rottenmelon
资深人士
- 注册
- 2016-12-06
- 消息
- 7,682
- 荣誉分数
- 2,132
- 声望点数
- 223
Xiaomi Devices Found Tracking And Recording Browsing Data Of Millions
The tracking extends to browser's Incognito mode as well
By
Charanjeet Singh
-
May 1, 2020
Xiaomi has been tracking and recording an insane amount of private data, from user’s phone habits to queries in the Xiaomi’s default browsers.
According to a cybersecurity researcher, Cirlig, Xiaomi records all the search queries and items viewed on its default browser (Mi Browser Pro) as well as on the Mint browser. The tracking extends to Incognito mode as well.
The researcher was able to confirm the same pattern on other Xiaomi phones, including Mi 10, Redmi K20, and Mi MIX 3.
Xiaomi, in response, confirmed that it collects browsing data. However, the company says the data sent is anonymized, and users have consented to the data tracking. Meanwhile, it denied claims of information being monitored in Incognito mode.
The researcher, however, was able to prove that Xiaomi is recording Incognito mode data as well. In a video, he showcases how the information of him visiting a porn website in incognito mode is being sent to the servers.
When shown with proof, Xiaomi said, “collection of anonymous browsing data, is one of the most common solutions adopted by internet companies.”
Is it really anonymous?
When the information tracked in browsers is compiled with phone’s “metadata” collected by Xiaomi, Cirlig says the company can easily identify a single person.
My main concern for privacy is that the data sent to their servers can be very easily correlated with a specific user
Other than the browser data, Cirlig also noticed monitoring in Xiaomi apps and his touches on every screen. For instance, he observed the Xiaomi default music player app collecting information on his listening habits.
Upon much digging, the researcher was able to connect the app’s data monitoring with SensorDataAPI, which enables third-party access to app data. In the case of Xiaomi, the third-party was Sensors Analytics, a startup known for tracking users.
While Xiaomi validated the findings, it claimed that the data collected by Sensors Analytics remains anonymous and is stored on Xiaomi’s personal servers.
The tracking extends to browser's Incognito mode as well
By
Charanjeet Singh
-
May 1, 2020
Xiaomi has been tracking and recording an insane amount of private data, from user’s phone habits to queries in the Xiaomi’s default browsers.
According to a cybersecurity researcher, Cirlig, Xiaomi records all the search queries and items viewed on its default browser (Mi Browser Pro) as well as on the Mint browser. The tracking extends to Incognito mode as well.
The researcher was able to confirm the same pattern on other Xiaomi phones, including Mi 10, Redmi K20, and Mi MIX 3.
Xiaomi, in response, confirmed that it collects browsing data. However, the company says the data sent is anonymized, and users have consented to the data tracking. Meanwhile, it denied claims of information being monitored in Incognito mode.
The researcher, however, was able to prove that Xiaomi is recording Incognito mode data as well. In a video, he showcases how the information of him visiting a porn website in incognito mode is being sent to the servers.
When shown with proof, Xiaomi said, “collection of anonymous browsing data, is one of the most common solutions adopted by internet companies.”
Is it really anonymous?
When the information tracked in browsers is compiled with phone’s “metadata” collected by Xiaomi, Cirlig says the company can easily identify a single person.
My main concern for privacy is that the data sent to their servers can be very easily correlated with a specific user
Other than the browser data, Cirlig also noticed monitoring in Xiaomi apps and his touches on every screen. For instance, he observed the Xiaomi default music player app collecting information on his listening habits.
Upon much digging, the researcher was able to connect the app’s data monitoring with SensorDataAPI, which enables third-party access to app data. In the case of Xiaomi, the third-party was Sensors Analytics, a startup known for tracking users.
While Xiaomi validated the findings, it claimed that the data collected by Sensors Analytics remains anonymous and is stored on Xiaomi’s personal servers.
