Security researcher Gabriel Cirlig has discovered that Xiaomi smartphones are collecting pretty much all activity data from its owners. The researcher told Forbes that personal data is being harvested through the phone’s built-in browser and is being sent to remote servers.
Cirlig has been using a Redmi Note 8 as his daily driver and he learned that the phone was recording pretty much anything he was doing. Xiaomi’s built-in internet browser was recording the websites he visited, the settings he changed, the screens he swiped through, the music he played, and much more.
The personal data was being tracked even in the supposedly private “Incognito Mode”. This data was being sent to remote servers in Russia and Singapore but their web domains were hosted in China by the Chinese tech giant Alibaba. These were all allegedly rented by Xiaomi.
Cirlig believes that this security issue is plaguing various other Xiaomi devices as well. He downloaded the firmware for Xiaomi Mi 10, Mi Mix 3, and the Redmi K20 and found that all of them had the same browser code.
At Forbes‘ request, another security researcher, Andrew Tierney, investigated the case further. He discovered that various other internet browsers provided by Xiaomi on the Google Play Store including Mi Browser Pro, Mint Browser, etc were also harvesting data. These apps have more than 15 million downloads on the Play Store.
Xiaomi initially denied the researchers’ discovery and claimed that privacy and security was the company’s top priority. Later, a spokesperson from the company admitted that the phones were collecting data but assured that it was all encrypted and anonymized.
However, it took Cirlig just a few seconds of easily crackable encoding to change the garbled data into readable information. He said that the data could easily be correlated to a specific user.
Xiaomi had also denied that the browser was collecting data in Incognito Mode but that was a false claim as well.
The post Xiaomi Phones Are Secretly Collecting Your Personal Data: Report appeared first on .