Xiaomi, one of the top-selling smartphone brands, including countries like India’s, has reportedly been accused of recording users’ interactions with its phones, increasing privacy concerns globally. The latest update suggests that Xiaomi is sending the data to servers in Singapore and Russia hosted by Alibaba, which have been rented by the Chinese phone giant.
According to the Cybersecurity researcher Gabi Cirlig and Andrew Tierney, along with Thomas Brewster, identified Redmi Note 8 was observing users’ phone habits, confirms Forbes. On further investigation, Cirlig found that the default Xiaomi browser recorded all the websites that were visited on the device, including search activities on Google and privacy-focused DuckDuckGo. To make the situation more concerning, it was found that the device tracked the activities even when he was supposedly using the incognito mode. This setting prevents browsing history or cache from being stored, according to Cirlig. Xiaomi also got accused of sending data of the opened folders and interactions with the home screen of the users, along with unique device numbers and Android versions.
As per Tierney, in addition to the pre-installed stock browser on MIUI, Xiaomi’s Android-based OS, the company’s Mi Browser Pro, and the Mint Browser are available on Google Play with a combined 15 million+ downloads were also collecting user data. On the other hand, Cirlig claimed that the same browser tracking code was present in the firmware code of other Xiaomi phones, including the Xiaomi MI 10, Xiaomi Redmi K20, and Xiaomi Mi MIX 3 devices.
Xiaomi did admit to collecting users’ browser data but said it was by consent and anonymized denied recording browsing data when using incognito mode. Forbes counter accused the brand with a video to prove they are doing so.
Forbes spokesperson clarified saying “This video shows the collection of anonymous browsing data, which is one of the most common solutions adopted by internet companies to improve the overall browser product experience through analyzing non-personally identifiable information.”
On May 2nd, Xiaomi in its defence, issued a public statement in response to the accusations levelled by Forbes in its article.
On May 3rd, Xiaomi announced that in its next browser update, it would allow the customers to stop their visited websites being sent to the servers of the Chinese company. The browsers will include “an option in incognito mode … to switch on/off the aggregated data collection, in an effort to further strengthen the control we grant users over sharing their own data with Xiaomi.” They also showed readiness for the software updates to Google Play for approval within a day.
Xiaomi added to their statement, saying they believe this functionality, in combination with the approach of maintaining aggregated data in a non-identifiable form, it goes beyond any legal requirements and demonstrates Xiaomi’s commitment to user privacy.