Xiaomi sending user data to its server – A privacy concern for users
Xiaomi the one of the most famous mobile manufacturers in India sending browsing data to its server.Xiaomi collects user phone habits and queries they search on Xiaomi’s default browser.
According to a Cyber Security professional Xioami records all search data and items viewed on its default browser and the Mint browser.
The researcher claims that Xiaomi collects insane amounts of data.They also track incognito mode as well.
The researcher confirmed some other Xiaomi phones, including MI 10, Resmi K20, and Mi Mix 3.
After this report Xioami responded and confirmed that it collects browsing data.However the data is anonymized and users have consented to the data tracking.But it denied the claim of monitoring the incognito mode.
But the researcher was able to prove that Xioami is recording Incognito mode data as well in a video.
When researchers showed this with proof, Xiaomi said, “collection of anonymous browsing data, is one of the most common solutions adopted by internet companies”.
But the question is, the information tracked in the browser is really anonymous.
The researcher says the information tracked in the browser is compiled with the phone’s “metadata” collected by Xiaomi,which can easily identify a single person. That means the data sent to the servers can be easily correlated with a specific user.
Xiaomi also collects data using its official Apps claims by the researcher.The app’s data collected by SensorDataAPI.Which is a startup known for tracking users.
While Xioami says the data collected by Sensor Analytics remains anonymous and stored on Xiaomi’s personal servers.
Although in an official blog post-Xiaomi claims the data collecting to be aggregated and based on user consent.
In 2014 the mobile manufacturer company was found sending user’s personal data, including IMEI numbers,phone numbers and text messages to the web server in China.
This was reported in 2014.A Taiwan
Cybersecurity researchers raised this issue in a report. This issue was raised in India, Singapore, and Taiwan.
The Cybersecurity researchers also claim that he had found a zero-day vulnerability in the Xiaomi website.Where he was able to access many Xiaomi user’s data. He also found server logs, MI account username, Email, and passwords of millions of Xiaomi users.
Later Xiaomi investigates the data breach and accusations made by researchers.Xiaomi later posts a report about the vulnerability raised by the researcher.
They said they have verified the zero-day data breach allegation made by the security researcher is false.The file contains the information was their old website forum data. The information became obsolete when they launched the Xiaomi account integrated systems in 2012.
Xiaomi also says they are moving their data center in India due performance and privacy consideration.
So using the Xiaomi phone is a privacy concern for cyber security experts.Many I ternet companies collect users’ data to improve their service and product.
If data breach happened then so many users’ data will be exposed.So maintaining cyber security is very important for these companies.