A cybersecurity researcher claims that he found that his Xiaomi phone was tracking his behaviour and usage patterns while also harvesting various kinds of device data.
The researcher was reportedly using Xiaomi's Redmi Note 8 and he claims that the device was recording his web browsing history (even in incognito mode), tracking what he was viewing on the device's News Feed feature, and even recording the folders he opened on the device, including every time he opened the status bar and the settings page. This was first reported by Forbes.
The researcher further claims that the recorded data is then sent to "remote servers in Singapore and Russia, though the Web domains they hosted were registered in Beijing."
The researcher also says that he tested few other Xiaomi devices – Xiaomi Mi 10, Xiaomi Redmi K20 and Xiaomi Mi MIX 3 – and found that they are also similarly recording user data.
Xiaomi has roundly refuted all claims stating that the only data that is collected:
- is collected with user consent
- is completely anonymised and only used for analytical purposes
- passes through servers compliant with local law
- secured by third-party certified, industry standard security practices.
Xiaomi, in its statement, also notes that other internet companies also collect data and that Xiaomi's data collection is no different from that collected by other companies. Xiaomi also claims to have reached out directly to the researcher and that the reports are a misrepresentation of Xiaomi's data collection and privacy practices.
“This video shows the collection of anonymous browsing data, which is one of the most common solutions adopted by internet companies to improve the overall browser product experience through analyzing non-personally identifiable information,” Xiaomi told Forbes.