The Chinese mobile giant, Xiaomi, is unlawfully spying on users, says security specialist Gabi Cirlig.The researcher came to this conclusion after he noticed that his brand new smartphone Xiaomi Redmi Note 8 monitors all his actions on the device and sends information to remote servers rented from another Chinese tech giant Alibaba.
“It’s a backdoor with phone functionality”, – quips Gabi Cirlig about his new Xiaomi phone.
According to Zirlig, the default Xiaomi browser records data on all sites visited, including search queries on Google and DuckDuckGo, and viewed materials in the news feed.
At the same time, data is recorded even in the “Incognito” activated mode. Interestingly, the transmitted information was encrypted using the unreliable base64 algorithm, as a result, the specialist needed only a few seconds to decrypt the data.
The device also recorded information about open folders, switching screens, including the status bar and settings page. Further, all information was sent to servers in Singapore and Russia, although their domains are registered in Beijing.
By the way, we wrote that the applications preinstalled on Xiaomi phones are full of vulnerabilities.
At the request of Forbes, researcher Andrew Tierney conducted further investigation and found that the Mi Browser Pro and Mint Browser browsers (their total number of downloads exceeds 15 million) collect similar data.
“The problem affects other models of smartphones of the Chinese manufacturer, in particular, Xiaomi MI 10, Xiaomi Redmi K20 and Xiaomi Mi MIX 3. Firmware of the devices contain the same browser code as Redmi Note 8, and this may indicate the same privacy problems”, – assesses the scale of the problem Gabi Cirlig.
Xiaomi has published a response to these allegations, and updated them from time to time.
Xiaomi was initially “disappointed” by Forbes and claimed that user privacy and Internet security were its top priorities. In addition, it was alleged that the company’s activities “are fully consistent with local laws and regulations.”
“INCORRECT NEWS ALERT A news report claiming “Mi Browser collects unnecessary user information” is floating on social media. This is absolutely inaccurate!”, — wrote Xiaomi vice president and head of the Indian division of Xiaomi Manu Kumar Jain.
Xiaomi then explained that its data collection system is aggregated and cannot be used to identify specific individuals, and the Forbes publication allegedly “distorts the facts”.
The company later announced that it would provide Mi Browser and Mint Browser users with an update that would allow them to turn off aggregated data collection in incognito mode. The next day, the update became available on Google Play.
Let me remind you that last year there was a scandal with another Chinese electronic giant – CIA informed its partners about linkage of Huawei and Chinese intelligence service.
User Review( votes)