already know my opinion.