[ad_1]
This story was originally published and last updated .
Xiaomi’s phones are sold at incredibly competitive prices because there’s very little profit margin – much like Amazon and Google, the company subsidizes its hardware with income from online services and data from its users. A recent report from Forbes claims Xiaomi’s Mint Browser collects more user data than is necessary, but the company has denied any wrongdoing.
Forbes published an article earlier this week describing how the Mint Browser, developed by Xiaomi and bundled on MIUI devices (and also available from the Google Play Store), collects detailed analytics data. Most of the information collected is similar to what most other websites and mobile apps transmit, including the device name and OS version, but the browser was also sending search engine settings and all web searches to Xiaomi servers – even queries performed in Incognito mode.
The parameter data_list is the one I am interested in.
URL decode.
base64 decode.
Gunzip.
JSON data.
I don’t think that should be there. pic.twitter.com/5CYH5FU9E4
– Cybergibbons (@cybergibbons) April 30, 2020
In response to the report, Xiaomi claimed there were “several inaccuracies and misinterpretations about our process for browser data collection and storage” in Forbes’ coverage. The company said it does not collect any data without permission from the user, and that all data is “aggregated and cannot alone be used to identify any individual.”
No evidence was presented by Forbes or the cybersecurity researcher that links the anonymous ID used by Mint browser to individual accounts or people, but the researcher did point out that the anonymous ID doesn’t seem to change over time (or at least, not over a few days).
Here’s the “anonymised” request from a few minutes ago:
Note the uuid. pic.twitter.com/Ew6ekzRXc4
– Cybergibbons (@cybergibbons) May 2, 2020
Here is the first request made after installing the app on a phone yesterday:
Note the uuid. pic.twitter.com/3op1Cdlukr
– Cybergibbons (@cybergibbons) May 2, 2020
Despite Xiaomi’s promise of anonymity and security, there’s no logical reason why a web browser should be sending detailed analytics data while the user is in Incognito Mode. The company didn’t say that would be changing, either. “Under incognito mode, user browsing data is not synced, however, aggregate usage statistics data […] is still collected, “a blog post said. Mint Browser released an update yesterday, but according to the security researcher, it still sends the same analytics data.
If you’re looking for a mobile web browser that respects your privacy, you’re probably better off with Firefox or DuckDuckGo Browser.
The new ‘Enhanced Incognito Mode’ setting in Mint Browser
I don’t think an opt-in setting counts as a “commitment to user privacy,” Xiaomi. The updates are rolling out on the Play Store, but APKMirror also has the latest versions of Mint Browser and Mi Browser Pro.
[ad_2]
