Xiaomi defended its privacy practices following an accusation it collected browsing data from users and sent this to servers in China, stating the practice involved anonymous information and was common practice in the industry.

In a statement, the vendor said it reviewed claims made in a Forbes article and “believes the reporting to be misrepresentative of the facts”. It noted all data collected is based on consent given explicitly by users, with the information aggregated so it cannot be used to identify an individual.

Xiaomi responded after a security researcher working with Forbes claimed the manufacturer recorded users’ personal data from embedded browsers on its devices and sent this to remote servers rented from Alibaba. The report claimed data, such as web searches, was collected even when browsers were in the supposedly private “incognito” mode.

The vendor noted information is hosted “on a public cloud infrastructure that is common and well known in the industry.”

“All information from our overseas services and users is stored on servers in various overseas markets where local user privacy protection laws and regulations are strictly followed and with which we fully comply.”

Quick update
The company later added it appreciated the researcher’s “engagement”, and swiftly moved to implement updates to its Mint Browser and Mi Browser offering users the ability to choose whether the data was collected or not.

The updated browsers were made available on Google Play today (4 May).

It added the move was part of its efforts to strengthen the control users have “over sharing their own data with Xiaomi”.

“We believe this functionality, in combination with our approach of maintaining aggregated data in non-identifiable form, goes beyond any legal requirements and demonstrates our company’s commitment to user privacy.”