[ad_1]
The Chinese technology company Xiaomi has been accused by two security experts of violating the privacy of its users. Investigator Gabi Cirlig told Forbes magazine that the allegedly unauthorized data from his cell phone is being sent to remote servers from Alibaba, another Chinese giant, rented by the company.
Cirlig found that her online behavior was being abused and that various types of device data were being incorrectly collected. He was surprised to see how “his identity and private life were being exposed to the Chinese company,” the magazine reports.
The expert verified that even when using Xiaomi standard browser incognito mode, the tool registered search terms on Google and DuckDuckGo, a search service focused on privacy.
The device would also record which folders it opened and which screens it went to, including the status bar and settings page.
“All the data was being packaged and sent to remote servers in Singapore and Russia, although the hosted web domains were registered in Beijing,” the magazine says.
Another researcher analyzed that the Xiaomi browsers available on Google Play, such as Mi Browser Pro and Mint Browser, were collecting the same data. Together, they have more than 15 million downloads, according to Google Play statistics.
The researchers said that the invasion of Xiaomi browsers is “much worse than any of the main browsers” on the market. Some, they reflect, use analysis, but on use and failures.
“Taking browser behavior, including URLs, without explicit consent and in private browsing mode, is the worst possible,” said Cirlig.
Xiaomi is one of the four largest cell phone manufacturers in the world, and has been gaining space in countries other than China in recent years, such as Brazil.
On its website, the company said the report distorted the facts. It says that the security and privacy of its users are among the priorities and that it complies with the laws and regulations on the subject in all the countries in which it operates.
“All the data collected is based on the explicit permission and consent of the users,” he says. “In addition, we make sure that the entire process is anonymous and encrypted.”
The company claims that the “aggregated statistical data” is used for “internal analysis” and that it does not link personally identifiable information with that data.
“Xiaomi hosts information about a public cloud infrastructure that is common and well known in the industry,” the company added, alleging that all user information is stored on servers in various markets abroad, in accordance with local laws.
