A recent shocking report from Forbes’s cybersecurity contributor and associate editor, Thomas Brewster, reveals that Xiaomi browsers are sending browsing data to Xiaomi-rented remote servers in Singapore and Russia.
Speaking to Forbes, Gabi Cirlig, a seasoned cybersecurity researcher, said he increasingly worried about his behavior being tracked on his new Redmi Note 8 phone. Cirlig found out that all of his web activities were tracked from web searches to even the websites he visited, independent of the used searched engine – even while using privacy-friendly DuckDuckGO, or in incognito mode.
The phone was also allegedly keeping tabs of all “the folders opened, to which screens he swiped, including the status bar and the settings page,” plus every item viewed on the News Feed feature, which is usually found in the Xiaomi’s custom MIUI Android skin.
Browser data collection is also allegedly done on several other phones as well running MIUI, including recent ones like the MI 10, Xiaomi Redmi K20, and Xiaomi Mi MIX 3, which run a similar browser code.
Andrew Tierney, another cybersecurity researcher, also dug into the matter and found more mind-blowing information. Even Xiaomi-owned browsers that are available on the Play Store – Mi Browser Pro and the Mint Browser – had similar behavior. Cirlig also claims Xiaomi’s music player app collected some data on his listening habits.
For a company that has quickly climbed to the top and claimed the “value” pricing crown unanimously across the industry, Xiaomi doesn’t think this is a problem.