Xiaomi China Government Censorship List Discovered In Mi 10T 5G
The Xiaomi device had some serious potential for not only security issues, but censorship through capture and transmission of "up to 61 parameters about the user's actions on the phone." In the Xiaomi Mi Browser (web browsing app on the phone in this analysis), a "Sensor Data API" tracked the following parameters (and more):
• Cookie Status,
• Search Optimization Switch
• Subscription
• User Tab Games
• User Tab News, User Newsfeed, First Enter NewsFeed Way
• Enhanced Incognito Switch, User Incognito Mode
• Personal Service Switch
• Clear History Switch
• Feature Report Switch
• History Sync
• Bookmark Sync
• No Track Switch
• Autocomplete Switch
• Browser Install Referrer
• APK Name
• EID
• Miui Region
• Log Mi Account
• Platform
• Experience Improve
• Feed Default Channel
• APP Boot, App Boot Third Party, First AppStart, First AppStart Third Party
• Protection Type
• Browser Ads
• Personalized Services, Miui Personalized
• Adblock Show Notification, Adblock Switch
• User Login, Facebook Notification, YouTube Signin
• User Click Interest
• User Push Agree
• User Checkbox 4G
• User Desktop Mode
• User Data Save Mode
• User Night Mode, User Dark Mode
• User Download Videos
• Icon Reddot Status
• Language Browser
• Log Mi Account
Analysis suggested that the Xiaomi device had the technical capability to "censor the content downloaded to it." A list of keywords and phrases appear in the phone in a list in Chinese characters. Some examples of keywords and phrases included in the list (translated here to English):
• 89 Democracy Movement
• Islamic League
• Front of Religious Believers
• Free Tibet
• Women's Committee
• Voice of America
• Palestine Liberation Organization
• People's News
• Christian Charismatic Mission
This study showed data being sent to China from built-in apps like Security, Mi Browser, Cleaner, MIUI Package Installer, Themes, Music, and Downloads with "MiAdBlacklistConfig."
"We found that the content filtering function was disabled on Xiaomi phones sold in Lithuania and did not perform content censorship, but the lists were sent periodically. The device has the technical capability to activate this filtering function remotely at any minute without the user's knowledge and to start analyzing the downloaded content," said Dr. Tautvydas Bakšys, researcher at the National Cyber Security Center at the Lithuanian Ministry of National Defence. "We do not rule out the possibility that the list of blocked words could be compiled not only in Chinese but also in Latin characters."
- Prev
- Next
