If youβve ever wondered why ads on your Xiaomi smartphone suspiciously accurately reflect your latest searches or websites visited, the answer is simple: the company actively collects data about your activity. Unlike Apple or Google, where analytics collection is at least partially regulated by EU laws, Chinese manufacturers often operate by their own rules β and Xiaomi is no exception.
According to independent research (including Forbes and Kaspersky reports), Xiaomi devices not only transmit technical telemetry (such as battery or overheating data) to the companyβs servers, but also information about browser activity, applications used, and in some cases even geolocation and call logs, not only for smartphones, but also for smartwatches, routers, TVs and other brand equipment. In this article, we will examine what data Xiaomi collects, how it works at the system level, and how to completely disable surveillance from standard settings to radical methods like custom firmware.
What data Xiaomi collects and where it goes
In official documents, Xiaomi claims to collect data solely to βimprove the user experience.β However, analysis of device traffic (such as by Cure53 experts in 2020) showed that the actual amount of information transferred is much wider.
- π± Device identifiers: IMEI, MAC-Addresses, serial numbers β even if you are not logged in to Mi Account.
- π Geolocation: Coordinates GPS, data on Wi-Fi connected networks (including: SSID) cell towers.
- π Browser activity: History of visited sites (in Mi Browser), search queries, time spent on pages.
- π Application usage: List of installed programs, frequency of their launch, time of use.
- π Call logs and SMS: Numbers, duration of conversations, metadata of messages (in some regions).
- π Technical telemetry: Battery condition, processor temperature, system errors.
Where does this data go? Xiaomiβs main servers are located in China (api.mi.com domains, data.mi.com), Singapore, and India, and according to the Internet Society, some traffic can be routed through third-party servers, such as Xiaomiβs advertising partners. Itβs important to note that even if you donβt collect data in the settings, some modules (such as MiuiDaemon or AnalyticsService) continue to work in the background.
β οΈ Note: Xiaomi was fined in 2021 by the governments of Lithuania and the Netherlands for illegally collecting user data.The company pledged to make changes to its privacy policy, but independent tests show that analytics collection is ongoing, just became less visible.
Standard privacy settings: what can be turned off without root
If you're not ready for radical measures like flashing, try turning off data collection through standard settings first. Most options are hidden in the Settings β Privacy menu (newer versions of MIUI - Settings β Passport Mi β Privacy).
Disable Advertising Personalization in Mi Account
Prohibiting the sending of diagnostic data
Disable "Improving Mi Browser" and synchronize history
Remove geolocation permissions for system applications
Reset your advertising ID (in Google settings)
-->
Let's take a closer look at each item:
- Ad personalization: Go to Settings β Google β Advertising and turn off the option βPersonalized Ads.β Also go to Settings β Passport Mi β Privacy β Ad Personalization and deactivate all toggles. This will not stop data collection, but will reduce the amount of targeted advertising.
- Diagnostics and Analytics: In the same Privacy section, disable: π "Sending of usage data" π§ "Diagnostics of the system" π "Network Improvement (sends Wi-Fi connected data) These options may be called differently depending on the version. MIUI.
- Browser and Search: If you use the standard Mi Browser, go to its settings and disable it: π "Quick Search (Sends Requests to Xiaomi Servers) π "Synchronization of history and bookmarks" π "Location determination"
It is better to remove Mi Browser altogether and install an alternative like Firefox Focus or Brave.
Permissions for system applications
Settings β Applications β Permissions Management
- MiuiDaemon
- AnalyticsService
- MSA (Mi System Ads)
- Mi Push Service
For more secure locking, use a filtered VPN, such as ProtonVPN or Windscribe have built-in tracker blockers, and the alternative is to set up a Pi-hole on your home router to filter all device requests on the network.
β οΈ Note: Blocking Xiaomi domains may disrupt some features, such as software updates, Mi Cloud synchronization, or push notifications. SMS If calls are not working, check if you have blocked critical servers (e.g. sms.mi.com for messages).
Radical methods: custom firmware and debloating
If you are willing to go to extreme lengths, the only way to remove surveillance is through custom firmware or debloating (removing Xiaomi system applications), which requires unlocking the bootloader and the rights of the superuser (root), which voids the warranty and can lead to a device βbrickβ.
Here are the main options:
- π± LineageOS: Pure Android without Xiaomiβs proprietary services. supports most models, but may not support some features (e.g., some of the features, IR-blaster).
- β‘ Xiaomi.eu: Modified MIUI It retains all the features of the original firmware, but requires weekly updates.
- π§ Debloater Scripts: Remove Xiaomi System Applications via ADB Examples: Universal Android Debloater, Xiaomi ADB/Fastboot Tools.
- π‘οΈ Magisk modules: Modules like DisableMIUI or NoTrack block telemetry at the core level.
- Exodus Privacy Tool: Download APK Check which trackers are built into them (for example, MiPush) SDK An example of a NetGuard log that points to surveillance is com.miui.analytics. β data.mi.com (104.112.115.117) com.xiaomi.ab β api.ad.xiaomi.com (45.113.192.101) If you see such connections after all the settings, then some services continue to work. π‘Even after all settings are turned off, some Xiaomi models (especially those on Chinese firmware) continue to send data through hidden channels, the only reliable way to do so is by customizing firmware or completely replacing the device. Many users try to disable Xiaomi surveillance, but make mistakes that reduce efforts to nothing. Here are the most common mistakes: β Disabling only "Personalization of Ads": This doesn't stop data collection - it just becomes less targeted. Xiaomi still gets information about your activity. β Use of the VPN lock-free DNS: Many VPN block out DNS-So, you can get Xiaomi domains bypassing the tunnel. DNS. β Removing system applications without backup: Deleting com.miui.home or com.android.settings can make the device inoperable.Always make a backup in the backup TWRP before-debloating. β Ignoring updates after debloating: Xiaomi can restore remote applications through OTA-Update: Turn off automatic updates or use OTA Updater for manual control. β Buying a βglobalβ version with Chinese firmware: Many sellers sell devices with Chinese firmware MIUI You're going to look global. Check the firmware region in Settings. β The phone. β Version. MIUI (must be "Global" or "EEA"). To avoid these errors: Always check the firmware region before buying (Chinese versions collect more data). Use the lock list for a firewall (for example, this repository contains rules for blocking Xiaomi trackers). Before removing system applications, examine their dependence (for example, com.xiaomi.finddevice is associated with geolocation services). After debloating, turn off the automatic installation of applications in the Google Play settings. FAQ: Questions: Can you turn off Xiaomiβs surveillance without root. Standard privacy settings and DNS locking will reduce data collection, but some system services (such as MiuiDaemon) will continue to work. You need root or custom firmware to completely shut down. Will Mi Cloud work after the bootloader is disabled? Yes, Mi Cloud will work, but some features (such as synchronizing notes or backup) may require enabled analytics. If Mi Cloud services stop syncing, check the settings in Settings β Passport Mi β Mi Cloud. Can you return the warranty after you unlock the bootloader? There is no official modification of the model, however, you can hide the traces of the service from the loading. According to Privacy International, the least data is collected by Android One devices (e.g. Xiaomi Mi). A3) and models for the European market (firmware) EEA). It is also worth paying attention to POCO β Xiaomi sub-brand, which has fewer proprietary services. What if notifications stopped coming after blocking? Chances are you blocked Xiaomi push notification servers (push.xiaomi.com) To fix: Allow traffic for com.xiaomi.xmsf (Mi Push Service) in the firewall. Or add an exception for push.xiaomi.com domain in the blocker DNS. If notifications are not restored, check the settings in Settings β Notifications β Settings of push notifications.