A recent report from cybersecurity researchers claims that Chinese electronics maker Xiaomi is spying on users’ web and phone use using “backdoor” technology built into the company’s smartphones, which run Google’s Android OS.
Forbes reports that a cybersecurity researcher found that much of his behavior was being tracked and data collected on his Xiaomi smartphone, leading him to believe that his device data was being sent to the Chinese electronics manufacturer.
“It’s a backdoor with phone functionality,” quips Gabi Cirlig about his new Xiaomi phone. Cirlig discovered that much of the data on his Redmi Note 8 smartphone was being sent to remote servers hosted by Chinese tech giant Alibaba which were being rented by Xiaomi.
Cirlig found that when he browsed the web on the device’s Xiaomi browser it recorded all of the websites he visited including search engine queries. The device also recorded what folders he opened and which screens he swiped to including the status bar and settings page. All of the data was being sent to remote servers in Singapore and Russia through web domains registered in Beijing.
Another cybersecurity researcher, Andrew Tierney, found that browsers shipped by Xioami on Google Play, Mi Browser Pro, and the Mint Browser, were collecting the same data and have been downloaded more than 15 million times combined according to Google Play statistics.
Xiaomi responded to the claims, stating: “The research claims are untrue,” and “Privacy and security is of top concern,” adding that it “strictly follows and is fully compliant with local laws and regulations on user data privacy matters.”
Forbes showed Xiaomi a video made by Cirlig showing how his Google search for “porn” and a visit to the website PornHub were all sent to remote servers even when Cirlig browser in incognito mode. A Xiaomi spokesperson commented: “This video shows the collection of anonymous browsing data, which is one of the most common solutions adopted by internet companies to improve the overall browser product experience through analyzing non-personally identifiable information.”
Both Cirlig and Tierney stated that Xiaomi’s behavior was more invasive than other browsers. “It’s a lot worse than any of the mainstream browsers I have seen,” Tierney said. “Many of them take analytics, but it’s about usage and crashing. Taking browser behavior, including URLs, without explicit consent and in private browsing mode, is about as bad as it gets.”
Read the full report at Forbes here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address firstname.lastname@example.org