Chinese cellphone giant Xiaomi has been secretly recording private browsing data and phone use of millions of customers, researchers say
- The phone’s browser was recording and transmitting nearly all browser data
- Researchers say the data collection persisted while in incognito mode
- While information was encrypted, researchers decoded it in a matter of seconds
- Xiaomi has denied the research despite hard evidence from researchers
Researchers say a web browser loaded onto phones made by the Chinese company Xiaomi has been logging and sharing users’ private data.
According to a report from Forbes, researchers studying a web browser loaded into the company’s phones found that it was tracking nearly all of a users’ web behavior including visited websites, search queries in Google, and also everything that appeared in the phones’ news feed feature.
To make matters worse, Forbes reports that the researchers found that the tracking persisted even if the phone’s browser was in ‘incognito’ mode.
The Xiaomi Redmi Note 8 is among the phones using the company’s own web browser which was discovered transmitting private browsing data to two remote servers
Beyond the browser, researchers also found that the phone recorded what folders were opened and what screens were swiped through.
Researchers found that the company collected information on unique numbers identifying a device as well as the version of Android it’s running.
All of that data was then sent to remote servers owned by the company in Singapore and Russia.
The data collection also reached beyond those just who use Xiaomi devices according to researchers.
Forbes reports that Xiaomi also used the same practices in two web browsers available on the Google Play store, Mi Browser Pro and the Mint Browser.
According to Forbes those browsers have a total of 15 million downloads altogether as per Google Play statistics.
While Xiamoi says that the data is encrypted, researchers say that the form of encryption was weak and could therefore be easily be traced back to specific users.
According to Forbes, it took researchers just a few seconds to decode the encrypted data, which was encoded by a method called base64.
Xiaomi has denied the researchers claims despite hard evidence provided via a video of the browser transmitting data
Xiaomi has rebutted claims by researchers, telling Forbes.
‘The research claims are untrue,’ and that ‘Privacy and security is of top concern,’
It also said that the company ‘strictly follows and is fully compliant with local laws and regulations on user data privacy matters.’
The denial from Xiaomi persisted even despite a video sent by researchers showing the device recording and transmitting browsing information to remote services. In a demonstration, researchers queried the word ‘porn’ using incognito mode and found that it was still transmitted to company servers.
Source: Read Full Article