Xiaomi accused of sneakily collecting vast amounts of private data from its users

Xiaomi Mi A3
Xiaomi Mi A3 (Image credit: Android Central)

What you need to know

  • Xiaomi has been accused of collecting more data than would reasonably be anticipated from smartphone users.
  • A report from Forbes spotted data from incongito mode being routed to servers in Russia and Singapore.
  • Xiaomi denied the allegations, arguing that it was strictly abiding by local regulations.

Browsing on incognito mode may not be as private as users think if you're using a Xiaomi phone. As per a report from Forbes (working with security researcher Gabi Cirlig), the default Xiaomi browser was sending records of every website users accessed, even while they were in incognito mode.

Forbes reports:

The device was also recording what folders he opened and to which screens he swiped, including the status bar and the settings page. All of the data was being packaged up and sent to remote servers in Singapore and Russia, though the Web domains they hosted were registered in Beijing. [...] lI]t wasn't just the website or Web search that was sent to the server. Xiaomi was also collecting data about the phone, including unique numbers for identifying the specific device and Android version. Cirlig said such "metadata" could "easily be correlated with an actual human behind the screen."

Xiaomi's phones are cheap and cheerful, offering powerful specs for prices below what more mainstream OEMs like Samsung or even Huawei would charge. The firm has seen great success with this tactic, even beating out Huawei, OPPO, and Vivo last quarter. Its seeming disregard for privacy now serves to call into question the hidden costs of cheap smartphones.

Of course, Xiaomi disagrees with Forbes' assessment. In response to the article, the company gave the following statement to Android Central:

Xiaomi was disappointed to read the recent article from Forbes. We feel they have misunderstood what we communicated regarding our data privacy principles and policy. Our user's privacy and internet security is of top priority at Xiaomi; we are confident that we strictly follow and are fully compliant with local laws and regulations. We have reached out to Forbes to offer clarity on this unfortunate misinterpretation.

But, as Forbes points out, Xiaomi collects a lot more than just general browsing data like searches and websites visited. Even giving Xiaomi the benefit of the doubt, it all boils down to a problem of trust. People may expect their carrier or broadband provider to be able to access some of their data in incognito mode, but for the browser maker, itself to be doing so violates expectations. People may expect Spotify to track their listening data, but not Xiaomi. Few people consciously expect homepage swipes to be tracked. When trust between data handlers and the public fails in small matters, it becomes harder for their statements to ring true on more significant issues.

"When Forbes provided Xiaomi with a video made by Cirlig showing how his Google search for "porn" and a visit to the site PornHub were sent to remote servers, even when in incognito mode, the company spokesperson continued to deny that the information was being recorded," Forbes noted.

Does Google sell your personal data?

Have you listened to this week's Android Central Podcast?

Android Central

Every week, the Android Central Podcast brings you the latest tech news, analysis and hot takes, with familiar co-hosts and special guests.

  • Subscribe in Pocket Casts: Audio
  • Subscribe in Spotify: Audio
  • Subscribe in iTunes: Audio
Michael Allison