Xiaomi brand phones: A spy for China?

May 9, 2020
xiaomi information privacy concerns data privacy infosec information security

Recently cybersecurity solutions researchers Gabi Cirlig and Andrew Tierney produced a report on their Xiaomi experience. They have confirmed that Xiaomi, through their testing on RedMi Note 8, picks up its users’ tracks and stores it on a server on China. This is from the initial report on Forbes that this type of behavior is being recorded with or without the user’s permission. They included in the checklist from the information that Xiaomi is capturing are browsing history, device number, and android versions that could identify a specific user. Aside from the mentioned information, much stealthier is that it can even record browsing history despite being in Incognito or DuckDuckGo application.

For this same reason for possible internet phishing, it has led to the banning of another China company in the US – Huawei Technology. Accused of possible spying to the military intelligence of the US with the use of embedded technologies, all Huawei products have been recalled. Products like phones, security cameras, and other appliances that are controlled or labeled under the Internet on Things (IoT), may send sensitive information and be controlled remotely from China. Though these allegations still need to be investigated and be concluded with hard evidence.

Due to this recorded behavior and analytics, many users are negatively experiencing excessive ads and apps suggestions pre-installed with the OEM Android OS on each product. These may flood the phone and users with much application that needs different or specific permission that may further compromise their privacy and security. Reportedly more than 680 apps were penalized in China alone due to this possible breach. In which, researchers may have misunderstood the action of Xiaomi on their data gathering procedure.

However, Xiaomi explained that the information they gathered through Website Scanning is used solely to create a better customer experience of their product. The data they collected is anonymous and used by most internet companies, unlike as reported that can identify a specific user. The analytics of the data collected will be used in designing and creating a new product that is in line with the current technology and trends that are adaptive to the need for a specific user. They also added that privacy and security are on their highest priority and ensured to the public that the gathered data are secured and will only be accessible by the company.


About the author

Leave a Reply