Xiaomi would register millions of users without their knowledge

Xiaomi is in turmoil with a major controversy following the discovery, by the American researcher Gabi Cirlig, of a "Backdoor" or backdoor in his own phone, a Redmi Note 8. A news that may well make noise and which Donald Trump will probably not fail to seize, the American president multiplying the attacks against China lately.

Xiaomi transfers millions of users' data to Alibaba servers

Finding that his Redmi Note 8 was somewhat indiscreet about his habits, the security researcher Gabi Cirlig pushed his investigations a little and noticed that his smartphone recorded information such as open folders, its navigation through menus and settings, displays of its status bar, but it went even further when using the browser installed by default by Xiaomi.

To find out, Cirlig took turns using Google and DuckDuckGo search engines, and while the latter is all about confidentiality and privacy, his Redmi Note 8 continued to record all of its requests and the websites visited. Even in private browsing, or "incognito" mode, Xiaomi therefore collects information. The same goes for the music listened to or the news feed offered in the smartphone, the Chinese firm seems to be interested in everything.

"[…] This data would be grouped together then sent to remote servers located in Singapore or Russia and leased from the Chinese giant Alibaba" The Alexians

According to Forbes, who reveals the information in an exclusive article, all this data would be grouped together then sent to remote servers located in Singapore or Russia and leased from the Chinese giant Alibaba. The servers in question would point to web domains registered in Beijing and owned by Xiaomi.

other smartXiaomi phones concerned

Gabi Cirlig therefore looked at other models of smartphone and affirms that the Xiaomi Mi 10, Redmi K20 or Mi MIX 3 would do the same, the code of their browser being in all points identical, which suggests that many other models would be affected, not to say the entire fleet of the Chinese manufacturer.

At the request of Forbes, cybersecurity researcher Andrew Tierney also embarked on further investigations and discovered, in turn, that two Internet browsers offered by Xiaomi on the Google Play Store behave in the same way, in this case the Mi Browser Pro and the Mint Browser, collecting a considerable amount of information on its users, many according to the 15 million downloads displayed on the Play Store.

In addition to the transit of its data, which unfortunately is not only the responsibility of Chinese manufacturers, Cirlig clarified that its "Primary concern for privacy [was] that data sent to their servers can be very easily correlated with a specific user" since they would only be vulgarly encrypted in Base64, a very easily decipherable encoding based on 64 characters and that everyone is able to decipher the web in seconds.


Xiaomi denies claims by Forbes and US researchers

In response to Forbes allegations, Xiaomi said that "The research claims are false" and that "Confidentiality and security are major concerns" of the company, adding that its practice is "Fully compliant with local laws and regulations on matters of user data privacy", users who have previously consented to this data collection.

Indeed, Xiaomi does not completely refute these allegations and admits collecting data as Google also does on its Chrome browser, but specifies that they are anonymized and only serve to improve the user experience, which Cirlig context argues that the data he was able to consult was linked to the unique identifiers of his device and would therefore be relatively easy to trace to him.

Xiaomi, who would have gone well without this advertisement, explained at length, with supporting code, its way of collecting data in a blog post appeared a few hours ago, reiterating its position that “The privacy of our users and Internet security are of the highest priority at Xiaomi; We are confident that we strictly follow and fully comply with local laws and regulations. "

The Alexiens, for their part, will continue to offer you superb home automation tests embellished with beautiful photos taken with a Redmi Note 8 which, it must be admitted, presents an undeniable quality / price ratio.

Not available
August 10, 2022 9:49 a.m.
Amazon. Fr
Fascinated by Alexa since the day I received it in beta test, I gradually became passionate about the subject, before deciding to go further by creating a site with Jean-Christophe. An activity that allows me to quench my thirst for new technologies and share my discoveries about the nicest of communities: Les Alexiens.