Report: Xiaomi collects browsing data from users of their phones

A website security researcher (Forbes) said: The Xiaomi company collects browsing data from users who use its built-in phones and browsers.

(Gabriel Sirleag) said: The browser collects data even in hidden browsing mode, or when using privacy-sensitive browsers such as: DuckDuckGo.

The security researcher uses Redmi Note 8 on a daily basis, noting that the device records everything it does on the phone and sends data to servers in Russia and Singapore, despite the domains being hosted in Beijing. This submitted data included: counterfeit websites, open folders, modified settings, music playback and more.

Sirleague claimed that the data was weakly encoded using the base64 format, making it very easy for him to copy the data into plain text. And the security researcher went further, downloaded ROM for Mi 10, Redmi K20 and Mi Mix 3 and found the same security vulnerability in each of them. Another security researcher named (Andrew Turney) discovered the suspicious behavior in My Browser Pro and also in Mint Browser.

For its part, Xiaomi responded to the accusations saying that the “Forbes” results are “misleading and incorrect.” A company spokesperson said: Xiaomi complies with all local laws and regulations regarding the privacy of user data, and the collected browsing data has been hidden. As for why Xiaomi collects data, it is because the company is trying to improve the user browsing experience, which is standard practice. However, (Sirleague) sent a video to Xiaomi explaining how the browser sends its history to the mentioned servers even in incognito mode.