[ad_1]
Yesterday we learned about an investigation carried out by Forbes that alerted about certain Xiaomi practices. According to the publication, the Chinese company’s smartphones collect information on page views, searches performed and other uses of the smartphone and send this information to their own servers.
During the elaboration of the article, Forbes contacted Xiaomi to contrast some of his inquiries and obtain the position of the company.
This investigation has raised quite a stir, since it supposes a vulnerability of the privacy of the users, reason why the company quickly issued a statement denying the accusations and blaming it for a misinterpretation of its words.
Now the company has published an extensive article in which it provides more clarity about their practices and provides technical details.
Xiaomi admits that it collects usage information from smartphones, but that all the usage data collected is based on the permission and consent explicitly given by users. In addition, the company claims that it ensures that the entire process is anonymous and encrypted.
Collecting aggregated statistical usage data used for internal analysis, and no personally identifiable information is linked to any of this data. Furthermore, it claims that it is a common solution adopted by Internet companies around the world to improve the overall user experience of various products.
Xiaomi also indicates that houses information in a public cloud infrastructure which is common and well known in the industry. All the information of its services and users abroad is stored on servers in several foreign markets where the local laws and regulations for the protection of user privacy are strictly followed and with which the company fully complies.
Before the publication, the Forbes journalist sent Xiaomi an email with questions relevant to the article, and the company indicates that it responded in full transparency, providing detailed answers about our technology and privacy policies. However, Xiaomi considers that the published article does not accurately reflect the content and facts of these communications.
As an Internet company, Xiaomi defends that Internet safety, security and user privacy are the company’s fundamental principles and the basis of its daily work.
Xiaomi also claims that international organizations TrustArc and British Standard Institution (BSI) They have certified the security and privacy practices of Xiaomi smartphones and their default applications, including Mi Browser. In particular, it has obtained the certifications ISO27001: 2013, ISO27018: 2014, ISO29151: 2017 and TRUSTe
Types of data collected by Xiaomi
Xiaomi indicates that there is two types of data collected for their smartphones:
1. Collection of aggregated statistical usage data – Data (such as system information, preferences, usage of user interface features, responsiveness, performance, memory usage, and crash reporting) is aggregated and cannot be used alone to identify any individual.
An example usage scenario: The URL is collected to identify slow loading web pages; This gives an idea of how to improve the overall performance of the navigation.
2. Synchronization of user browsing data – The user’s browsing data (history) of an individual is synchronized when the user is logged in to My Account and the data synchronization function is activated in Settings.
An example usage scenario: Provide users with quick access to previously viewed websites when users switch between different devices after accessing their Mi accounts.
In incognito mode, the user’s browsing data is not synchronized, however aggregated statistical usage data continues to be collected (mentioned in point 1).
Technical details on data collection
Next, Xiaomi presents screenshots of your source code to demonstrate these points in more detail.
This screenshot shows the code for how we create randomly generated unique tabs to add to aggregated usage statistics; and these chips do not correspond to any individual.
This screenshot shows how the Mi Browser works in incognito mode, where the user’s browsing data is not synchronized.
The following URL shows that the collected usage statistics data is stored in the Xiaomi domain and we do not pass any data on to Sensor Analytics. (MIUI is the operating system of Xiaomi devices).
This image shows that usage statistics data is transferred using the HTTPS encryption protocol TLS 1.2.