Advertisement
Xiaomi
AbacusTech

Xiaomi phones send search and browsing data to China, researcher says

Research examining the Mi Browser found it was sending an excessive amount of user data to servers in China, but Xiaomi says it’s anonymous

Reading Time:2 minutes
Why you can trust SCMP
Two cybersecurity researchers called out Xiaomi’s browsers for over-collecting data. Xiaomi says it’s business as usual. (Picture: Ben Sin/SCMP)
Masha Borak
This article originally appeared on ABACUS
Xiaomi is collecting a slew of browsing data from its users, according to a new report by Forbes. While Xiaomi’s default browser appears to log every website a user visits, the Chinese smartphone maker says it’s not doing anything unusual.
Advertisement

While examining the Mi Browser on the Redmi Note 8, cybersecurity researcher Gabi Cirlig found it was tracking a lot of user behavior, even when set to private or “incognito” mode. Collected data includes websites visited, items viewed on Xiaomi’s news feed and search engine queries, according to Cirlig. Even searches on the privacy-focused Google alternative DuckDuckGo were being sent to China.

Two cybersecurity researchers called out Xiaomi’s browsers for over-collecting data. Xiaomi says it’s business as usual. (Picture: Ben Sin/SCMP)
Two cybersecurity researchers called out Xiaomi’s browsers for over-collecting data. Xiaomi says it’s business as usual. (Picture: Ben Sin/SCMP)

Xiaomi said what the researcher found just shows “the collection of anonymous browsing data, which is one of the most common solutions adopted by internet companies to improve the overall browser product experience.” The company denied violating user privacy and recording information on website visits, according to the report.

But Cirlig and Andrew Tierney, another cybersecurity researcher, said Xiaomi’s behavior was more invasive than other browsers like Google Chrome or Apple’s Safari. And Cirlig says recorded metadata about the phone, including device numbers and Android versions, could be used to identify specific users. The researcher also said information was being sent using the base64 encoding, which can be easily decoded using common tools.
Advertisement

In a separate statement to Abacus, Xiaomi said the researchers “misunderstood what we communicated regarding our data privacy principles and policy.” It added, “User's privacy and internet security is of top priority at Xiaomi.” The company didn’t specify what was misinterpreted.

Advertisement