Chinese smartphone company Xiaomi is once again in controversy. This time the company has been accused of secretly sending all the data of users to remote servers located in Singapore and Russia. This data includes all kinds of activity on mobile. Security researchers claim that the Chinese company, which ranks at the top of the smartphone market in India and among the top 5 smartphone companies globally, is leaving loopholes in its phones to send data to remote servers hosted by Alibaba.

Forbes Reveals: According to a Forbes report, security researchers Gabi Sirgill and Andrew Tyranny have discovered several loopholes in Xiaomi’s phone. Which helps the company to get users’ data without any consent. Sirgil has come to know that his Redmi Note 8 was tracking all kinds of phone activities and sending them through remote servers hosted by Alibaba.

Intentionally Leaving Flaws in the Phone: Researchers claim that Xiaomi intentionally left some flaws in their phones to track users’ movements. Apart from browsing data, information about the folder and screen-swipe opened in the Redmi Note 8 phone mobile was also being recorded. It also includes a status bar and settings. The servers to which the data was sent are all hosted by the registered web in Beijing, where Xiaomi is headquartered.

Xiaomi refuted: Xiaomi has denied these claims. Responding to Forbes, the company said that users are very serious about privacy and security. However, it was reported that the company records anonymous browsing data to improve user experience. It also clarified that the data collected by the company is not shared with anyone.

• 15 million people have downloaded Xiaomi’s web browser.
• Flaws in these phones: Redmi and Mi series phones, Redmi Note 8, mi10, Redmi k20, mi mix 3.

Current drawbacks: The default web browser records the users’ history, even if users have opened the Incognito Mode in the browser. Information about folders and screen swipes opened in mobile is also reportedly recorded. It tracks all kinds of activity done on mobile.

Data gathering from the browser: According to Sirgil, we found that there are security flaws in almost every phone. In particular, the firmware of Redmi Note 8, Mi Redmi k20, mi mix 3 was found to be flawed. Tierney also found that both the browser and Browser Pro available on Google Play are collecting the same user data.