According to a security researcher to work with Computerworld (blog), Xiaomi, is in the collection of browsing information of the users who are using Xiaomi phones, and the built-in web browser. The good thing is that it’s the browser that’s doing it in incognito mode, or even with the use of the privacy-conscious DuckDuckGo web browser.
Gabriel Cirlig, one of the security researchers, the use of a Redmi Note 8 as a daily driver, and I saw that the device registers pretty much everything that he’s doing it on the phone, and then sends the data to the servers located in Russia and Singapore, even though the domains are being hosted in china. We are talking of screens, websites, folders, opened, settings changed, the music that is being played back in the default app, etc., etc.
The data is badly encoded, with the use of the base64, size, so it was very easy for him to transcribe the data in plain text.
Cirlig, went even further, and download all the roms available for the Xiaomi Mi 10, the Redmi, the K20 and e-Mixture of 3 and had the same vulnerability on all of them. Another security researcher Andrew Tierney, thought it was suspicious behavior in the Mi Browser is a Pro and a Mint Browser.
Xiaomi has responded to the allegations saying that the Fundamental findings can be misleading and false. A spokesman for the company said that Xiaomi is compliant with all local laws, rules and regulations to the user, from the privacy of your personal data, and the collected leaves, data is aggregated and therefore anonymous. Why Xiaomi has been in the collection, it is because the company is trying to improve the user’s browsing experience, and it is a common practice. It is more important that the data cannot be traced back to a specific user. However, Gabriel Cirlig, sent in a video of Xiaomi show you how the browser sends the history to the specified servers, and even in incognito mode.