Are Xiaomi web browsers a security risk?

Is it possible to perceive Xiaomi’s pre-installed browsers as a real risk that even monitors our behavior and stores data about it? There has been a debate for a long time about whether Mi Browser Pro and Mint Browser should be on your phone and used.

Safety first

I first met with criticism from a Chinese web browser about a year ago. An article from Forbes, which had just come to conclusions about the security risk, caused quite a stir at the time. The bottom line is that the browser can back-extract its own history and send this data to Xiaomi’s servers. The company, of course, reacted negatively. In her opinion, the entire browsing is anonymized and cannot be paired with the owner of the phone and his behavior.

During the year, when more serious reservations about Xiaomi emerged in this regard, no security remedy was allegedly taken to protect privacy. What’s worse is that it looks just like Xiaomi is heading for similar practices as some Chinese companies. This should also affect their payment gateway and the company sends the data obtained in it to its servers.

Published behavioral analysis shows the application that web browsers can monitor our activity. They have access to it and can export it off-site for analysis. This would be an even less harmful consequence if the goal was to detect behavior and then offer advertising based on my preferences. Of course anonymously. Although this behavior is not welcome either, it does happen in practice.

An analysis or mapping of my behavior on the website could not be eliminated even by the incognito function, although Xiaomi offers it. She could be turned on, but she didn’t really offer what she was supposed to do. Thus, the browser mapped and kept history despite the Incognito feature turned on. Tsubsequently, the company decided to change and already managed to announce that it will not store data in the Incognito mode. That’s a good news.

Xiaomi sees almost everything through the browser

Xiaomi can do it through her browser see what websites I look at, how long I stay on them, what videos I look for and what I download. Although the user’s anonymity is created at first glance through the ID and not through other defining characters, as shown in the analysis, such an ID character assignment is not a guarantee of security and the company can still pair a particular user with his account and thus with his browser history. And the only way to prevent this right now is to turn on Incognito and turn off Enhanced Incognito at the same time.. With this configuration and with the new version of the browser, surfing already looks truly anonymous, at least for now.

I know from personal experience that I hardly use diaphragm surveillance modes. So, even if some creator of the application incorporates into the interface the possibility of being anonymous, it is after a long criticism, always with the knowledge that most customers will not turn it on anyway and thus the acquisition of data from surfing will continue. There has been a long discussion about how many companies can access data. There will always be a new case, criticism will emerge, after months of crossing the border, it will hit the EU with a new regulatory instrument. However, not much will change in reality, the data is analyzed on a daily basis, stored and traded.

If you want to prevent this, at least in part, the built-in anonymization tools are a working element. In many cases, they seem real, not just a paper guarantee of privacy.