Xiaomi is among the top-selling smartphone companies in the world and is the leading brand in the world’s second largest smartphone market — India. The rise of Xiaomi smartphones is attributed to cheaper pricing with top-of-the-line specifications. However, it seems that the users have to pay a hefty price when it comes to privacy.
According to the latest report published by Forbes, Xiaomi smartphones are found that the company is recording data of what the user is doing with the devices and the data are then sent to remove servers hosted by Alibaba, which are ostensibly rented by Xiaomi.
It found that Xiaomi’s default browser records all the websites visited, including search queries even from privacy-focused search engines, and every item viewed on its news feed. It reports that the tracking happens even when the user is in the private mode.
Further, the report adds that the Xiaomi device records what folders users open and to which screens they swipes, including the status bar and the settings page. All of the data are then being packaged and sent to remote servers in Singapore and Russia, while the web domains they hosted were registered in Beijing.
The report from Forbes reveal that the company wasn’t just collected web browser data but also data about the phone, including unique numbers for identifying the specific device and Android version.
However, Xiaomi denies that there’s a problem with privacy. The company claims that data is encrypted when transferred to protect user privacy. But it just takes a few seconds to decode the base64 encryption and to change the garbled data into readable information.
In its response, the Chinese smartphone maker says that “privacy and security is of top concern” for them and adds that it “strictly follows and is fully compliant with local laws and regulations on user data privacy matters.” The spokesperson for the company also confirms that it was collecting browsing data, claiming the information was anonymised so wasn’t tied to any identity.
Xiaomi’s spokesperson also denied that browsing data was being recorded under incognito mode. However, two security researcher found in their independent tests that their web habits were sent off to remote servers regardless of what mode the browser was set to. When Forbes sent a video proof of the claim to Xiaomi, the company continued denying it.
Upon further digging, Forbes found that to better understand its users’ behaviour, Xiaomi is using services of a behavioural analytics company called Sensors Analytics which has tools that help its clients in “exploring the hidden stories behind the indicators in exploring the key behaviors of different businesses.” Xiaomi’s spokesperson also confirmed the company’s relationship with Sensors Analytics.