Leading smartphone manufacturer Xiaomi has been accused of collecting browser data from their smartphone users, even on 'Incognito Mode'.
Security researchers White Ops, in a report published on Forbes, found that the Redmi Note 8 device was siphoning user data from web browsers -- the default browser as well as the Mint Browser -- that were encrypted using the 'base64' format.
The same vulnerability was found on Xiaomi's Mi 10, K20, and Mi Mix 3.
The data, after collection, were stored in an Alibaba server used by Xiaomi.
The main issue raised by the security researchers was that although Xiaomi's collected data did not directly breach privacy or safety standards, the data might help "map" a user based on their smartphone usage practices.
However, similar accusations have been levied against other technology giants like Google and Apple, for collecting data on users that were then analysed to map user preferences.
In response to the Forbes report, Xiaomi has responded describing their stand as being 'misrepresented'.
When contacted, spokespersons at Xiaomi Bangladesh shared a statement from Xiaomi which did not deny aggregating the data, but went on to explain how they were keeping specific user info anonymous and encrypting the process in order to protect their privacy, which is an acceptable global standard practice.
The statement also shows screenshots of how the data is processed, and promises to deliver updates (which is currently available on the app store) where any user can opt out from the aggregate data collection.