Notebookcheck Logo

Xiaomi's default web browser allegedly records users' browsing habits

Mi Browser allegedly spies on its users
Mi Browser allegedly spies on its users (image via Mi Community)
Security researchers have discovered that Xiaomi's default web browser records and transmits user data to remote servers. It includes potentially sensitive information such as search engine queries and browsing history, and the behavior persists even in the supposedly anonymous incognito mode. A Xiaomi spokesperson has denied allegations of wrongdoing and states that this is standard practice.

Chinese OEMs such as Xiaomi, OnePlus, Huawei, etc. are no strangers to allegations of spying on their users. Very often, most of these allegations are false or exaggerated, but sometimes, they turn out to be true. Now, some independent security researchers have found some Xiaomi phones to be engaging in some somewhat shady behavior.

According to a report by Forbes, the Redmi Note 8 was found to be sending copious amounts of user data to Chinese-owned servers located in Singapore and Russia. Xiaomi's default web browser broadcasted the researcher's browsing history and search engine queries in a encrypted format. However, it was relatively easy to decrypt the data and reduce it to a more readable form. Even switching to a more anonymous 'incognito mode' didn't make a difference. The researcher then downloaded the firmware of other popular Xiaomi releases such as the MI 10, Redmi K20, Mi MIX 3, and found that the problem persisted on those devices too.

To make matters worse, the phone also recorded a lot of seemingly mundane activities such as the number of swipes, the exact screens to which he swiped, the folders that he accessed, and so on. OnePlus was caught engaging in similar behavior back in 2017 with its controversial Clipboard application, so it is a bit surprising (and alarming) to see Xiaomi go down the same path. The attached video gives us a glimpse into how the tracking works.

Forbes reached out to Xiaomi for a statement. A company spokesperson denied any wrongdoing and stated that this was standard practice across all OEMs "to improve the overall browser product experience through analyzing non-personally identifiable information". The problem with that statement is that the metadata collected was far from anonymous, as it also included information such as the device ID and IMEI number, which could then be used to identify an individual.

Read all 5 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2020 05 > Xiaomi's default web browser allegedly records users' browsing habits
Anil Satyanarayana, 2020-05- 1 (Update: 2020-05- 3)