Norton's Privacy Report on the Mi Fit
Anyway, what got me into writing this post was the privacy report produced by Norton Mobile's Security and Antivirus on the Mi Band's accompanying application, the Mi Fit, stating that the app actually shares the list of apps I have installed on my phone with the developer at an unknown location (presumably to either one of their data centres located in Singapore or Beijing, China).
My initial reaction was that I might have downloaded a compromised version of the app from Xiaomi's very-own Mi Market app store but upon reinstalling it back from Google's Play Store, Norton Mobile is still reporting the same on Mi Fit's privacy risk. Needless to say that this is a serious breach of privacy as even their policy did not detail on the sharing of installed apps info.
Why stop at only your personal data when they can have more
Yes, it is clearly stated in the privacy policy that Xiaomi collects both personal (used in identifying you) and non-personal data but compiling what other apps you are using on your phone is clearly not one of them. Another interesting find is that Xiaomi is consented to collect info of the person you are sharing your stats with so best to stop sharing immediately for your friend's privacy sake.
A breakdown of the various non-personal data being collected
The statement, "We use statistical data that does not specifically identify you..." regarding the non-personal data being collected is not that reassuring whether your movements will be tracked by Xiaomi especially when they know your occupation, what phone model you are using and it's contents, where you are living or working and what websites you are visiting from IP addresses.
24/7 camera access to snap your profile picture... Seriously?
Among the ways that you can mitigate the privacy risk should you wish to continue using the app is by opting-out of the User Experience Program and to Greenify it. Some suggested to not grant it permissions to access your camera, location, phone and storage but that will only lead the app to constantly bug you in re-enabling it. If you can tolerate the regular reminders, just turn it all off.
The deluge of accesses by Mi Fit as detected by NoRoot Firewall
Hope that the Mi Fit app developers quickly address the issue raised by Norton Mobile but even if they are to turn a blind eye on it, who are we to blame them as we clearly consented to their User Agreement and Privacy Policy before we are able to use the application. Guess that the best we can do right now is to hope our mined info will not be misused or to simply remove Mi Fit forever.
Would love to know how it fares today....in 2020
ReplyDelete