Two days after the original report surfaced, Xiaomi India managing director Manu Jain has issued an official statement basis the allegations against Xiaomi collecting too much user data from its phones. According to the statement, which a company spokesperson shared with News18, Xiaomi India is claiming that any such claim is "incorrect and not true". It further goes on to say that its level of data collection is "similar to what any other browser does", and is no more than the end-user agreements that are prompted once a user opens each Xiaomi app on their phones.
The statement reads:
First and foremost, as an internet company, Xiaomi takes user privacy extremely seriously. Mi Browser follows similar protocols as any other leading browser in the world. It does not collect any user data that the user has not explicitly given permission or consent to. In incognito mode, all user data is completely encrypted and anonymised. Mi Browser will never know what you browse in incognito mode and can't identify you basis incognito browsing. The usage data that is logged is used to make your experience better. For example, if any website doesn't work or loads slowly, that anonymised data is used to make your browsing experience better and faster. This is similar to what any other browser does. Moreover, reputed and international third-party companies and organisation — TrustArc and British Standard Institution (BSI) — have certified the security and privacy practices of Xiaomi's smartphones and its default apps, including Mi Browser. Lastly, all Mi Browser and Mi Cloud data of Indian users is stored locally in AWS servers in India.
Earlier this week, an investigative report by Forbes quoted independent cyber security researcher Gabi Cirlig as claiming that the Mi Browser has a very frivolous level of data encryption, and collects way too much identifiable information, even in incognito mode. The report also claimed that the data was relayed to a remote server operated by Chinese internet giant Alibaba in Singapore, and was also shared with third party usage behaviour firm, Sensors Analytics.While Xiaomi had denied that it does such data collection practices, the report had opened up discourse around what Xiaomi does to the user data it collects from its massive user base in India. News18 can independently verify that while Xiaomi's proprietary apps do ask users for rather explicit data collection practices, it does give the user an option to opt out of it, and still be able to use the app. Going forward, it remains to be seen how this debacle affects Xiaomi as a brand, and whether this hits the brand image in a perceivable scale.