The smartphone maker has begun rolling out an update to its Mi Browser/Mi Browser Pro (v12.1.4) and Mint Browser (v3.4.3) after concerns were raised over its practice of transmitting web browsing histories and device metadata to the company servers.
The new privacy setting now allows Mi Browser users to disable aggregated data collection feature while in Incognito Mode, but it bears noting that it's not enabled by default.
The option can be accessed by tapping the settings icon in the browser > Incognito mode settings > and then disable 'Enhanced incognito mode,' as shown in an attached screenshot below.
In response to the report, Xiaomi claimed there were "several inaccuracies and misinterpretations about our process for browser data collection and storage," and that does not collect any data without permission from the user. It added all data is "aggregated and cannot alone be used to identify any individual."
Cybersecurity researcher Andrew Tierney, who investigated the data sniffing alongside Cirlig, refuted Xiaomi's response over the weekend, stating "they attach UUID to my requests which persists over at least 24 hours," and that "this is close enough to an 'individual.'"
To be noted, the company still continually collects the same activity data when browsing in normal (non-incognito) mode, and there's no proper way to disable it.
"We believe this functionality, in combination with our approach of maintaining aggregated data in a non-identifiable form, goes beyond any legal requirements and demonstrates our company's commitment to user privacy," Xiaomi said in an update.