Xiaomi accused of sneakily collecting vast amounts of private data from its users

Xiaomi Mi A3
Xiaomi Mi A3 (Image credit: Android Central)

What you need to know

  • Xiaomi has been accused of collecting more data than would reasonably be anticipated from smartphone users.
  • A report from Forbes spotted data from incongito mode being routed to servers in Russia and Singapore.
  • Xiaomi denied the allegations, arguing that it was strictly abiding by local regulations.

Browsing on incognito mode may not be as private as users think if you're using a Xiaomi phone. As per a report from Forbes (working with security researcher Gabi Cirlig), the default Xiaomi browser was sending records of every website users accessed, even while they were in incognito mode.

Forbes reports:

The device was also recording what folders he opened and to which screens he swiped, including the status bar and the settings page. All of the data was being packaged up and sent to remote servers in Singapore and Russia, though the Web domains they hosted were registered in Beijing. [...] lI]t wasn't just the website or Web search that was sent to the server. Xiaomi was also collecting data about the phone, including unique numbers for identifying the specific device and Android version. Cirlig said such "metadata" could "easily be correlated with an actual human behind the screen."

Xiaomi's phones are cheap and cheerful, offering powerful specs for prices below what more mainstream OEMs like Samsung or even Huawei would charge. The firm has seen great success with this tactic, even beating out Huawei, OPPO, and Vivo last quarter. Its seeming disregard for privacy now serves to call into question the hidden costs of cheap smartphones.

Of course, Xiaomi disagrees with Forbes' assessment. In response to the article, the company gave the following statement to Android Central:

Xiaomi was disappointed to read the recent article from Forbes. We feel they have misunderstood what we communicated regarding our data privacy principles and policy. Our user's privacy and internet security is of top priority at Xiaomi; we are confident that we strictly follow and are fully compliant with local laws and regulations. We have reached out to Forbes to offer clarity on this unfortunate misinterpretation.

But, as Forbes points out, Xiaomi collects a lot more than just general browsing data like searches and websites visited. Even giving Xiaomi the benefit of the doubt, it all boils down to a problem of trust. People may expect their carrier or broadband provider to be able to access some of their data in incognito mode, but for the browser maker, itself to be doing so violates expectations. People may expect Spotify to track their listening data, but not Xiaomi. Few people consciously expect homepage swipes to be tracked. When trust between data handlers and the public fails in small matters, it becomes harder for their statements to ring true on more significant issues.

"When Forbes provided Xiaomi with a video made by Cirlig showing how his Google search for "porn" and a visit to the site PornHub were sent to remote servers, even when in incognito mode, the company spokesperson continued to deny that the information was being recorded," Forbes noted.

Does Google sell your personal data?

Have you listened to this week's Android Central Podcast?

Android Central

Every week, the Android Central Podcast brings you the latest tech news, analysis and hot takes, with familiar co-hosts and special guests.

  • Subscribe in Pocket Casts: Audio
  • Subscribe in Spotify: Audio
  • Subscribe in iTunes: Audio (opens in new tab)
Michael Allison
  • What a surprise 😄 /s Obviously most people in India/China don't think it's a big deal. And the counter argument is do you trust Apple, Google, Microsoft? Answer is yes to some extent I do and the answer from the other side is probably they trust Xiaomi and other big Chinese companies.
  • You can definitely trust Apple but not Microsoft but maybe Google to an extent after Apple.
  • Back on the apple juice again i see. Apple is just as bad as anyone else. If not worse. With google and Microsoft they tell exactly what they use, Apple....NOPE. Until they are caught then they back pedal to the minions. They take the fruits word every time too.
  • If you buy these Chinese phones, you are getting what you deserve. It is time to boycott these companies for good.
  • This is why I'll never purchase Chinese spy phones.
  • Not all Chinese phones collect your data, OnePlus phones don't collect your data.
  • HA HA. Beno, check your facts buddy. They do, and not only that, they collected the credit information of countless users and used it without their consent...Better go back and read instead of fanboying like you always do.
  • That's the spirit. We only stick to good ol US spy phones around here 🇺🇸
  • I don't think people understand incognito mode. It doesn't retain information about your browsing, on your device. You aren't saving cookies, browser histories, etc. Does nothing about what happens off device. Not like it spoofs your IP address, or prevents anything else from establishing a connection. If you don't want to be tracked, you need a VPN. Even that though would possibly allow a third party, or browser process, to talk to whoever they wanted, just through the VPN. That takes your ISP out of the loop, by putting an envelope around your stuff between you and the VPN provider. From there it looks like it came from the VPN provider. If it then talks to someone in China, they have whatever was put in the envelope to begin with.
  • Newsflash: A Chinese phone company collects tons of metadata from customers.
    In other news, the Pope is catholic, and water is wet.