Xiaomi Devices Found Tracking And Recording Browsing Data Of Millions

Authored by fossbytes.com and submitted by Vaws
image for Xiaomi Devices Found Tracking And Recording Browsing Data Of Millions

Xiaomi has been tracking and recording an insane amount of private data, from user’s phone habits to queries in the Xiaomi’s default browsers.

According to a cybersecurity researcher, Cirlig, Xiaomi records all the search queries and items viewed on its default browser (Mi Browser Pro) as well as on the Mint browser. The tracking extends to Incognito mode as well.

The researcher was able to confirm the same pattern on other Xiaomi phones, including Mi 10, Redmi K20, and Mi MIX 3.

Xiaomi, in response, confirmed that it collects browsing data. However, the company says the data sent is anonymized, and users have consented to the data tracking. Meanwhile, it denied claims of information being monitored in Incognito mode.

The researcher, however, was able to prove that Xiaomi is recording Incognito mode data as well. In a video, he showcases how the information of him visiting a porn website in incognito mode is being sent to the servers.

When shown with proof, Xiaomi said, “collection of anonymous browsing data, is one of the most common solutions adopted by internet companies.”

When the information tracked in browsers is compiled with phone’s “metadata” collected by Xiaomi, Cirlig says the company can easily identify a single person.

My main concern for privacy is that the data sent to their servers can be very easily correlated with a specific user

Other than the browser data, Cirlig also noticed monitoring in Xiaomi apps and his touches on every screen. For instance, he observed the Xiaomi default music player app collecting information on his listening habits.

Upon much digging, the researcher was able to connect the app’s data monitoring with SensorDataAPI, which enables third-party access to app data. In the case of Xiaomi, the third-party was Sensors Analytics, a startup known for tracking users.

While Xiaomi validated the findings, it claimed that the data collected by Sensors Analytics remains anonymous and is stored on Xiaomi’s personal servers.

EwigeJude on May 1st, 2020 at 12:34 UTC »

records all the search queries and items viewed on its default browser (Mi Browser Pro) as well as on the Mint browser

There are people who use it?

leducdeguise on May 1st, 2020 at 10:28 UTC »

Those bastards... I'm glad I bought a Huawei!

the_abortionat0r on May 1st, 2020 at 09:36 UTC »

Well this didn't age well.