The findings were revealed by internet security researcher Gabi Cirling during an exclusive interview session with Forbes. Cirling’s suspicion began with the Redmi Note 8 used. He suspects the smartphone is collecting data. “This is a backdoor with a telephone function,” he said. In his research, Cirling found the default Redmi Note 8 browser to record everything that was visited, the folder that was opened, the screen that was swiped, the status bar and the settings page. All that is still done even though the user uses incognito mode. Cirling had investigated the default browser on the Mi 10, Redmi K20 and Mi Mix 3 the results were the same. He also found collected data sent to Xiaomi’s servers in Singapore and Russia even though the site’s own domain was registered in Beijing. Meanwhile, Forbes asked internet security researcher Andrew Tierney to carry out a similar investigation. The results are not much different. Tierney considers this a serious problem because it can affect millions of people. Because Xiaomi is one of the top mobile vendors in the world. Upon these findings, Xiaomi has provided clarification. Through the official blog, they denied the allegations about the collection of user data. It was emphasized that user privacy and internet security were their top priorities. Xiaomi also believes that it has followed local regulations. All data collected is based on permission and consent given explicitly by its users. Apart from that, the whole process is anonymous and encrypted. The data collection itself is used for internal analysis. They guarantee not to link personal information. “This is a common solution adopted by internet companies around the world to improve the overall user experience of various products while maintaining user privacy and data security,” Xiaomi wrote. Regarding sending data to Singapore and Russia, Xiaomi said it was using a public cloud that was public and well known by the industry. “All information from services and overseas users is stored on servers in various foreign markets where privacy protection laws and regulations are strictly adhered to and fully complied with,” concluded Xiaomi.