Skip to main content

Xiaomi Phones Track Your Data When Using Their Browser

By May 18, 2020May 5th, 2022Cybersecurity

Do you have a Chinese-made Xiaomi phone?

If so, you should be aware that there is a security issue.

According to research conducted by Forbes, the Mi Browser that comes built into the phone sends your internet searches to Xiaomi servers located in both Russia and Singapore.

Worse, it sends search data associated with incognito browser sessions.Worst of all, it includes enough data to allow the company to single out individual users for detailed tracking.

It’s not just the browser though. The phone tracks a wide range of user activities, including what folders a user opens, all of the screens a user views, the configuration settings, and even what songs a user plays using Xiaomi’s built-in music app.

In addition to that, the company makes a lightweight browser called “Mint” which has been downloaded more than fifteen million times, according to Google Play Store statistics. A separate line of research also revealed that it exhibits the same tracking behavior.

All of this was carefully documented and verified by speaking with company officials before being written about in Forbes. Xiaomi’s senior management was not amused.

Xiaomi responded with a video rebuttal and a lengthy blog post, stating in part:

Xiaomi was disappointed to read the recent article from Forbes. We feel they have misunderstood what we communicated regarding our data privacy principles and policy. Our user’s privacy and internet security is of top priority at Xiaomi; we are confident that we strictly follow and are fully compliant with local laws and regulations. We have reached out to Forbes to offer clarity on this unfortunate misinterpretation.”

In response, the researchers behind the piece tweeted proof, taking screen shots of the tracking code indicating the exact search term used in the test.

So far, Xiaomi has not responded to the evidence, but the bottom line is that the researchers appear to be spot on. There’s little the company could say to refute the overwhelming evidence provided. Be mindful of that if you have a Xiaomi phone.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.