The data was being compiled and sent to remote servers in Singapore and Russia hosted by web domains registered in Beijing.
India’s top-selling smartphone brand, Xiaomi, has reportedly been accused of recording the data of millions of its users, raising privacy concerns.
Cybersecurity researcher Gabi Cirlig discovered that his Redmi Note 8 was ‘watching much of what he was doing on his phone’. The smartphone apparently tracked the user behaviour and sent data to remote servers hosted by another Chinese firm, Alibaba, reported Forbes.
While investigating, Cirlig further found that the default Xiaomi browser recorded all the websites that were visited on the device. This also included search activities on Google and privacy-focused DuckDuckGo. Cirlig also noticed that the device tracked his activities even when he was supposedly using the incognito mode — a setting that prevents browsing history or cache from being stored.
Furthermore, the device was also found tracking and recording other tasks and activities like the folders being opened, the various screens that were being swiped, etc. The data was being compiled and sent to remote servers in Singapore and Russia hosted by web domains registered in Beijing.
Another cybersecurity researcher Andrew Tierney found that other Xiaomi browsers — Mi Browser Pro and the Mint Browser — listed on the Google Play Store were collecting similar data.