Xiaomi Phones Found Collecting Private User Data And Sharing It On Chinese Servers
Cybersecurity researcher Cirlig revealed that he found his Xiaomi Redmi Note 8 was ¡®watching what he was doing on his phone.¡¯
Update - May 2, 2020: Xiaomi reached out to us with an updated statement about this incident:
¡°Xiaomi was disappointed to read the recent article from Forbes. We feel they have misunderstood what we communicated regarding our data privacy principles and policy. Our user¡¯s privacy and internet security is of top priority at Xiaomi; we are confident that we strictly follow and are fully compliant with local laws and regulations. We have reached out to Forbes to offer clarity on this unfortunate misinterpretation.¡±
Original story as filed on May 1, 2020: In India, Xiaomi has claimed the spot of the most popular smartphone maker, while also sitting at one of the top in terms of sale of devices across the nation. Offering great specs at an affordable price tag has been a tempting many Indians from buying Xiaomi phones. However, a new report reveals that this tempting package comes at the cost of privacy.
In a report by Forbes, cybersecurity researcher Cirlig revealed that he found his Xiaomi Redmi Note 8 was ¡®watching what he was doing on his phone.¡¯ he found that his data was being tracked and was being sent to remote servers hosted by Chinese cloud giant Alibaba which were apparently owned by Xiaomi itself.
While using Xioami¡¯s preloaded browser he found that it recorded each and every website he ever visited. This includes queries entered in search engines, as well as everything that he viewed on the news feed. Even the incognito mode on the phone wasn¡¯t spared from this tracking.
It gets creepier as he also saw that the phone was keeping a track of what folders he opened as well as the screens he switched. All the data was being sent to servers in Singapore, Russia with the web domain registered and hosted in the Chinese capital Beijing.
He saw this to be the case not just in the budget device he was using but also premium flagships that were being offered by the brand like Mi 10, Redmi K20 as well as Mi Mix 3. All the devices had the same browser code that made Cirlig suspect that they¡¯ve got similar privacy concerns.
Xiaomi, however, has denied this, stating, ¡°The research claims are untrue. Privacy and security is of top concern.¡± it also stated that it strictly follows and is fully compliant with local laws and regulations on user data privacy matters. They also disagreed with the fact that data was being collected in incognito mode.
However, a spokesperson did also confirm that it was collecting browsing data, stating the information was anonymized so wasn¡¯t tied to any identity. The spokesperson also stated that the users had consented to such tracking (basically in the ¡®I agree that people do while signing up on a new phone).
Cirlig, however, pointed it out that the device was collecting data identifying the device using specific numbers and Android versions, which can be easily correlated, making the premise of anonymity moot.
Would you still trust buying a Xiaomi phone? Tell us in the comments below.