The Chinese smartphone manufacturer Xiaomi stores data and user behavior without their knowledge. IT specialists have found out.
- IT specialists have made serious allegations against the Chinese smartphone manufacturer Xiaomi .
- The tech company should collect user data without their knowledge and store it on its own server.
- The stored data can then be clearly assigned to the respective user .
Beijing - The devices from the Chinese smartphone manufacturer Xiaomi are considered a cheap alternative to the market leaders Apple and Samsung - and therefore enjoyed some popularity in Germany. Since the beginning of May, however, US IT specialists have been making serious allegations against the Chinese company .
Smartphones with security concerns: Xiaomi is supposed to spy on users
As Forbes magazine, citing the IT specialists reported Gabi Cirlig that are users of Xiaomi smartphones spied by the manufacturer. Cirlig found out that all websites that he had accessed via the browser of his Xiaomi Redmi Note 8 were registered by the smartphone manufacturer and sent to a specially rented server.
In addition, the search terms that Cirlig had entered on Google or alternative search engines such as DuckDuckGo were also sent to Xiaomi. With this wealth of data, his identity and private life are uncovered and saved by a company, according to the IT specialist.
Serious allegations against Chinese smartphone manufacturers: data is stored without user knowledge
The data would also be collected if you used the browser in "incognito mode". A mode that is actually intended for special privacy protection. Further investigation revealed that even Browser Apps *, the Xiaomi had developed for Google's Android operating system, in the same way user data store. These are the “Mi Browser Pro” and “Mint Browser” apps, which have been downloaded more than 15 million times from the Google Play Store - where apps like WhatsApp * are also offered.
Cirlig assumes that these security concerns also apply to other Xiaomi smartphones , such as the Mi10, the Redmi K20 and the Mi MIX 3. While the Chinese company claims that data transmission is generally encrypted, Cirlig managed to crack the encryption with little effort. It would therefore be possible for Xiaomi to assign the collected data to a specific user .
Major security vulnerability at Xiaomi: Chinese company rejects allegations
The smartphone manufacturer rejected the allegations as false and emphasized that " privacy and security " were among the most important points in the company . Xiaomi adheres to the applicable laws and regulations when it comes to data protection . In addition, the accusations were rejected, the browser also collects and sends data in “incognito mode”. However, this is exactly what Cirlig and other IT experts have demonstrated quite convincingly.
So Xiaomi just released a blog post about them not recording anything in incognite mode. Why do they have this flag inside the stuff they exfiltrate then?
cc @cybergibbons pic.twitter.com/EJRAfkjaH0
Especially when compared with other popular browsers such as Chrome or Safari ste Xiaomis app represent a special case. "It's a lot worse than mainstream browsers I've seen," says Cirlig. Many browsers would collect analysis data, for example, to help correct errors, but Xiaomis is at a different level. "It couldn't be worse", the IT expert concluded.
Special care should also be taken when using the smartphone during the ongoing Corona crisis.
* merkur.de is part of the nationwide Ippen-Digital editors network.
fd