Xiaomi Accused of Collecting Browser Data without Consent

Following a Forbes investigation, the Xiaomi Chinese electronics company denied allegations that it was collecting private data from users’ phones but also announced a new feature that would allow users to opt-out of any data collection.

Many devices and software send back a wide variety of data to their makers, but it’s usually done after people agree. The reasons are rarely nefarious, and they’re generally related to crashes and other issues. With permission, users can choose to send back data pertaining to the regular usage of a device.

An investigation from Forbes and White Ops security researcher Gabriel Cirlig found that the Xiaomi Redmi Note 8 was sending back data collected from installed browsers, including visited websites, and search engine queries. The collection continued even if “Incognito Mode” was used.

The device was also collecting data about open folders, screen swipes, and interactions with the settings page. All of the information was relayed back to servers in Singapore and Russia belonging to tech giant Alibaba.

To make matters worse, the date was encoded in base64, allowing the researcher to easily see what was in the packages sent back easily. Following the same investigation, another security researcher, Andrew Tierney, found two browsers developed by Xiaomi, the Mi Browser Pro and the Mind Browser, were collecting the same kind of data, no matter the device they were installed on.

Xiaomi initially responded to the allegation by saying that, while it’s true they collect some data, the information was anonymized, meaning that it would be very difficult to trace back to particular users. But researchers pointed out that since other data is collected as well, such as hardware and software identifiers, the anonymization process is not all that useful.

On the other hand, Xiaomi said that their devices don’t collect data when “Incognito Mode,” an assertion contradicted by the Forbes investigation and findings. Of course, besides the actual process of collecting such a large array of data, there’s the issue of consent.

Following the investigation, Xiaomi now says that the next browser update will allow users to switch the data collection on or off, giving them more control over what they choose to share with the Chinese company.

Add Comment

Your email address will not be published. Required fields are marked *