[ad_1]
This story was originally published and last update .
Xiaomi’s phones sell at incredibly competitive prices because there is so little profit margin: Like Amazon and Google, the company subsidizes its hardware with revenue from online services and user data. A recent Forbes report claims that Xiaomi’s Mint browser collects more user data than is necessary, but the company has denied wrongdoing.
Forbes published an article earlier this week that describes how Mint Browser, developed by Xiaomi and bundled on MIUI devices (and also available on the Google Play Store), collects detailed analytical data. Most of the information collected is similar to that transmitted by most other websites and mobile apps, including device name and operating system version, but the browser was also sending search engine settings and all web searches to Xiaomi servers, including queries made in incognito mode.
The data_list parameter is what interests me.
URL decoding.
base64 decoding.
Gunzip
JSON data.
I don’t think it should be there. pic.twitter.com/5CYH5FU9E4
– Cybergibbons (@cybergibbons) April 30, 2020
In response to the report, Xiaomi claimed that there were “various inaccuracies and misinterpretations about our browser data collection and storage process” in the Forbes coverage. The company said it does not collect any data without user permission, and that all data is “aggregated and cannot be used alone to identify any individual.”
Forbes or the cybersecurity researcher did not present evidence linking the anonymous ID used by the Mint browser to individual accounts or individuals, but the researcher noted that the anonymous ID does not appear to change over time (or at least, no more than a few days). .
Here is the “anonymized” request from a few minutes ago:
Please note the uuid. pic.twitter.com/Ew6ekzRXc4
– Cybergibbons (@cybergibbons) May 2, 2020
Here is the first request made after installing the app on a phone yesterday:
Please note the uuid. pic.twitter.com/3op1Cdlukr
– Cybergibbons (@cybergibbons) May 2, 2020
Despite Xiaomi’s promise of anonymity and security, there is no logical reason why a web browser should send detailed analytical data while the user is in incognito mode. The company also didn’t say that would be changing. “In incognito mode, user browsing data is not synchronized, however aggregated usage statistics data […] is still being collected, “said a blog post. Mint Browser released an update yesterday, but according to the security researcher, still send the same analytical data.
If you’re looking for a mobile web browser that respects your privacy, you’re probably better off with Firefox or DuckDuckGo Browser.
The new ‘Improved Incognito Mode’ setting in the Mint browser
I don’t think an acceptance setting counts as a “compromise on user privacy”, Xiaomi. Updates are rolling out in the Play Store, but APKMirror also has the latest versions of Mint Browser and Mi Browser Pro.
[ad_2]
