Xiaomi phones are cheap. But it isn’t just the RRP of the phones that is low, Xiaomi’s ethical approach to data and tracking is too – and this should concern you…
Xiaomi phones are cheap, packed with great specs and features, and, most of the time, ship with very competitive camera modules. This combination of price, great specs, and good looking design has helped the Chinese company grow from a nobody to one of the most popular phone brands on the planet inside the last half-decade.
But all is not as it seems. From the perspective of a consumer, Xiaomi phones seem cheap and cheerful, a value for money option for those that want high-end specs and design but cannot afford the latest and greatest flagship model from Apple or Samsung. But dig a little deeper and you’ll find something rather sinister about Xiaomi and its phones.
Is Xiaomi Spying On You Through Its Phones?
In the age of paranoia, the last thing you want to have to worry about is your phone spying on you, sending secure data about your habits, location, and web searches back to China. But this is exactly what Xiaomi phones do – and it doesn’t matter how “locked-down” you make the phone, the data, meaning your personal data, will still be extracted.
Just how bad is this problem? According to one researcher, Gabi Cirlig, Xiaomi phones are essentially “a backdoor with phone functionality” – and that backdoor leads straight to secure servers in China via places like Russia and Singapore. Cirlig, a cyber security expert, and ex-Xiaomi user discovered that data, personal, usually secure data, was being extracted from his RedMi Note 8 which was bought via Alibaba.
When he looked around the Web on the device’s default Xiaomi browser, it recorded all the websites he visited, including search engine queries whether with Google or the privacy-focused DuckDuckGo, and every item viewed on a news feed feature of the Xiaomi software. That tracking appeared to be happening even if he used the supposedly private “incognito” mode.
Gabi Cirlig
But there’s more, it gets worse.
Cirlig thinks that the problems affect many more models than the one he tested. He downloaded firmware for other Xiaomi phones—including the Xiaomi MI 10, Xiaomi Redmi K20 and Xiaomi Mi MIX 3 devices. He then confirmed they had the same browser code, leading him to suspect they had the same privacy issues.
FORBES
What Does Xiaomi Say About This?
According to Xiaomi, Cirlig’s findings are “untrue” – it says the data is encrypted before it is transferred. But Cirlig says this is not the case, and he has the videos to prove it. Furthermore, Xiaomi says it is not doing anything wrong.
Cirlig disagrees because the nature of the data collected by Xiaomi – things like unique numbers for identifying the specific device and Android version – could be used to identify the identity of the phone’s owner with ease.
Xiaomi also stated that users had “consented” to what it was doing. This is debatable. If what Xiaomi is doing is buried in its phone’s T&Cs, you’ll want to read each and every word of it before using the phone properly, rather than just clicking YES when it asks for your consent.
Still, even if it does have your consent – knowingly or not – what Xiaomi is doing is NOT ethical. Apple, Google, and Microsoft do not do this. And this would be another reason, if you need another one, to not use Chinese-made phones over those made and controlled by American and European companies.
Xiaomi also denied that browsing data was being recorded when using browsers like DuckDuckGo and Chrome’s Incognito mode. According to Xiaomi, this data is not recorded and/or shared. But two independent researchers again showed that this was not the case – Xiaomi was recording and extracting browsing data, regardless of what browser the user was using.
Sensors Data – The Company That Analyzes YOUR Data
Once you have reams of data, you need someone to analyze it – someone to sift through the terabytes of files and web searches to spot trends. And this is where behavioral analytics companies come into play. Xiaomi uses a company called Sensors Analytics to analyze and spot trends in the data it collects on its users. Xiaomi says it just wants to better understand its customers. But the entire thing stinks if you ask me.
Both Cirlig and Tierney found their Xiaomi apps were sending data to domains that appeared to reference Sensors Analytics, including the repeated use of SA. When clicking on one of the domains, the page contained one sentence: “Sensors Analytics is ready to receive your data!” There was an API called SensorDataAPI—an API (application programming interface) being the software that allows third parties access to app data. Xiaomi is also listed as a customer on Sensors Data’s website.
Following on from Cirlig and Tierney’s report, Xiaomi has made some changes to the way it collects data. The company did an entire blog post outlining its new data collection policies. And it now offers users the ability to opt out of having their web searches and browser data sent off to private analytics companies.
But this ONLY happened because Xiaomi got caught with its hand in the cookie jar. If it hadn’t been caught out, it’d still be doing it. In Xiaomi’s view, it hasn’t done anything wrong and never did. That doesn’t sit well with me. And in times like these, you’re always just better off going with a company that has a more ethical stance on privacy like Apple.
If you want a cheap, reliable phone – that doesn’t spy on you – get yourself a
Or, if you’re after something more budget-friendly but new, go with one of Samsung’s A-Series Galaxy phones. They’re brilliant options with great specs, battery life, and software. And because they’re Samsung phones, you’ll get three years’ worth of Android updates – something you DEFINITELY won’t get with a Xiaomi phone.
Richard Goodwin
Richard Goodwin has been working as a tech journalist for over 10 years. He is the editor and owner of KnowYourMobile.