San Francisco: Cybersecurity researchers have accused Xiaomi of infringing on the privacy of its phone users by recording their ‘private’ web and phone use habits.
Researcher Gabi Cirlig found that his Redmi Note 8 smartphone was watching almost everything that he was doing on the phone, Forbes reported on Thursday.
The default Xiaomi browser on the device recorded all the websites he visited and everything viewed on a news feed feature of the Xiaomi software.
What is more, the tracking did not appear to stop even when he used the supposedly private “incognito” mode.
To his dismay, the researcher found that the Xiaomi device was good at recording what folders he opened and to which screens he swiped, said the report, adding that the data was then being transferred to remote servers hosted by another Chinese tech giant, Alibaba.
At Forbes’ request, another cybersecurity researcher, Andrew Tierney, investigated the issues further.
Browsers shipped by Xiaomi on Google Play — Mi Browser Pro and the Mint Browser — were recording the same data, Tierney found.
Xiaomi, however, denied that it was breaching user privacy, and asserted that it transfers only encrypted data.
While collecting user data is not unusual for Internet companies, they are supposed to do so with the permission of users in order to offer them better services. But the data is supposed to remain anonymised so that the identity of the user remains hidden.
But Cirlig found a problem with the way Xiaomi transfers data to remote servers. He said he could easily decode the data being sent and feared that Xiaomi could know what he was watching on his phone.
And the problem, he said, was not just with the model he used. Several other models could be doing the same job of recording the private web and phone use habit, he found.