Do you have a Chinese-made Xiaomi phone?

If so, you should be aware that there is a security issue.

According to research conducted by Forbes, the Mi Browser that comes built into the phone sends your internet searches to Xiaomi servers located in both Russia and Singapore.

Worse, it sends search data associated with incognito browser sessions. Worst of all, it includes enough data to allow the company to single out individual users for detailed tracking.

Their phones track most of your activities

It's not just the browser though. The phone tracks a wide range of user activities, including what folders a user opens, all of the screens a user views, the configuration settings, and even what songs a user plays using Xiaomi's built-in music app.

In addition to that, the company makes a lightweight browser called "Mint" which has been downloaded more than fifteen million times, according to Google Play Store statistics. A separate line of research also revealed that it exhibits the same tracking behavior.

All of this was carefully documented and verified by speaking with company officials before being written about in Forbes. Xiaomi's senior management was not amused.

Xiaomi responded with a video rebuttal and a lengthy blog post

"Xiaomi was disappointed to read the recent article from Forbes. We feel they have misunderstood what we communicated regarding our data privacy principles and policy. Our user's privacy and internet security are of top priority at Xiaomi; we are confident that we strictly follow and are fully compliant with local laws and regulations. We have reached out to Forbes to offer clarity on this unfortunate misinterpretation."

In response, the researchers behind the piece tweeted proof, taking screenshots of the tracking code indicating the exact search term used in the test.

Our perspective

So far, Xiaomi has not responded to the evidence, but the bottom line is that the researchers appear to be spot on. There's little the company could say to refute the overwhelming evidence provided. Be mindful of that if you have a Xiaomi phone.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~


Meanwhile, check out this report

This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid IT and communications solutions for smaller insurance brokerages, financial services, and accountancy and law firms in Ventura County and San Fernando Valley. I have created cost-effective personal service automation solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with business and professional associations to provide small business technology education programs.

Contact me if you would like me to speak at your association