Again, Xiaomi is accused of transmitting customer data secretly to remote servers. Safety researchers say that China has made loopholes on its phones to move data to Alibaba’s remote servers, leading the mobile industry in India and one of the world’s top five smartphone manufacturers.
The basic web browser of the Xiaomi Redmi and Mi series phone was also used to capture user history when shifted to “incognito” mode, among others preloaded applications. Xiaomi refuted the allegations and said it will not share information with third parties although it records private browsing info.
Gabi Cirlig and Andrew Tierney, the security researches, have been able to find specific backdoors in Xiaomi apps, which help the company get user data without the consent of users, Forbes posted.
Cirlig found that his Redmi Note 8 “watched a lot he was doing on his tablet” and sent all this data to Alibaba’s remote servers.
The researcher said that the lapses that Xiaomi seems to have intentionally applied to the apps running on the Redmi phone reveal his name and his private life.
In fact, he found that the organization registered information even though he used incognito mode to search the Internet on his tablet.
Cirlig’s Redmi Note 8 shows, in addition to browsing detail, which files he opened and which screens he swiped. The status bar and the configuration tab are included.
All this information is said to have been distributed via the Beijing registered Web domains, where Xiaomi has its headquarters, to remote servers in Singapore and Russia.
Cirlig noted that safety defects were not present in his Redmi Note 8, and he said that there are some Xiaomi phones. Through installing the Mi 10, Redmi K20, and Mi Mix 3 firmware, he was able to confirm their presence.
As with Cirlig, Xiaomi has also found that Google Play browsers — Mi Browser Pro & Mi Browser — received the same user data. The two browser downloads total more than 15 million according to Google Play figures.
Xiaomi tends to use consumers’ data to grasp their behavior. The company has collaborated with Sensors Analytics, a service that will better explain how people use smartphones. Cirlig and Tierney discovered that Xiaomi apps sent user information to domains with references apparently to sensor analysis.
Xiaomi refused the security investigator’s questions. The company said that it did not gather data in incognito mode but claimed that it tracks ‘anonymous data browsing’ to boost user experience. In response to Forbes, Xiaomi said, “Research findings are false.” Xiaomi said that privacy and protection are ‘higher-ranking.’
Forbès has already been verified by a Xiaomi spokesman to use Sensor Analytics to gather “anonymously encrypted data on the Xiaomi’s own database” with data collection tool. However, the Organization insists that the data is not shared with the startup or any other third party.