Xiaomi’s spokesperson also denied that browsing data was being recorded under incognito mode.
Cirlig said such “ metadata” could “easily be correlated with an actual human behind the screen.”
Xiaomi was also collecting data about the phone, including unique numbers for identifying the specific device and Android version. They said that users had consented to such tracking.īut, as pointed out by Cirlig and Tierney, it wasn’t just the website or Web search that was sent to the server. In response to the findings, Xiaomi said, “The research claims are untrue,” and “Privacy and security is of top concern,” adding that it “strictly follows and is fully compliant with local laws and regulations on user data privacy matters.” But a spokesperson confirmed it was collecting browsing data, claiming the information was anonymized so wasn’t tied to any identity. “My main concern for privacy is that the data sent to their servers can be very easily correlated with a specific user,” warned Cirlig. It took Cirlig just a few seconds to change the garbled data into readable chunks of information. Though the Chinese company claimed the data was being encrypted when transferred in an attempt to protect user privacy, Cirlig found he was able to quickly see just what was being taken from his device by decoding a chunk of information that was hidden with a form of easily crackable encoding, known as base64.
He then confirmed they had the same browser code, leading him to suspect they had the same privacy issues.Īnd there appear to be issues with how Xiaomi is transferring the data to its servers. He downloaded firmware for other Xiaomi phones- including the Xiaomi MI 10, Xiaomi Redmi K20 and Xiaomi Mi MIX 3 devices. But for customers, that low cost could come with a hefty price: their privacy.Ĭirlig thinks that the problems affect many more models than the one he tested. Xiaomi’s big sell is cheap devices that have many of the same qualities as higher-end smartphones.
Valued at $50 billion, Xiaomi is one of the top four smartphone makers in the world by market share, behind Apple, Samsung and Huawei. Many more millions are likely to be affected by what Cirlig described as a serious privacy issue, though Xiaomi denied there was a problem.