Following recent allegations of surreptitious data mining through its Mi Browser Pro and Mint Browser apps, Xiaomi has started rolling out updates to both, offering users an option to turn off data collection when in incognito mode.
In a post on its official Mi blog, the company said: “Given our goal of providing world class secure services and products to all users, our next Mint Browser and Mi Browser software update will include an option in incognito mode for all users of both browsers to switch on/off the aggregated data collection, in an effort to further strengthen the control we grant users over sharing their own data with Xiaomi”.
The research, which was undertaken by cybersecurity researchers Gabriel Cirlig and Andrew Tierney in association with Forbes’ cybersecurity analyst, Thomas Brewster, started when Cirlig noticed that his Redmi Note 8 was sending an inordinate amount of data to remote servers operated by Chinese tech giant, Alibaba.
According to the researchers, the transmitted data included the users’ complete web-history, including URLs, search engine queries and all items viewed on Xiaomi’s news feed, along with device metadata, even with ‘incognito mode’ enabled on the browsers.
While the information was being encrypted before being transferred, it was encoded in base64, which can easily be decoded and traced back to the user in what could be a massive threat to user privacy.
Xiaomi’s decision to acknowledge the problem and issue an update is in direct contrast to its earlier stance, when it had refuted all allegations, with the company’s Global VP, Manu Kumar Jain, saying that “all Mi internet products are 100% safe”. The company also released a statement, saying: “Our user’s privacy and internet security are of top priority at Xiaomi; we are confident that we strictly follow and are fully compliant with local laws and regulations. We have reached out to Forbes to offer clarity on this unfortunate misinterpretation”.