Zenith

  • Latest News

    Friday, May 1, 2020

    Xiaomi Could Be Sending Your Browser Data to China, Even in 'Incognito' Mode

    Xiaomi once again faces allegations that it is silently sending user data to remote servers. Security researchers claim that the Chinese company, which leads the smartphone market in India and is amongst the top-five smartphone makers globally, has provided loopholes on its phones to transmit data to remote servers hosted by Alibaba.

    Cybersecurity researcher Gabi Cirlig discovered that his Xiaomi Redmi Note 8 smartphone was watching much of what he was doing and sending that data to remote servers hosted by Chinese tech giant Alibaba, which were ostensibly rented by Xiaomi.

    Cirlig found a worrying amount of his behaviour was being tracked, and various kinds of device data were also being harvested. When he looked around the Web on the device's default Xiaomi browser, it recorded all the websites he visited, including search engine queries whether with Google or the privacy-focused DuckDuckGo, and every item viewed on a news feed feature of the Xiaomi software. That tracking appeared to be happening even if he used the supposedly private "incognito" mode.

    The device was also recording what folders he opened and to which screens he swiped, including the status bar and the settings page. All of the data was being packaged up and sent to remote servers in Singapore and Russia, though the Web domains they hosted were registered in Beijing.

    Other investigators have since found found browsers shipped by Xiaomi on Google Play -- Mi Browser Pro and the Mint Browser -- were collecting the same data.

    In response to the findings, Xiaomi said: "The research claims are untrue," and "Privacy and security is of top concern", adding that it "strictly follows and is fully compliant with local laws and regulations on user data privacy matters". A spokesperson did however confirm it was collecting browsing data, claiming the info was anonymised and users had consented to it.

    Cirlig pointed out that Xiaomi "was also collecting data about the phone, including unique numbers for identifying the specific device and Android version. Cirlig said such 'metadata' could 'easily be correlated with an actual human behind the screen'".

    The researchers found their Xiaomi apps to be sending data to domains that appeared to reference Sensor Analytics, which Xiaomi says "provides a data analysis solution for Xiaomi", adding that that the collected anonymous data "are stored on Xiaomi's own servers and will not be shared with Sensor Analytics, or any other third-party companies".

    • Blogger Comments
    • Facebook Comments

    0 comments:

    Item Reviewed: Xiaomi Could Be Sending Your Browser Data to China, Even in 'Incognito' Mode Rating: 5 Reviewed By: BrandIconImage
    Scroll to Top