The question of privacy it is seen with much interest in the western market. Although it exists in China (unlike it may seem), it does not have the same value as we do. Especially in Italy, the confidentiality factor is very dear to us. We have seen that with the MIUI 12 privacy has been put first with a series of features that will allow our data not to leave the smartphone in any way. But will it really be so? An investigation of Forbes could tell us the opposite though Xiaomi denies what the well-known newspaper is persistently flaunting. Let's see what happened.
The privacy of Xiaomi users would not be guaranteed by some native applications: so Forbes says in an article that ignites the web
According to what revealed by Forbes, our brand would stand collecting data without our knowledge through some applications like the integrated browser or even Mint, the ultralight browser developed by the company itself. A researcher from the cybersecurity would have found that certain of his behaviors were traced by Xiaomi and that the data relating to this was not only easily decrypted but also moved to remote servers. The amazing thing is that these servers are not from Xiaomi, but from Alibaba, company that we all know through the figure of Jack Ma (who currently does not hold the role of CEO).
The web security expert found out that Xiaomi has recorded all the websites you visited, including search engine queries, both with Google and with DuckDuckGo (engine focused mainly on privacy) also using the incognito mode. The smartphone that the user used is a Redmi Note 8 but in reality he says the model is indifferent: tests have also been made with Xiaomi Mi 10, Redmi K20 and Xiaomi Mi Mix 3 and the result has always been the same. Incredible is the fact that even the offline searches, those that occur without accessing the internet (so let's put the status bar scrolling, the pages viewed on settings), have been traced: in fact, this Gabi Cirlig would have found evidence that these data were sent to remote servers in Russia despite the dominance was fixed in Beijing.
The Chinese company has always confirmed that these data are encrypted in such a way as to be made safe but the reality, according to Cirlig, is different. Indeed, he himself would find a way to decrypt this data in a decidedly easy way so as to read them and show that Xiaomi was telling the fake. He would then say
"My main privacy concern is that the data sent to their servers can be easily correlated with a specific user"
Xiaomi responds to the accusations made by Forbes in the privacy field
Xiaomi's response to these infamous accusations was:
"The claims of such research are not true"
"Privacy and security are paramount to us"
"[Xiaomi] strictly follows and fully complies with local laws and regulations regarding the privacy of user data".
Cirlig would also have understood that not only the navigation data (online and offline) to have been "stolen" but also those relating to smartphone model and the Android version of the latter. According to him, these data can be used to trace the physical person who owns this model of device. In this regard, the company has reassured that the data that was viewed by Cirlig would be encrypted in such a way as to maintain an anonymous form and therefore the user's sensitive information would not be in danger. To dispel this fact there is History of PornHub the cybersecurity expert who was visible at the time of the check on a remote server.
But for what reason Xiaomi, if this matter were true, is "stealing" this data. Not to sell them, according to the Forbes research team. Simply (if we can say so) these data and metadata are collected to understand user habits. Sensor Analytics would be the company in charge of collect this data for Xiaomi. She herself claims to have relationships but, as well as for the direct interested party, confirms that the data reaches its databases completely anonymously.
In short, Xiaomi according to Forbes would be doing what Google and Facebook have been doing for some time... even if in a more "aggressive" way. What do you think about it? The privacy issue is very thorny and we would like to know yours.
SECURITY UPDATE TRAINING
Xiaomi has further expressed on the matter through a statement which, kindly, has been communicated to us by Xiaomi Italy. We report it below.
“Xiaomi is disappointed to read the recent article on Forbes. We believe that what we have communicated about our data privacy principles and policies has been misunderstood. In Xiaomi, privacy and internet security of users is of the highest priority; we are confident that we will act strictly and fully in accordance with local laws and regulations. We contacted Forbes to clarify this misinterpretation. "
We therefore expect an update from Forbes.