Chinese Company Xiaomi collecting data from Browsing even from Incognito mode
Xiaomi once again faces allegations that it is silently sending user data to remote servers. Security researchers claim that the Chinese company, which leads the smartphone market in India and is amongst the top-five smartphone makers globally, has provided loopholes on its phones to transmit data to remote servers hosted by Alibaba. Amongst other preloaded apps, the default Web browser on Xiaomi's Redmi and Mi series phones were found recording Web history of users even when switched to “incognito” mode. Xiaomi has denied the claims, and added that while it tracks some anonymous browsing data, it does not share this with third-parties.
Security researchers Gabi Cirlig and Andrew Tierney were able to spot various backdoors in Xiaomi phones that help the company obtain user data, without getting any consent from its users, reported Forbes. Cirlig discovered that his Redmi Note 8 was “watching much of what he was doing on his phone” and was sending all that data to remote servers hosted by Alibaba.
The researcher said that his identity and his private life were being exposed through the loopholes that Xiaomi seems to have intentionally added to the software available on the Redmi phone. Further, he was able to find that the company was recording details even when he was browsing the Web on his phone using the incognito mode. In addition to the browsing data, Cirlig's Redmi Note 8 was allegedly recording what folders he opened and which screens he swiped. This includes the status bar and the settings page. All that data is said to have been transported to remote servers located in Singapore and Russia, hosted by the Web domains registered in Beijing, where Xiaomi has its headquarters.