Xiaomi has refuted allegations that it is secretly collecting data from the default browser app on its smartphones and sending them to remote servers.
Gabi Cirlig, a security researcher, told Forbes that he found his Redmi Note 8 smartphone was recording his activities on Xiaomi’s Mi Browser even when he was browsing via incognito mode or was using the privacy focused DuckDuckGo search engine. This was later confirmed by Andre Tierney, a security researcher, Forbes had reached out to for a second opinion.
In an open letter to press, Manu Jain, Xiaomi India managing director, rubbished the claims, saying that the Mi Browser follows similar protocols as any other leading browser. Jain said the browser does not collect any user data that the user has not explicitly given consent to. All user data in incognito mode is encrypted and anonymised.
Jain added that several reputed and international third party organisations such as TrustArc and British Standard Institution (BSI) have certified the security and privacy practices of Xioami smartphones and default apps, including the Mi Browser.
On allegations that user data is being sent to remote servers in Singapore and Russia with web domains hosted in Beijing, Jain that all Mi Browser and Mi Cloud data of Indian users is stored locally in AWS servers within India.
To provide more clarification on data collection, Xiaomi has also published a blog post which clarified that the company collects data such as system information, preferences, user interface feature usage, responsiveness, performance, memory usage, and crash reports. However, the data is aggregated and cannot be used to identify an individual.
It also said that users’ browsing data (history) is synced if they have signed into the Mi Account and the data sync function is switched ‘on’ in the Settings. In incognito mode, users’ browsing data is not synced, but aggregate usage statistics data is collected to improve user experience, while maintaining the anonymity of users.