According to Follow the Money (FTM), Xiaomi smartphones are massively sharing users’ private data with the company’s Chinese servers. The Chinese government may have access to this data.
Xiaomi phones send data to servers in China
Three smartphone brands had a record year this year and Xiaomi is one of them. This manufacturer sells more phones than the year before and the manufacturer is also showing an upward trend in Europe. This is mainly because the company offers phones with strong specifications for a reasonable price. Still, according to Follow the Money, there is a catch.
The journalists of the Dutch independent news website have research done to Xiaomi phones and the way these phones handle users’ private data. They have started their investigation into this because of a warning from the Lithuanian government to its citizens about these phones. The journalists also wondered why the Dutch government had not taken a position on this.
This is what is going on according to FTM
FTM indicates that smartphones from the Chinese brand Xiaomi are massively sharing user data with the company’s servers; also the data of European users. The Chinese government may have access to this data. FTM adds: “Lithuanian researchers also found censorship software in a Xiaomi model. It is disabled for Europe, but can be turned on remotely. Dutch cybersecurity experts call for thorough research into these phones, but fear that the Netherlands will refrain from doing so – because of our economic dependence on China.”
The researchers then spoke extensively with cybersecurity experts at home and abroad, and with a Member of the European Parliament who has knowledge of these kinds of matters. In addition, they reviewed articles and reports on the matter.
Below are a few examples that cybersecurity expert Gabriel Cirlig has submitted to FTM:
- Xiaomi phones transmit all the surfing behavior on the built-in web browser in real time. As soon as you open a page or do a Google search, a message goes to Xiaomi’s servers – even after you turn on that so-called incognito, or private mode.
- The built-in news app forwards which articles you read and from which media they come. The built-in media player forwards the names of the songs and videos you play with it, online and offline.
- Xiaomi devices send you which apps are on your phone, when you use them, how long they are on your screen and when you send text messages.
- Censorship software on the phones censors information using keywords. This software is disabled for the European market, but can be activated remotely without the user noticing. Xiaomi Netherlands has previously confirmed to Androidworld that it does not censor communications from or to its users.
According to Cirlig, phones from Xiaomi, Huawei and Samsung transmit the most data, but Xiaomi goes a step further: “Xiaomi stands out because it collects the ‘most comprehensive data’ about user interaction with the device.” He also indicates that the phones will continue to forward data to Xiaomi’s servers if you have disabled this via an ‘opt-out’.
American tech companies are doing exactly the same, right?
In the United States, the government can force companies to share data, but that is not easy, explains Bart Groothuis. Groothuis is a Member of the European Parliament for the VVD and previously head of the Cyber ​​Security Bureau of the Ministry of Defence. “In the United States, it concerns legislation embedded in a democratic constitutional state, whereby every request from a service goes through the courts. Moreover, the US does not have an offensive espionage program running against the Netherlands. Countries such as China, Russia and Iran do.”
In China it is a completely different story. Companies are legally obliged to share user data with the government upon request. Follow the Money also emphasizes that China also has a weaker separation between private and government parties: “Within companies, for example, often a party committee present, to ensure that companies carry out the line of the Chinese Communist Party.”
The Belgian State Security Service indicates that every Chinese company, including Xiaomi, must share data with the government if it requests it. The service is in the Belgian magazine The time even more firmly: “Companies the size of Huawei, Xiaomi, Oppo and OnePlus have a Chinese Communist Party (CCP) party committee within the company. The job of such party cells is to ensure that the policies of the CCP are also adopted by the company. followed.”
Xiaomi collects more than others
FTM concludes that Xiaomi collects more and more sensitive data than other providers and that may not have a direct impact on the user as an individual, but it may have an impact on a larger scale. Cybersecurity expert Gabriel Cirlig on the danger of data sharing with Chinese servers: “People often only look at their own privacy. They often supposedly don’t care that their data is shared. But the danger does not even lie in an individual’s personal data , but from all the people in your neighbourhood, your street or your city. That bundled data can be used to influence public opinion and even elections in a country or region.” He cites Russian interference in the 2016 US presidential election as an example.
Xiaomi is going, following the findings of the Lithuanian researchers regarding the censorship software, do research. For the same reasons, Germany also has a research set to Xiaomi. FTM also received a response from the AIVD. You can find that comment under the article from FTM.
– Thanks for information from Androidworld.