Chinese phone manufacturer caught using a backdoor, but it's not Huawei or ZTE
Last year, Xiaomi was the fourth-largest smartphone manufacturer in the world after shipping approximately 125.5 million units. The company has done an amazing job in India, the world’s second-largest smartphone market. That’s because Xiaomi produces handsets priced appropriately for the developing country; using a value for money retail strategy, Xiaomi has done very well in India.
Xiaomi’s browsers have been sending user data to servers registered in Beijing
Xiaomi has responded by saying that the data it was sending to the servers was encrypted. But Cirlig said that he was able to crack the code in seconds. The cybersecurity expert also said, “My main concern for privacy is that the data sent to their servers can be very easily correlated with a specific user.” That’s because the data being sent to the servers included metadata associated with a specific device including its unique ID number and the Android version that it runs. Cirlig says that this data can “easily be correlated with an actual human behind the screen.”
The manufacturer contradicted itself saying that the research claims weren’t true and that the company “strictly follows and is fully compliant with local laws and regulations on user data privacy matters.” But a spokesman for Xiaomi admitted that it was collecting data which was anonymized to prevent it from being tied to specific individuals. When Forbes showed Xiaomi a video that confirmed the behavior of the browser claimed by Cirlig, the company responded by saying, “This video shows the collection of anonymous browsing data, which is one of the most common solutions adopted by internet companies to improve the overall browser product experience through analyzing non-personally identifiable information.”
Today, the company wrote that it will send out an update to its browsers that will prevent a user’s internet travels from being sent through Xiaomi’s servers. There also will be an option in incognito mode to toggle on or toggle off data collection. Xiaomi said, “We believe this functionality, in combination with our approach of maintaining aggregated data in non-identifiable form, goes beyond any legal requirements and demonstrates our company’s commitment to user privacy.”