Report: Xiaomi collects browsing data from its phone users |
(Forbes) A website security researcher said: Xiaomi collects navigation data from users who use their phones and the built-in browser.
(Gabriel Sirleag) said: Even in hidden browser mode or when using a data protection-related browser like DuckDuckGo, the browser collects data.
Security researchers use Redmi Note 8 every day, and notes that the device records everything it does on its phone and sends data to servers in Russia and Singapore, even if all of these domain names are hosted in Beijing. Sent data includes: fake websites, open files, changing settings, playing music, etc.
Sirleague said the data was poorly encoded in base64 format so that it could easily copy the data into plain text. Security researchers have gone further, downloading ROMs for Mi 10, Redmi K20 and Mi Mix 3, and finding the same vulnerabilities in everyone. Another security researcher (Andrew Turney) has detected suspicious behavior in Mi Browser Pro and Mint Browser.
In response to these allegations, Xiaomi said that the results of Forbes were "misleading and wrong". A company spokesman said: Xiaomi complies with all local laws and regulations regarding the privacy of user data, and the collected browser data has been hidden. The reason Xiaomi collects data is that the company is trying to improve the user browsing experience, which is standard. (Sirleague) sent a video to Xiaomi, however, explaining how the browser sends its history to the above server even in incognito mode.