Chinese Phone Brand Collecting “Insane Amount” Of Private Data
First it was concerns over Chinese brands Huawei, Oppo and Realme now new concerns have been raised about the personal data capture of another Chinese smartphone brand.
One of China’s biggest smartphone makers, Xiaomi has been slammed for collecting what Chinese media are call an “insane amount of private data”.
Xiaomi is a major smartphone manufacturer, they achieved a record 10% market share, according to IDC and Strategy Analytics market research groups, and managed to increase its shipments, by IDC’s estimation.
“Xiaomi is dominating the huge India market at the moment and this is giving the company a big boost in smartphone shipments,” said Linda Sui of Strategy Analytics.
In Australia the brand is distributed by Panimi who are about to release a new model in Australia.
They join a growing list of Chinese brands including Huawei, Realme and Oppo whose actions are being questioned in several Countries.
According to a cybersecurity researcher, Cirlig, Xiaomi smartphones that are sold online and at JB Hi Fi, records all the search queries and items viewed on its default browser (Mi Browser Pro) as well as on the Mint browser.
The tracking extends to Incognito mode according to the research Company.
Initially Xiaomi claimed that they were only collecting data that a Xiaomi smartphone user approved however the research Company hit back pointing out the same data capture code appeared on other Xiaomi phones, including Mi 10, Redmi K20, and Mi MIX 3 when used in Incognito mode.
Xiaomi has confirmed that it collects browsing data, but they denied claims of information being monitored in Incognito mode.
The researcher, however, was able to prove that Xiaomi is recording Incognito mode data as well. In a video, the researcher who found the code demonstrated a visit to a porn website in incognito mode being sent to Xiaomi servers.
It’s not known whether this data ends up accessible to the Chinese Government and their security agencies.
When shown the proof, Xiaomi said, “collection of anonymous browsing data, is one of the most common solutions adopted by internet companies.”
Cirlig responded claiming that the information tracked in browsers is compiled with the phone’s “metadata” collected by Xiaomi, Cirlig says the company can easily identify a single person.
The research Company said that their privacy concerns was that data sent to Xiaomi servers can be very easily correlated with a specific user
Cirlig also identified monitoring across Xiaomi apps.
For instance, he observed the Xiaomi default music player app collecting information on his listening habits.
Upon much digging, the researcher was able to connect the app’s data monitoring with SensorDataAPI, which enables third-party access to app data.
In the case of Xiaomi, the third-party was Sensors Analytics, a start-up known for tracking users.
While Xiaomi validated the findings, it claimed that the data collected by Sensors Analytics remains anonymous and is stored on Xiaomi’s personal servers.
What’s not known is whether those severs are accessible to Chinese security agencies.