Xiaomi Phone, Are They Safe?

Just found this article talking about Xioami Mi 10T 5G. What do you think guys?

The Xiaomi device had some serious potential for not only security issues, but censorship through capture and transmission of “up to 61 parameters about the user’s actions on the phone.” In the Xiaomi Mi Browser (web browsing app on the phone in this analysis), a “Sensor Data API” tracked the following parameters (and more):

• Cookie Status,
• Search Optimization Switch
• Subscription
• User Tab Games
• User Tab News, User Newsfeed, First Enter NewsFeed Way
• Enhanced Incognito Switch, User Incognito Mode
• Personal Service Switch
• Clear History Switch
• Feature Report Switch
• History Sync
• Bookmark Sync
• No Track Switch
• Autocomplete Switch
• Browser Install Referrer
• APK Name
• EID
• Miui Region
• Log Mi Account
• Platform
• Experience Improve
• Feed Default Channel
• APP Boot, App Boot Third Party, First AppStart, First AppStart Third Party
• Protection Type
• Browser Ads
• Personalized Services, Miui Personalized
• Adblock Show Notification, Adblock Switch
• User Login, Facebook Notification, YouTube Signin
• User Click Interest
• User Push Agree
• User Checkbox 4G
• User Desktop Mode
• User Data Save Mode
• User Night Mode, User Dark Mode
• User Download Videos
• Icon Reddot Status
• Language Browser
• Log Mi Account

Full article can be found here https://www-slashgear-com.cdn.ampproject.org/v/s/www.slashge...

Comments

  • safe

    • NSA is currently snooping your data, so the issue with Chinese phone is that you potentially send additional data to CCP.

      I said potentially because snooping at client end is a lot more difficult than snooping at service/server level. Most of the API mentioned above is provided by Google

      • +3

        With that information shared between the Five Eyes. Better than China though… right?

        • +2

          if they make incorrect inferences about how dodgy you are based on the data they've scraped off you, which country can arrest you?

        • +3

          Fewer information leaked the better.

          Its almost impossible impossible to avoid NSA since they do things behind your back and they have superior snooping tech. I guess people get desensitised with it.

          Avoiding CPP snoop on the otherhand is easier if you don't live there.

          But I get that people don't care any more. If 5 people see you naked, what's the difference if there is another extra person.

          • +2

            @Indomietable: It was a rhetorical question. The fact is that no matter what direction you go there's going to be someone with access to your data. So it comes down to who you prefer.

        • Do you know that China is not like other secular democractic countries and its leaders are not elected by its citizns but by a party. This is the difference, no checks and balances is the issue with China.

  • +1

    as safe as Google and Apple - oh shit, wait.. ;-)

  • +1

    Not safe in Lithuania

  • +12

    Don't agree to the Xiaomi User Experience Program and don't use the Mi Browser..
    Simples.

    Even better, unlock the bootloader and install a Custom ROM without all the garbage in the first place.

    • +2

      So…essentially no, out of the box.

    • Is it possible that there are hardware level issues that installing a custom ROM won't resolve?

      • +2

        Yes it is possible. Just as it is possible for any Supply Chain Attack to be possible in any brand's gear.

        There's also a factor of accepting that there is no privacy when you use a Smartphone. You're leaking data all over the place!

      • There are proprietary device binaries, custom ROM still need those to work. Could be an issue.

        • Not really, they come from the component manufacturers not the device manufacturer.
          Xiaomi don't make the SoC or Camera Modules and have as much input into the binary blobs as any other assembler. (ie little to none, with the exception perhaps of Samsung, Apple and Google)

    • +1

      ∆ This, don't accept MIUI AI, get Firefox, and Global or EU ROM. Long term Xiaomi user yet anti-CCP poster (I know, bit of an oxymoron), I don't think I'm big enough to be on Winnie's radar… Else considering my posts and channel subscriptions, they would have taken me out years ago. Although I live in a predominantly ethnic suburb, could be under surveillance already 😏.

  • +1

    Wheres the article that lists all the data Apple and Google track about the users?

  • +7

    Oh noes! The CCP are tracking my meme viewing history. That Winnie the Pooh-esque Xi Jinping meme I liked will surely lower my social compliance score and I might not be allowed to enter West Taiwan…

    Seriously, if you are that worried, get a Google Pixel, Samsung Galaxy or an Apple iPhone and give all your private data to those companies instead.

  • +2

    don't use the xioami browser, use firefox

    what do you think happens when each time you use chrome? it is like serving your user data up to google on a silver platter

  • flash it with AOSP ROM

  • +1

    safer than Samsung

  • Nobody is safe from Maoist rules. Accept the fact, use cup and string for comms. There is a reason the retro Nokias are back!

  • +8

    XDA developers has a pretty good breakdown of what the code is and what it actually does

    https://www.xda-developers.com/xiaomi-secret-blacklist-expla...

    But the "too long, didn't read" edition is that

    • Per the NCSC‘s report, it’s alleged that Xiaomi smartphones download a file called “MiAdBlacklistConfig”, which contains a number of “titles, names, and other information of various religious and political groups and social movements”.

    • It says that there are 449 records in the MiAdBlacklistConfig file. It was reported that “when it is determined that such content contains keywords from the list, the device blocks this content. It is thought that this functionality can pose potential threats to the free availability of information.” The NCSC says that the file was found on a Xiaomi Mi 10T running MIUI Global 12.0.10.

    • Xiaomi has had major, major problems with the contents of advertisements in the past. In fact, the company pledged in 2019 to remove “vulgar” advertisements and prevent them from being shown to users. There are still occasional reports of vulgar and inappropriate advertisements getting through on Xiaomi devices, but it’s nowhere near as big of a problem as it once was

    • What does MiAdBlacklistConfig actually do — it blacklists unwanted ads and prevents them from being shown on the device.

    • This code is not active in phones the company sells in the European Union.

    The author, Adam Conway has tweeted that he would get in touch with the Lithuanian NCSC for further comment.

  • +3

    Nothing to worry about if you don't turn on mobile data and wifi ;-P Seriously, all this talk about "security" of Xiaomi phones is over rated and comes from the West's push to vilify everything about China. Google/Apple/Facebook etc has a history of dodgy behavior too, but you don't see them being bashed up quite as much do you?

  • +1

    No phone is safe

    • No phone is safe

      Having no phone is safe.

      Only burners.

  • +1

    I've been using them since around 2015 and am not dead yet. Nor have all my assets being stolen.

    So I would say yes, as safe as any other.

  • The fact you think you have privacy digitally or in any other place means you're way misinformed. Even if you don't post things publicly thinking you have some sort of hand in the control of your private data where right now it's being sold off as we speak to bots, govt agency's and faceless corporations who can look at you, no matter if you do/don't accept EVERY privacy policy on anything you sign or click yes for on your phone. You lost your privacy wayyy before mobile phones were invented….. Just live with it and move on…

  • Don't believe all the propaganda you read. Even this very night our govt is out dining with the Quad Squad of HATE.
    Even thing you read is hate hate hate. How safe is "Apple"? go on, ask yourself that!

Login or Join to leave a comment