Chinese smartphone maker Xiaomi is mired in a controversy for allegedly sending all the data from any users device to its servers. Through an exclusive report via Forbes, cybersecurity analyst Gabby Cirlig has claimed that all the Xiaomi apps, including its browsers, are copying and sending data to its servers without his authentication. The security analyst has confirmed Forbes that he has enough evidence behind his claim.
The allegation against Xiaomi
The security analyst has claimed that the device, a Redmi Norte 8 has been "watching much of what he was doing," and transmitted to remote servers of Xiaomi's rented servers. Gabby has found the device has been tracking data concerning his identity and privacy were exposed to the smartphone maker.
Cirlig has claimed that the system default Xiaomi browser has been tracking each of his activities around the internet. The browser tracked each of his internet searches done either via Google or the security-focused search engine DuckDuckGo. The browser had even tracked his activities even when he turned on the privacy-focused incognito mode in the browser.
The alleged spy
He claimed to find that his Redmi Note 8 was tracked all of his usage behaviour including each of his screen gestures, file usage activities and were sent to two of its remotely held servers located at Singapore and Russia via a Xiaomi-registered web domain registered in China.
The Forbes report has also claimed that another security researcher Andrew Tierney has found that both the Xiaomi made browsers- Mi Browser Pro and Mint Browser identically collect users data and sends them to its servers. Interestingly, according to Google Play statistics, both the browsers has been downloaded by at least 15 million Android users around the world.
Other Xiaomi devices
Cirlig has also found that other Xiaomi smartphones like Mi 10, Xiaomi Redmi K20 and Xiaomi Mi Mix 3 come with similar browser code, meaning they are stealing user data too. He has also found that data transmission uses base-64 encoding and not strong enough to protect the data encryption during the transmission.
Both the researchers have Laos claimed that the Xiaomi apps were sending data to Sensor Analytics, a data analysis solution provider for Xiaomi.
Xiaomi came back
Claiming all the allegations fabricated, Xiaomi has swiftly come back with a claim saying users safety and security is a top concern for them. Xiaomi has also claimed that the company follows all the "local laws and regulations on user data matters."
However, a spokesperson from the company has accepted the data collection allegation by claiming that they are doing it to offer better user experience and they make sure to anonymize the data to unlink it from any user. The company has also refused to accept the allegations of tracking the user in incognito mode even after they were provided with enough shreds of evidence.