Security researcher working with Forbes, Mention that Xiaomi has been collecting browsing data from users who are using Xiaomi Smartphones that are using internal Browser. The main part is that the browser does so even in incognito mode or even when using the privacy-conscious DuckDuckGo web browser.
Gabriel Cirlig, the security researcher, is using a Redmi Note 8 as a daily routine and noticed that the device records almost everything he does on the phone and sends the data to servers in Russia and Singapore. It’s domains are hosted in Beijing. We are talking about screens, websites visited, folders opened, settings he changed, music played on the default app, etc.
The data itself is poorly encrypted using the base64 format, so it was very easy for other user to transcribe the data into plain text.
Xiaomi Point Of View ( Xiaomi Reply )
Response to the security researcheer , Xiaomi said, The research claims are untrue. User’s “Privacy and security is our top concern. Xiaomi Clears that it strictly follows and is fully compliant with local laws and regulations on user data privacy matters. But a researcher confirmed it was collecting browsing data, claiming the information was anonymized so wasn’t clear and without any evidence. They said that users had consented to such tracking that will be user for betteer browsing experience and it’s a standard practice.
On the other hand, the company states that individual browsing data history is synced, but that this is only done when the user is signed on Mi Account…and the data sync function is set to ‘On’ under Settings which allow the browser to record search history that will improve speed and user experience while browsing. Xiaomi deny that browsing data, apart from the aforementioned aggregated usage statistics data, is being synced when the user has enabled incognito mode.
News Source : Forbes