Xiaomi is reportedly recording users’ web and phone use

Chinese firm claims it's doing nothing wrong and says users consented to data sharing

Chinese mobile giant Xiaomi has been recording millions of users’ private web and phone usage, according to an exclusive Forbes report

Upon discovering that his Redmi Note 8 smartphone was tracking much of what he was doing, security researcher Gabi Cirlig found Xiaomi was sending his data to remote servers hosted by Alibaba, which Xiaoni was apparently renting. 

Advertisement - Article continues below

While Cirlig quipped to Forbes that this was “a backdoor with phone functionality,” what he found was truly disturbing. According to Cirlig, when he perused the web on his device’s default Xiaomi browser, it recorded each site he visited, including search engine queries on Google and DuckDuckGo. Unfortunately, this tracking took place even when Cirlig used the private “incognito” mode.

Cirlig’s device also kept track of what folders he opened and which screens he swiped. All the data was then packaged and sent to remote servers in Singapore and Russia.

At Forbes’ request, cybersecurity researcher Andrew Tierney took a deeper dive and found browsers offered by Xiaomi on Google Play (Mi Browser Pro and the Mint Browser) were collecting the very same data. 

Many more are likely to have been affected by these serious privacy issues, but Xiaomi claims there’s nothing to see here. After downloading firmware for other Xiaomi phones and confirming they come with the same browser code, Cirlig suspects other Xiaomi devices have the same privacy issues.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

In its response to Forbes’ research, Xiaomi said: “The research claims are untrue” and “privacy and security is of top concern,” adding it “strictly follows and is fully compliant with local laws and regulations on user data privacy matters.”

A spokesperson confirmed the company collects browsing data but added the information was anonymized and not tied to any identity. The company claims users had also consented to such tracking.

Xiaomi may have been collecting the data to better understand its users’ behavior. It appears the company has employed the services of behavioral analytics company Sensors Analytics and has since confirmed its relationship with the startup.

Cirlig and Tierney agree that Xiaomi’s behavior is more invasive than other browsers, such as Google Chrome or Safari.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Most Popular

Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

5 May 2020
Visit/mobile/5g/355712/nokia-5g-speed-record
5G

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
Visit/cloud/cloud-computing/355742/microsoft-launches-public-cloud-service-for-health-care
cloud computing

Microsoft launches public cloud service for health care

21 May 2020