View browser history note 4
Taking browser behavior, including URLs, without explicit consent and in private browsing mode, is about as bad as it gets.”Ĭirlig also suspected that his app use was being monitored by Xiaomi, as every time he opened an app, a chunk of information would be sent to a remote server. “Many of them take analytics, but it's about usage and crashing. “It’s a lot worse than any of the mainstream browsers I have seen,” Tierney said. “This video shows the collection of anonymous browsing data, which is one of the most common solutions adopted by internet companies to improve the overall browser product experience through analyzing non-personally identifiable information,” they added.īoth Cirlig and Tierney said Xiaomi’s behavior was more invasive than other browsers like Google Chrome or Apple Safari. When Forbes provided Xiaomi with a video made by Cirlig showing how his Google search for “porn” and a visit to the site PornHub were sent to remote servers, even when in incognito mode, the company spokesperson continued to deny that the information was being recorded. Both Cirlig and Tierney, however, found in their independent tests that their web habits were sent off to remote servers regardless of what mode the browser was set to, providing both photos and videos as proof. Xiaomi’s spokesperson also denied that browsing data was being recorded under incognito mode. Cirlig said such “ metadata” could “easily be correlated with an actual human behind the screen.”
#VIEW BROWSER HISTORY NOTE 4 ANDROID#
Xiaomi was also collecting data about the phone, including unique numbers for identifying the specific device and Android version. They said that users had consented to such tracking.īut, as pointed out by Cirlig and Tierney, it wasn’t just the website or Web search that was sent to the server. In response to the findings, Xiaomi said, “The research claims are untrue,” and “Privacy and security is of top concern,” adding that it “strictly follows and is fully compliant with local laws and regulations on user data privacy matters.” But a spokesperson confirmed it was collecting browsing data, claiming the information was anonymized so wasn’t tied to any identity. “My main concern for privacy is that the data sent to their servers can be very easily correlated with a specific user,” warned Cirlig. It took Cirlig just a few seconds to change the garbled data into readable chunks of information. Though the Chinese company claimed the data was being encrypted when transferred in an attempt to protect user privacy, Cirlig found he was able to quickly see just what was being taken from his device by decoding a chunk of information that was hidden with a form of easily crackable encoding, known as base64. He then confirmed they had the same browser code, leading him to suspect they had the same privacy issues.Īnd there appear to be issues with how Xiaomi is transferring the data to its servers. He downloaded firmware for other Xiaomi phones- including the Xiaomi MI 10, Xiaomi Redmi K20 and Xiaomi Mi MIX 3 devices.
But for customers, that low cost could come with a hefty price: their privacy.Ĭirlig thinks that the problems affect many more models than the one he tested.
Xiaomi’s big sell is cheap devices that have many of the same qualities as higher-end smartphones. Valued at $50 billion, Xiaomi is one of the top four smartphone makers in the world by market share, behind Apple, Samsung and Huawei.
Many more millions are likely to be affected by what Cirlig described as a serious privacy issue, though Xiaomi denied there was a problem.