South China Morning Post
Advertisement
Advertisement
Xiaomi
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Two cybersecurity researchers called out Xiaomi’s browsers for over-collecting data. Xiaomi says it’s business as usual. (Picture: Ben Sin/SCMP)
AbacusTech

Xiaomi phones send search and browsing data to China, researcher says

Research examining the Mi Browser found it was sending an excessive amount of user data to servers in China, but Xiaomi says it’s anonymous

Xiaomi
Masha Borak
Masha Borak
Why you can trust SCMP
This article originally appeared on ABACUS
Xiaomi is collecting a slew of browsing data from its users, according to a new report by Forbes. While Xiaomi’s default browser appears to log every website a user visits, the Chinese smartphone maker says it’s not doing anything unusual.

While examining the Mi Browser on the Redmi Note 8, cybersecurity researcher Gabi Cirlig found it was tracking a lot of user behavior, even when set to private or “incognito” mode. Collected data includes websites visited, items viewed on Xiaomi’s news feed and search engine queries, according to Cirlig. Even searches on the privacy-focused Google alternative DuckDuckGo were being sent to China.

Two cybersecurity researchers called out Xiaomi’s browsers for over-collecting data. Xiaomi says it’s business as usual. (Picture: Ben Sin/SCMP)

Xiaomi said what the researcher found just shows “the collection of anonymous browsing data, which is one of the most common solutions adopted by internet companies to improve the overall browser product experience.” The company denied violating user privacy and recording information on website visits, according to the report.

But Cirlig and Andrew Tierney, another cybersecurity researcher, said Xiaomi’s behavior was more invasive than other browsers like Google Chrome or Apple’s Safari. And Cirlig says recorded metadata about the phone, including device numbers and Android versions, could be used to identify specific users. The researcher also said information was being sent using the base64 encoding, which can be easily decoded using common tools.

In a separate statement to Abacus, Xiaomi said the researchers “misunderstood what we communicated regarding our data privacy principles and policy.” It added, “User's privacy and internet security is of top priority at Xiaomi.” The company didn’t specify what was misinterpreted.

Users have previously complained about the Mi Browser’s copious amounts of ads, a complaint that’s also been made about Xiaomi’s MIUI operating system. But plenty of people outside China appear to be using Mi Browser Pro, which has more than 10 million downloads on Google Play. Xiaomi’s more lightweight Mint Browser has more than 5 million downloads.
Chinese users have also been concerned about excessive app permissions and data collection in the country. And last year, the China Cybersecurity Center said it penalized more than 680 apps for privacy breaches.
Post