Live post: Evidence and statement in response to media coverage on our privacy policy

Live post: Evidence and statement in response to media coverage on our privacy policy
Spread the love

Updated at 00:05, May 2, GMT+8, in Beijing

Dear readers, 

We at Xiaomi hope you and your loved ones are staying safe during this difficult time.

An article was published yesterday regarding Xiaomi’s privacy policy in which there are several inaccuracies and misinterpretations about our process for browser data collection and storage. We are providing important clarifications with backup documentation below that supports our position.

Xiaomi’s statement in response to a Forbes article published April 30 (UK):

“Xiaomi was disappointed to read the recent article from Forbes. We feel they have misunderstood what we communicated regarding our data privacy principles and policy. Our user’s privacy and internet security is of top priority at Xiaomi; we are confident that we strictly follow and are fully compliant with local laws and regulations. We have reached out to Forbes to offer clarity on this unfortunate misinterpretation.”

The following provides detail on how Xiaomi collects data and protects user privacy:

There are two types of data collection:

1..Collection of aggregated usage statistics data – Data (such as system information, preferences, user interface feature usage, responsiveness, performance, memory usage, and crash reports) is aggregated and cannot alone be used to identify any individual.

An example of usage scenario: The URL is collected to identify web pages which load slowly; this gives us insight into how to best improve overall browsing performance.

2..Syncing of user browsing data – An individual’s user browsing data (history) is synced when:

  • The user is signed in on Mi Account; and
  • The data sync function is set to “On” under Settings

An example of usage scenario: To provide users quick access to previously viewed websites when users switch between different devices after logging in to their Mi Accounts.

Under incognito mode, user browsing data is not synced, however, aggregate usage statistics data (mentioned in point 1 above) is still collected.

Below are screenshots to further demonstrate these points. 

  1. This screenshot shows the code for how we create randomly generated unique tokens to append to aggregate usage statistics; and these tokens do not correspond to any individuals.  
  2. This screenshot shows how the Mi Browser works under incognito mode, where no user browsing data will be synced.
  3. The following URL shows that the collected usage statistics data is stored on Xiaomi’s domain and we do not pass any data to Sensor Analytics. (MIUI is the operating system of Xiaomi’s devices).
  4. This image shows that usage statistic data is transferred with HTTPS protocol of TLS 1.2 encryption.

Below are four certifications Xiaomi received from widely acclaimed international third-party companies and organizations – TrustArc and British Standard Institution (BSI) – which have certified the security and privacy practices of Xiaomi’s smartphone and its default apps, including Mi Browser.

Details could be found here on Xiaomi Trust Center page.


ISO 27001 is a widely accepted and applied international certification standard for information security management system. This certification indicates that Xiaomi has implemented internationally recognized information security control measures defined in this standard


ISO 27018 is an international code of conduct that focus on personal data protection on cloud. This certification indicates that Xiaomi Cloud has a complete system for the protection of personal data.


ISO/IEC 29151:2017 is an internationally recognized guide for the personal identity information protection. This certification proves Xiaomi’s capabilities of information security guarantee and privacy data protection.


TrustTe enterprise privacy certification standards have combined the privacy compliance requirements of countries. This certification shows that Xiaomi has established a complete privacy compliance system and obtained internationally recognized privacy data protection capabilities.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *