Xiaomi, a Chinese phone brand, makes cheap, high-spec Android phones which are becoming very popular. But are Xiaomi phones safe, or should you be looking elsewhere for your next phone?
Xiaomi’s modus operandi is simple: make high-spec, good-looking Android phones and then sell them for around half the price of everybody else. This MO has served the company well during the past several years, helping it secure millions of users all over the globe.
You can pick up a high-end Xiaomi phone with killer specs for as little as £27 a month (and that’s with unlimited data too). With prices like that, it is easy to see why Xiaomi is now one of the biggest phone brands on the planet.
But are Xiaomi phones safe? Can you trust the company to safely handle your data? Or, are you better off going with something from Apple or Google like the iPhone SE 2020 or the Google Pixel 3a instead? Let’s investigate…
Xiaomi Phones & Data Privacy
Unless you’ve been living under a rock for the last couple of weeks, you’ll no doubt have heard about Xiaomi’s recent data-hoarding scandal, where the company was caught storing its users’ browser data on remote servers.
Sounds bad, right?
The stored data included all kinds of stuff, including incognito browsing sessions, website visits, all search engine queries, device metadata, and items viewed on Xiaomi’s news feed. Basically, if you’ve been using a Xiaomi phone, your data and sessions have been stored.
And, worse still, whatever you’ve been looking at – from adult content to NSFW, as well as any embarrassing web searches – have all been tracked and stored by Xiaomi on remote servers. Even if you were using Incognito mode on its browsers.
What Apps is Xiaomi Using To Collect Your Data?
According to the research, Xiaomi used the following applications and web browsers to collect and store user data:
- Pre-Installed Stock MIUI Browser
- Mi Browser Pro
- Mint Browser
Combined, these browsers have an install base of over 15 million users. Furthermore, the researchers used the following Xiaomi phones to conduct their tests: Xiaomi Redmi Note 8, Xiaomi Mi A1, Xiaomi Mi 10, Xiaomi Redmi K20, and the Xiaomi Mi Mix 3.
On top of this, the data collected was pinging domains related to a Chinese behavioral analytics company called Sensors Data. Xiaomi is also listed as a customer of Sensors Data. Xiaomi, however, maintains that none of the data is actually shared with Sensors Data. It also said it takes its users’ security seriously and has not breached any protocols.
What Does Xiaomi Have To Say On The Matter?
Following the publishing of the report, Xiaomi issued the following statement on its official blog:
“Xiaomi was disappointed to read the recent article from Forbes. We feel they have misunderstood what we communicated regarding our data privacy principles and policy. Our user’s privacy and internet security is of top priority at Xiaomi; we are confident that we strictly follow and are fully compliant with local laws and regulations. We have reached out to Forbes to offer clarity on this unfortunate misinterpretation.”
The data collected by Xiaomi is encrypted, but it does not use a particularly robust encryption process (base64), so extracting information via decoding wouldn’t be too tricky if you had the right tools and know-how. And because of the nature of the data, third-parties could almost certainly use elements of the data to build a fairly specific profile on individuals.
In the wake of these claims, Xiaomi has now updated its Mint and Mi Browsers so users can opt-out of “aggregated” data collection. All you have to do is toggle the switch and this will stop any of the above things from happening – or, at least, that’s the idea. The update is not live yet, however, and is awaiting approval before it can go live in the Google Play Store.
How Bad Is This?
This is a huge problem that affects millions of people. Xiaomi was caught doing nefarious things with its customers’ data, then proceeded to deny it was doing anything wrong, and then issued an update to resolve it. It didn’t, at any point, admit it had done anything wrong. And sadly for Xiaomi, it does not have Jedi mind powers. The writing is now on the wall for all to see.
Your phone is an extension of you. It is the thing you interact with most. It knows more about you than your closest family members and, for this reason, it is incredibly important that all data that is processed by it is handled in a secure and transparent fashion. It definitely should not be offloaded and saved to a remote server. That should never happen.
For me, this is unforgivable. I honestly couldn’t believe what I was reading when I initially read the report. How did Xiaomi think it’d get away with this kind of thing? It’s crazy to think just how far this might have gone had the researchers not isolated what was going on – it could have been months or years before these practices were found out.
Would I use a Xiaomi phone after this? Absolutely not. And if I did, I would root the device, removing ALL Xiaomi software, trackers, and settings from the phone. Then I’d install a custom ROM on the phone and ONLY then would I feel safe using it. But no one wants to do that, so the next best option would be to just not use Xiaomi phones.
Fortunately, you now have plenty of good options when it comes to cheaper phones. Apple’s iPhone SE 2020 is a fantastic option, and so too is Google’s Pixel 3a – my current daily driver. And then, later this year, you’ll have the Google Pixel 4a to consider as well. You can get all of these phones for between $300-$400 too, so they’re priced the same as Xiaomi handsets.
From Our Sponsors:
Save 40% on iPhones & Samsung Galaxy Phones via Gazelle – The USA’s #1 Refurb Specialist