When Gabi Circlig joked about his new Xiaomi phone as a backdoor equipped with a phone’s function, he was actually half-joking. It seems like he does have proof and insights that he shared with Forbes which identified Xiaomi phones as potential privacy invaders. 

Cirlig first made this discovery on his own Redmi Note 8 which was monitoring his phone activities. The data gathered from these activities are being sent to Xiaomi’s rented server in Alibaba, another well-known Chinese tech company.

Cirlig then furthered his investigations by checking out the web on the phone’s default browser. Surprisingly, there was a record of all the websites he had visited which includes search engine look-ups including Google, and a more privacy-oriented browser DuckDuckGo.

Unnerving still is how there were online activity records even during incognito mode. This, of course, leads Cirlig to assume that his identity and private life were being exposed to Xiaomi. 


Where does all these data go?

According to the report, they are being sent over to remote servers located in Singapore and Russia on domains originally registered in Beijing. 

Andrew Tierney, a cybersecurity investigator, was called to do additional research on the matter. This led to further results that apps developed by Xiaomi — which includes Mi Browser Pro and Mint Browser — were collecting similar data. 

In depth investigations led Tierney to download firmware for various Xiaomi phones — the Mi 10, Redmi K20, as well as Xiaomi Mi MiX 3. They were all verified to contain the same browser codes which leads to suspicions that they were all breaching the same privacy issues. 

Xiaomi denies the data privacy issue

Xiaomi said that the data was being encrypted when transferred in order to protect user privacy. Using a form of simple encryption known as base64, Cirlig was able to decode bits of hidden information. He notes that it can be further traced back to the actual user. 

The Chinese company proceeds to defend that these claims are untrue; that privacy and security were always a top priority for them. However, a spokesperson actually confirmed that it was collecting browsing data, but insisted that anonymity was being maintained. He also added that it’s done with consent as users have opted-in to get tracked. Meanwhile, Xiaomi denied that they were able to ‘spy’ through incognito mode.


On top of tracking web browsing activities even on incognito mode, Cirlig has also discovered that Xiaomi’s Music app records the songs he’s playing and the time he listens to it.

To Cirglig and Tierney, this kind of behavior showcased by Xiaomi seems much more invasive than browsers like Google Chrome or Apple Safari. 

Why does Xiaomi collect data?

Then again, Xiaomi has another excuse for collecting data: to better understand their customers’ behavior. This is done through the service of Sensor Analytics, a behavioral analytics company.

True enough, Cirglig and Tierney were able to find apps that were transferring data towards domains which seem to pertain to SA. The frequent appearance of the SensorDataAPI was also found.

This is the second time — within two months — that one of the biggest technological names in China were spotted to have been spying on users’ phone activities.

However you want to believe it, it only goes to say that one must be wary of how they use their phone and its applications. Again, extra precautions when protecting one’s identity and personal information must be practiced at all times — not just by those who are using the Xiaomi products. 

UPDATE: To address the issue, Xiaomi has published an explanation regarding their privacy policy.

Join the Conversation


Your email address will not be published. Required fields are marked *

  1. Hai naku… When your losing your money to other cellphone like this brand they put a alot of trash so they wont buy… the truth hurts Xiaomi is one best phone you can buy and that actual selling quality rather buying brands and name .

    1. Not so fast, Xiaomi may be a great phone brand. But I find the ones from BBK Electronics to be a little better (which carries Oppo, OnePlus, iQOO, Vivo), even though those tend to be is a bit more expensive.

      1. Sorry, I didn’t mean to literally say “not so fast”. I wasn’t aware that I could not actually edit my reply 😂 But yeah, that was my opinion for the other ‘affordable’ brands. The Motorola Edge series is also pretty decent too in terms of affordability of certain features that some users may wish to have (which might include the privacy that some people could be looking for, though I’m not too certain with their practices)

  2. Lahat ng mga sumisikat na mobile brands ay ginagawan ng issue ayaw nila na matalo ang ipone nila😂😂😂mga buang na tao yan🤣🤣🤣. Pag bumagsak na nman yan isususnod na naman nila gawan ng issue ang vivo at oppo😂😂.

  3. Lahat ng mga sumisikat na mobile brands ay ginagaean ng issue ayaw nila na matalo ang ipone nila😂😂😂mga buang na tao yan🤣🤣🤣.

  4. Demolition job, whoever paid that person to put this out is shameless.