Mi and Redmi smartphone users can now opt-in or out of this “unwanted” feature of their phones.
Xiaomi is apparently stepping up its privacy game. More precisely, it is further strengthening the control it grants users over sharing their own data with the company. How is it doing that? Well, by letting its smartphone users choose whether or not they want Xiaomi to track their private browsing data. That’s after claiming, it wasn’t keeping tabs on what users were doing on their Mi and Redmi phones while browsing in incognito mode, initially.
While it isn’t revealing why it, or for that matter any company, would track users searching the web in private mode, at least, it’s now admitting that that’s indeed the case. In other words, Xiaomi most likely has access to everything that Mi and Redmi smartphone users are browsing on the web, even if they’re browsing in incognito, and as it turns out, it isn’t even planning to put an end to this “severe” breach of privacy anytime soon. Rather, Mi and Redmi smartphone users can now opt-in or out of this “unwanted” feature of their phones.
On April 30, Forbes came out with a highly controversial report, accusing Xiaomi of collecting “private” web and phone usage data of its users. This was allegedly being done via Xiaomi’s browser products, namely, Mi Browser (which is the default browser in all Xiaomi phones), Mi Browser Pro, and Mint Browser. The source of the report was cybersecurity researcher Gabi Cirlig, who found his Redmi Note 8 phone “curiously” packaging and sending his data — both web and phone usage — to remote servers in Singapore and Russia. Those servers were apparently rented by Xiaomi from China’s technology giant Alibaba. Forbes followed things up with their own seemingly independent investigation with the help of another cybersecurity researcher, called Andrew Tierney. The results did not come out in favour of Xiaomi this time either.
What was particularly baffling about the Forbes report and the simultaneous investigation was that Xiaomi appeared to be tracking the user’s browsing data — websites visited, search engine queries (Google or even the privacy-focused DuckDuckGo), plus items viewed on Xiaomi’s news feed widget — even while in incognito mode. That’s just wrong, on so many levels.
Xiaomi however refuted the whole report, going so far as to say, it wasn’t doing anything inside its browsers, that other browsers weren’t already doing. Xiaomi India head Manu Kumar Jain had also sprung into action defending the company via an open letter and via a video post, reiterating that the “Mi Browser & all Mi internet products are 100% safe. Moreover all data of Indian users is stored locally in India.”
Regardless, there was one thing, or statement, that really stood out within Xiaomi’s defence. While it did not openly admit of tracking users in incognito, right away, it did say on record that the “whole process is anonymous and encrypted. The collection of aggregated usage statistics data is used for internal analysis, and we do not link any personally identifiable information to any of this data.” That in addition to claiming that “all collected usage data is based on permission and consent given explicitly by our users.”
This was followed by Andrew Tierney releasing a video on Twitter, demonstrating how Xiaomi’s Mint browser was not only collecting user data in private mode, but it was also possible to trace this data to an individual user basis of an assigned UUID (universally unique identifier) for at least up to 24 hours. Moreover, it was also possible for hackers to decrypt this data easily on the receiving end even though it was being transferred in an encrypted form.
Even when it was being defensive and all, Xiaomi was right about one thing. Almost all web browsers track users in some form or the other. Also, in a large number of cases, the motive behind this is to improve the user experience. Users are also well aware of this. So in case they do want some privacy, going incognito has always been the way to go. But with the whole Xiaomi fiasco, it looks like, nothing is really “private” when you’re online. You’re basically on your own.
If you’re still looking for some privacy on your Xiaomi smartphone though, the latest versions of Mi Browser/Mi Browser Pro (v12.1.4), and Mint Browser (v3.4.3), include an “option in incognito mode for all users of both browsers to switch on/off the aggregated data collection.” It’s not on by default, so you’ll need to do it manually, and hope, just hope, that no one’s watching you — finally.