Xiaomi, a Chinese phone brand, makes cheap, high-spec Android phones which are becoming very popular. But are Xiaomi phones safe, or should you be looking elsewhere for your next phone?
🚨 TL;DR: Xiaomi Phones & Data Privacy Concerns 🚨
🚫 Xiaomi Phones’ Privacy Alert: Research reveals significant data privacy risks. Xiaomi tracks your web browsing, search queries, location, and phone interactions, sending this data to servers in Singapore and Russia via Beijing. 🚫
- 📱 Data Tracking: Xiaomi phones alleged to track web history, searches, location, and interactions, regardless of browser or mode.
- 🌍 Data Storage: Tracked data sent to servers in Singapore, Russia, via Beijing.
- 🌐 Browsers Involved: Mi Browser Pro, Mint Browser (over 15M downloads) also track data.
- 🔍 Detailed Findings: Incognito sessions, site visits, searches, news feed interactions stored.
- 📊 Apps Used for Data Collection: Stock MIUI Browser, Mi Browser Pro, Mint Browser.
- 🕵️♂️ Connection to Sensors Data: Xiaomi linked to a Chinese analytics company, denies data sharing.
- 🔐 Encryption Concerns: Data encrypted but with weak base64 method.
- 🔄 Update to Opt-Out: Xiaomi updating browsers for optional data collection, pending Play Store approval.
- 🤷♂️ Personal Take: Writer views Xiaomi’s actions as unacceptable, prefers more secure phone brands.
My advice? Go with something like the Samsung Galaxy A-Series or the Google Pixel 7a. Both are cheap. Need a flagship model? Look at refurbished models; they can be had for around 40% less.
Xiaomi’s modus operandi is simple: make high-spec, good-looking Android phones and then sell them for around half the price of everybody else. This MO has served the company well during the past several years, helping it secure millions of users all over the globe.
You can pick up a high-end Xiaomi phone with killer specs for as little as £27 a month (and that’s with unlimited data too). Or for less than £300 offline. With prices like that, it is easy to see why Xiaomi is now one of the biggest phone brands on the planet.
But if you’re in the US, you need to be careful – only a select few carriers will support Xiaomi phones.
Price is one thing. But what about security and privacy? Xiaomi is a Chinese company and, according to more than one source, is not as trustworthy with your data and/or privacy as other, US-based firms like Apple and Google. Or Korea’s Samsung. And this is something you will want to think about very carefully before buying a Xiaomi phone.
Are Xiaomi Phones Safe?
With respect to data and privacy, Xiaomi phones have been shown to be unsafe by researchers. Xiaomi phones have been shown to track your web browsing history, regardless of the browser you use, log your search engine queries, monitor your location, and how you interact with the phone. All of this data is then sent to secure servers in Singapore and Russia via Beijing-hosted web servers.
Mi Browser Pro and the Mint Browser, two of Xiaomi’s browsers available inside the Play Store, have also been shown to log and track user data as well. These browsers have been downloaded over 15 million times by users as well. Xiaomi, however, has claimed all of the researcher’s findings are untrue. It says it hasn’t done anything wrong.
As for whether Xiaomi phones are safe, it all depends on who you’d rather deal with? An American company like Apple or Google which are held accountable by constant, round-the-clock scrutiny, or a Chinese company that can do as it pleases with your data once it has harvested it. Me? I’m sticking with my iPhone for the time being. I value my privacy and data just too much.
I have included a detailed overview of what Xiaomi phones allegedly track below. It’s a pretty scary read and by the end, you will almost certainly have issues with using a Xiaomi phone.
Xiaomi Phones & Data Privacy
Unless you’ve been living under a rock for the last couple of weeks, you’ll no doubt have heard about Xiaomi’s recent data-hoarding scandal, where the company was caught storing its users’ browser data on remote servers.
Sounds bad, right?
The stored data included all kinds of stuff, including incognito browsing sessions, website visits, all search engine queries, device metadata, and items viewed on Xiaomi’s news feed. Basically, if you’ve been using a Xiaomi phone, your data and sessions have been stored.
But are Xiaomi phones safe? Can you trust the company to safely handle your data? Or, are you better off going with something from Apple or Google like the iPhone SE 2020 or the Google Pixel 3a instead? Let’s investigate…
And, worse still, whatever you’ve been looking at – from adult content to NSFW, as well as any embarrassing web searches – have all been tracked and stored by Xiaomi on remote servers. Even if you were using Incognito mode on its browsers.
What Apps is Xiaomi Using To Collect Your Data?
According to the research, Xiaomi used the following applications and web browsers to collect and store user data:
- Pre-Installed Stock MIUI Browser
- Mi Browser Pro
- Mint Browser
Combined, these browsers have an install base of over 15 million users. Furthermore, the researchers used the following Xiaomi phones to conduct their tests: Xiaomi Redmi Note 8, Xiaomi Mi A1, Xiaomi Mi 10, Xiaomi Redmi K20, and the Xiaomi Mi Mix 3.
On top of this, the data collected was pinging domains related to a Chinese behavioral analytics company called Sensors Data. Xiaomi is also listed as a customer of Sensors Data. Xiaomi, however, maintains that none of the data is actually shared with Sensors Data. It also said it takes its users’ security seriously and has not breached any protocols.
What Does Xiaomi Have To Say On The Matter?
Following the publishing of the report, Xiaomi issued the following statement on its official blog:
“Xiaomi was disappointed to read the recent article from Forbes. We feel they have misunderstood what we communicated regarding our data privacy principles and policy. Our user’s privacy and internet security is of top priority at Xiaomi; we are confident that we strictly follow and are fully compliant with local laws and regulations. We have reached out to Forbes to offer clarity on this unfortunate misinterpretation.”
The data collected by Xiaomi is encrypted, but it does not use a particularly robust encryption process (base64), so extracting information via decoding wouldn’t be too tricky if you had the right tools and know-how. And because of the nature of the data, third parties could almost certainly use elements of the data to build a fairly specific profile on individuals.
In the wake of these claims, Xiaomi has now updated its Mint and Mi Browsers so users can opt out of “aggregated” data collection. All you have to do is toggle the switch and this will stop any of the above things from happening – or, at least, that’s the idea. The update is not live yet, however, and is awaiting approval before it can go live in the Google Play Store.
How Bad Is This?
This is a huge problem that affects millions of people. Xiaomi was caught doing nefarious things with its customers’ data, then proceeded to deny it was doing anything wrong, and then issued an update to resolve it. It didn’t, at any point, admit it had done anything wrong.
And sadly for Xiaomi, it does not have Jedi mind powers. The writing is now on the wall for all to see.
Your phone is an extension of you. It is the thing you interact with most. It knows more about you than your closest family members and, for this reason, it is incredibly important that all data that is processed by it is handled in a secure and transparent fashion. It definitely should not be offloaded and saved to a remote server. That should never happen.
For me, this is unforgivable. I honestly couldn’t believe what I was reading when I initially read the report. How did Xiaomi think it’d get away with this kind of thing? It’s crazy to think just how far this might have gone had the researchers not isolated what was going on – it could have been months or years before these practices were found out.
Would I use a Xiaomi phone after this? Absolutely not. And if I did, I would root the device, removing ALL Xiaomi software, trackers, and settings from the phone. Then I’d install a custom ROM on the phone and ONLY then would I feel safe using it. But no one wants to do that, so the next best option would be to just not use Xiaomi phones.
Need something cheap? Get a Pixel 7a – or, better yet, a
refurbished iPhone . The iPhone 13 is now very good value.
