Xiaomi has been accused of collecting browsing data from its users, according to a new sensational report by Forbes. When cybersecurity researcher Gabi Cirlig examined the Mi Browser on the Redmi Note 8, he found that the phone was collecting a users’ behavior including websites visited, search queries in Google.
Things get a little tricky, when Cirlig found that the tracking continued even when the phone’s browser was set to private or “incognito” mode. Researchers also found that even searches on the so-called privacy-centric DuckDuckGo web browser were being sent to China. Forbes cited multiple security researchers who said that the company was collecting information on unique numbers identifying a device as well as the version of Android it’s running.
Cybersecurity researcher Andrew Tierney reportedly found that the Mi Browser Pro and the Mint Browser — which have more than 15 million downloads through Google’s Play Store — collected the same data.
In response, Xiaomi said “the research claims are untrue,” that “privacy and security is of top concern,” and that it “strictly follows and is fully compliant with local laws and regulations on user data privacy matters.” Xiaomi agrees to the fact that while it was collecting browsing data, that data was anonymized. Forbes reports that it took cybersecurity researchers a mere few seconds to decode the information, which was encoded by a method called base64.
In a blog post, Xiaomi said the researchers “misunderstood what we communicated regarding our data privacy principles and policy.” It further added, “User’s privacy and internet security is of top priority at Xiaomi.”
Xiaomi is India’s largest smartphone maker, but these new acquisitions could dent the company’s reputation in the country. In the past, Xiaomi’s way of handling user data and privacy has raised eyebrows.