[ad_1]
Xiaomi is one of the largest companies in the industry after the three smartphone giants: Samsung, Apple and Huawei. The manufacturer has also been selling its mobile phones in Germany for a few months now, and is particularly impressive due to its good price-performance ratio. However, IT specialist Gabriel Cîrlig is now making accusations against Xiaomi regarding the protection of user data. Specialist Andrew Tierney, hired by Forbes magazine, confirms this.
Xiaomi smartphones must track user behavior
The specific reproach is: Xiaomi smartphones record user behavior and send it to their own servers. In particular, according to Cîrlig, this applies to user behavior when browsing the web. The Xiaomi browser records search behavior and even specific search queries, even in truly private incognito mode.
So Xiaomi just published a blog post about them without recording anything in incognito mode. Why do they have this flag among the things they exfiltrate then? 🤔🤔🤔
DC @cybergibbons pic.twitter.com/EJRAfkjaH0
– Gabriel Cîrlig (@hookgab) May 1, 2020
Forbes magazine not only spoke to Cîrlig about the allegations he made, but also hired his own specialist, Andrew Tierney. He also concluded that not only the standard Xiaomi browser does this, but also the Mi Browser Pro and the Mint Browser. Gabriel Cîrlig refers to Redmi Note 8 in his Forbes statement. Since other models like the Mi 10 use the same browser code, it is quite possible that users of other models will also be affected.
Anonymous user data at risk?
In addition to the websites visited, the IT specialist also found that data had been collected on which applications and folders he had opened and which screens he had swiped. Even his status bar has been transferred, Cîrlig said. Xiaomi’s music service also streams played tracks, with a time stamp. The data must go to an Internet server that is listed by the Chinese group Alibaba and rented by Xiaomi.
In all the cases examined by the Cîrlig, data was also transmitted on the smartphone model used, the Android version and, in addition, constant user identification. The specialist fears that this data may be used to identify the respective user. “My main privacy concern is that the data sent to their servers can be correlated very easily with a specific user.” (Eng. “My main concern regarding data protection is that the data sent to the server is very easily related to a specific user it can be brought”)
Also interesting: you should pay attention to this when you buy a cell phone from China
That’s what the manufacturer Xiaomi says
Xiaomi has already spoken to Forbes and has resisted the allegations. However, a company spokesperson admitted that the data would be collected, but anonymously. In addition, the users of the data analysis had previously agreed. In addition, the data will only be transmitted if two conditions are met: the user must log in to a Mi account and the corresponding “data synchronization” function must be activated there. This is not active in incognito mode, but so-called “statistical usage data” will continue to be transmitted. Xiaomi denies that the data is also collected in incognito mode.
Cîrlig replied via Twitter:
For the lazy. That was the MI account on the phone. That is tied to a real phone number. SENT AFTER CLOSING THE SESSION OF THIS ACCOUNT.
* INCOGNITO * pic.twitter.com/ybPieBkEo6
– Gabriel Cîrlig (@hookgab) May 3, 2020
Cîrlig also contradicts the first point and points out that the code transmitted to him could be deciphered in a few seconds and that he could trace the data back to himself. In addition, both experts emphasize that not only the information of the browser was transmitted, but also the so-called metadata about the phone used, which would facilitate the tracking of the collected data to a specific user.
Following this statement, the company also took a position on its own blog and referred to a May 3 update, which should make it easier for users to object to the data transfer through a opt-out option. Collecting the data is also absolutely anonymous, he continues. Browser URLs would be registered to identify slow loading pages. The user code, in which specialists see a security vulnerability, would be generated automatically and by chance and therefore was not attributable to a user.
TECHBOOK thinks
“Accusations are made again and again against Chinese manufacturers like Xiaomi that they would collect data far beyond the usual survey. Oppo, Huawei, OnePlus, Xiaomi: There are always rumors or complaints, some with some without evidence. The trade dispute between China and the United States has exacerbated the situation. The current accusations are likely to come at a very unfavorable time for Xiaomi, as the manufacturer has not yet sold its phones in Europe for a long time and the entire market is affected by the pandemic of the Crown. More transparency regarding data protection would be desirable and important here in the future. In the end, users should not have to pay for cheap devices with personal data. ” Marlene Polywka, editor
This is how the TECHBOOK editorial team tests
->
[ad_2]
