[ad_1]
Last year, Xiaomi was the fourth largest smartphone maker in the world after shipping approximately 125.5 million units. The company has done an amazing job in India, the second largest smartphone market in the world. This is because Xiaomi produces phones at the right price for the developing country; Using a retail value strategy, Xiaomi has done very well in India.
Xiaomi browsers have been sending user data to servers registered in Beijing
For years, we have been waiting for Xiaomi to invade America,
but year after year such a movement has never come. And outside of OnePlus, Chinese phone makers aren’t exactly welcomed into the United States with open arms. Even ZTE, which was the fourth-largest smartphone charger in the states in 2018, withdrew from the top five after it was banned from accessing its US supply chain. USA And no Chinese smartphone maker wants to get the same treatment that the United States has given Huawei.
While Xiaomi has always tried to give the impression that it was “the apple of China” and above the fray, the company has now been accused of using a back door to send user information to a server.
According to Forbes, a cybersecurity expert named Gabi Cirlig discovered strange behavior in his
Xiaomi Redmi Note 8. He discovered that Xiaomi’s default browser was recording all the websites he visited. Even searches done with the DuckDuck Go privacy finder and websites you visited incognito were being tracked by the browser. Worse yet, all of this data was sent to servers in Singapore and Russia that used Beijing-registered web domains. These servers are being used by Xiaomi according to Cirlig.
Other researchers discovered that Xiaomi’s browsers on the Google Play Store, Mi Browser Pro, and Mint Browser were guilty of the same behaviors. Together, both browsers have been installed more than 15 million times. And Cirlig found the same browser code on other Xiaomi phones, including the
Xiaomi Mi 10, Xiaomi Redmi K20 and
Xiaomi Mi MIX 3; That leads you to believe that these phones have the same privacy concerns as your Redmi Note 8.
Xiaomi responded by saying that the data it was sending to the servers was encrypted. But Cirlig said he was able to crack the code in seconds. The cybersecurity expert also said, “My main privacy concern is that the data sent to their servers can very easily be correlated to a specific user.” This is because the data that is sent to the servers includes metadata associated with a specific device, including its unique ID number and the version of Android it is running. Cirlig says this data can “easily correlate with a real human behind the screen.”
The manufacturer contradicted itself by saying the investigation’s claims were not true and that the company “strictly follows and fully complies with local laws and regulations regarding user data privacy.” But a Xiaomi spokesperson admitted that it was collecting data that was anonymized to prevent it from linking to specific individuals. When Forbes showed Xiaomi a video confirming the behavior of the browser claimed by Cirlig, the company responded saying: “This video shows the collection of anonymous browsing data, which is one of the most common solutions adopted by Internet companies to improve overall browser product experience performance by analyzing non-personally identifiable information. “
Yesterday
Xiaomi published a blog post in which it said that it collects the data to verify the compatibility between the operating system and the applications. Xiaomi states that the information is obtained with permission and consent of its users and is anonymous and encrypted. “The collection of aggregated statistical usage data is used for internal analysis, and we do not link any personally identifiable information to any of this data.”
Today, the company wrote that it will send an update to its browsers that will prevent a user’s internet travel from being sent through Xiaomi’s servers. There will also be an option in incognito mode to enable or disable data collection. Xiaomi said: “We believe that this functionality, combined with our approach to keeping aggregated data in an unidentifiable form, goes beyond legal requirements and demonstrates our company’s commitment to user privacy.”
