Forbes published a very important warning for Xiaomi smartphone users - it turned out that the devices collected all information about user activities and delivered them to servers located in Russia and Singapore. If this is confirmed, Xiaomi will have an uninteresting situation.
There is a lot of evidence. First, a cyber security expert Gabi Cirlig discovered that his Redmi Note 8 tracked his phone usage behavior (opened folders, sliding screens, items from the status bar and settings menu, music listened to using the default player), and then transmitted this data on servers hosted by Alibaba in Singapore and Russia, which have been leased by Xiaomi. But that's not all, when he used the default browser, the smartphone registered all pages, search engine queries and viewed items - moreover, data was collected and sent even when the incognito mode was used. The same code to track user behavior was also found by Cirlig on Redmi K20, Mi 10 and Mi Mix 3. Xiaomi ensures that the data is encrypted, although Cirlig said that he was able to decode it without any problems and get readable information from them.
Forbes contacted Xiaomi - the manufacturer confirmed that the company collects data, but anonymizes it for privacy reasons. Xiaomi also claims that users have agreed to track their browsing history. The company, however, denied that information was tracked when the browser used incognito mode - despite the photos and recordings presented.
Xiaomi statement and position
Xiaomi made a statement regarding the matter described:
Xiaomi was disappointed to read the recent article from Forbes. We feel they have misunderstood what we communicated regarding our data privacy principles and policy. Our user’s privacy and internet security is of top priority at Xiaomi; we are confident that we strictly follow and are fully compliant with local laws and regulations. We have reached out to Forbes to offer clarity on this unfortunate misinterpretation.
In connection with Forbes' article, Xiaomi prepared answers to the allegations - they were posted on a blog that is to be updated as the situation develops. The company shows in detail what information and where it is transmitted, what encryption is used and what certifications Xiaomi software has received in terms of privacy and security.