Sunday, 24 May 2020 10:03

Xiaomi accused of collecting user data. The company denies it

The security expert found that Xiaomi [] smartphones collect too much data about the user - first of all, it concerns the browser. Xiaomi denies the charges and will allow people to ban data collection in settings. [hi-tech.mail.ru]

Information security expert Gabi Kirlig specifically for Forbes has studied the Xiaomi Redmi Note 8 smartphone - what data about the user is collected by the system, where they are sent and in what form.

It turned out that Xiaomi 's smartphone stored and transmitted to the company 's servers information about many of the owner 's actions. It recorded all the sites the user opens - even those launched through a secure search service - and DuckDuckGo incognito mode. The device also stores all open folders and running windows. According to Brickig, this data is encrypted and sent to Xiaomi servers in Singapore and, for some reason, to Russia.

Kirlig went on to study firmware for other smartphones - Xiaomi Mi 10, Redmi K20 and Mi MIX 3. He confirmed that in these models the browser code is no different from the first smartphone, so these devices also collect too much data about the user.

The problem is not even the data collection itself, but that this data is poorly encrypted. Kirlig was able to intercept the data that the smartphone transmits to Xiaomi servers in a few minutes and decrypt it. Among these data, a unique model of the device is transmitted, which allows to easily relate information to a specific person, which causes all anonymity to disappear.

Another expert, Andrew Tierney, at the request of journalists, studied Mi Browser Pro and Mint Browser from Xiaomi, which anyone can download through Google Play. It turned out that there is exactly the same problem in them - they collect the same data about visited sites and transmit to servers without normal protection

Reply of Xiaomi

Xiaomi denies charges of surveillance of users and theft of personal data. The company assures that it cares about security and collects only the data that the person allowed to send when signing the user agreement. According to representatives of the company, all data from the browser is collected anonymously. Xiaomi in its blog even published several posts showing what data the browser collects and transmits to the company 's servers. 

Заявка на участие в тренинге
Личные данные

ФИО (англ.яз)
Неверный ввод

ФИО (рус.яз)
Неверный ввод

ФИО (каз.яз)
Неверный ввод

Дата рождения
Неверный ввод

Пол
Неверный ввод

Адрес

Страна
Неверный ввод

Город
Неверный ввод

Улица, дом, квартира
Неверный ввод

Почтовый индекс
Неверный ввод

Бизнес информация

Область деятельности
Неверный ввод

Место работы
Неверный ввод

Должность
Неверный ввод

Контактные данные

Мобильный телефон
Неверный ввод

Домашний телефон
Неверный ввод

Рабочий телефон
Неверный ввод

Электронная почта
Неверный ввод

Skype
Неверный ввод

Уровень образования на время заполнения заявки:
Неверный ввод

ОБРАЗОВАНИЕ (1)

Учебное заведение
Неверный ввод

Факультет
Неверный ввод

Специальность
Неверный ввод

Дата окончания
Неверный ввод

Номер диплома
Неверный ввод

Ученая степень

Дата получения
Неверный ввод

Степень
Неверный ввод

Название и номер документа, удостоверяющего получение
Неверный ввод