Notebookcheck Logo
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Xiaomi's default web browser allegedly records users' browsing habits

Mi Browser allegedly spies on its users
Mi Browser allegedly spies on its users (image via Mi Community)
Security researchers have discovered that Xiaomi's default web browser records and transmits user data to remote servers. It includes potentially sensitive information such as search engine queries and browsing history, and the behavior persists even in the supposedly anonymous incognito mode. A Xiaomi spokesperson has denied allegations of wrongdoing and states that this is standard practice.
Anil Satyanarayana,

Chinese OEMs such as Xiaomi, OnePlus, Huawei, etc. are no strangers to allegations of spying on their users. Very often, most of these allegations are false or exaggerated, but sometimes, they turn out to be true. Now, some independent security researchers have found some Xiaomi phones to be engaging in some somewhat shady behavior.

According to a report by Forbes, the Redmi Note 8 was found to be sending copious amounts of user data to Chinese-owned servers located in Singapore and Russia. Xiaomi's default web browser broadcasted the researcher's browsing history and search engine queries in a encrypted format. However, it was relatively easy to decrypt the data and reduce it to a more readable form. Even switching to a more anonymous 'incognito mode' didn't make a difference. The researcher then downloaded the firmware of other popular Xiaomi releases such as the MI 10, Redmi K20, Mi MIX 3, and found that the problem persisted on those devices too.

To make matters worse, the phone also recorded a lot of seemingly mundane activities such as the number of swipes, the exact screens to which he swiped, the folders that he accessed, and so on. OnePlus was caught engaging in similar behavior back in 2017 with its controversial Clipboard application, so it is a bit surprising (and alarming) to see Xiaomi go down the same path. The attached video gives us a glimpse into how the tracking works.

Forbes reached out to Xiaomi for a statement. A company spokesperson denied any wrongdoing and stated that this was standard practice across all OEMs "to improve the overall browser product experience through analyzing non-personally identifiable information". The problem with that statement is that the metadata collected was far from anonymous, as it also included information such as the device ID and IMEI number, which could then be used to identify an individual.

Read all 5 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Anil Ganti
Anil Ganti - Senior Tech Writer - 942 articles published on Notebookcheck since 2019
I've been an avid PC gamer since the age of 8. My passion for gaming eventually pushed me towards general tech, and I got my first writing gig at the age of 19. I have a degree in mechanical engineering and have worked in the manufacturing industry and a few other publications like Wccftech before joining Notebookcheck in November 2019. I cover a variety of topics including smartphones, gaming, and computer hardware.
contact me via: @AnilGanti, LinkedIn
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2020 05 > Xiaomi's default web browser allegedly records users' browsing habits
Anil Satyanarayana, 2020-05- 1 (Update: 2020-05- 3)