Xiaomi’s Personal Data Access: What the Company Collects and How to Control It

Xiaomi’s smartphones and smart devices have become a part of the daily lives of millions of users around the world, but with usability, questions arise about what data the manufacturer collects, how it is stored and who can access it. In 2020-2023, the company has been the subject of scandals involving the transfer of user data to servers in China, which has caused concern among European and American regulators.

In this article, we will analyze in detail what information Xiaomi devices collect (from Redmi smartphones and other devices). POCO to the Mi Band smartwatches and routers, how this data is used, and most importantly, how to limit their collection through system settings, MIUI You'll learn which application permissions are critical to privacy, how to disable unnecessary telemetry, and what to do if you suspect a data breach.

We will pay special attention to the legal aspects: whether Xiaomi complies with the law. GDPR, What data is transferred to China and how it is consistent with local laws in Russia, the EU and other regions. MIUI for the Chinese and global markets – this information is rarely covered on the Internet, but is critical to understanding the real level of privacy.

What Personal Data Xiaomi Collects: The Complete List

Xiaomi devices collect data from several categories, and their volume depends on the model, the region of the firmware (CN China, Global/EEA Europe) and user settings: Here are the key types of information that a company accesses:

  • πŸ“± Device and system: IMEI, serial number, smartphone model, version MIUI, data about the processor, RAM and storage, list of installed applications.
  • 🌍 Location and network: data GPS, List of connected Wi-Fi networks (including: SSID and MAC-addresses), information on cell towers, IP-address.
  • πŸ‘€ Account and activity: Mi Account data (email, phone), authorization history, actions in branded services (Mi Cloud, Mi Home, Mi Fit).
  • πŸ“Š Telemetry and usage: application usage frequency, screen time, battery charging data, system errors (logcats).
  • 🎀 Multimedia: photo/video metadata (geoteges, shooting date), microphone recordings (for Xiao voice assistants) AI).

It's important to understand that even without your explicit consent, some data is transmitted by default. MIUI CN (Chinese version) send telemetry to Xiaomi servers bypassing privacy settings (MIUI Global/EEA) More loyal, but also collect data for analytics and targeted advertising.

According to a Forbes study (2021), Xiaomi smartphones transmitted data about users’ browsing (including websites visited) even in incognito mode, the company denied these allegations, but independent experts confirmed that some models sent hashed messages. URL Mi Browser and Mi Analytics servers.

πŸ“Š You knew that Xiaomi was collecting your location data even when you were in the GPS switched off?
Yeah, that's obvious.
I suspected, but I wasn't sure.
No, that's news to me.
I don't care.

Where and why your data is transferred: analysis of Xiaomi servers

Data from Xiaomi devices is transferred to several types of servers, depending on their purpose:

Type of dataAppointmentServers (domains)/IP)Storage region
Mi Account AccountAuthentication, synchronizationaccount.xiaomi.com, api.account.xiaomi.comSingapore, USA, China*
MIUI telemetryError reports, analytics.data.mistat.xiaomi.com, sdkconfig.ad.xiaomi.comChina, Hong Kong
Location (GPS/Wi-Fi)Geolocation services, advertisingapi.io.mi.com, sgp-api.io.mi.comSingapore, India
Mi Cloud Data DataBackup copies, photos, contactsapi.micloud.xiaomi.com, cloud.xiaomi.netUSA, Germany**

* For users from China, the data is stored on servers in mainland China (under the jurisdiction of local laws).

** For EU users, Mi Cloud data is stored in German data centers in accordance with the GDPR.

The main reasons for data collection are:

  1. Improved Services: Error Analysis Helps Correct Bugs in the Service MIUI, a data on application usage – optimise the interface.
  2. Targeted Advertising: User location and interest information is used to serve relevant ads in Mi Browser and branded apps.
  3. Legal requirements: In China, companies are required to provide data to authorities upon request (Cybersecurity Law 2017).
  4. Sync: Contacts, notes and photos are reserved in the Mi Cloud to recover when you change your device.

According to Xiaomi’s official privacy policy, the company said it did not sell personal data to third parties, but in 2022 Xiaomi was fined in the Netherlands for the use of the data. €525,000 for improperly collecting data on user behavior without explicit consent.

πŸ’‘

To check what data Xiaomi has collected about you, please send a privacy request.@xiaomi.com The company is required by law to provide an archive during the period of time. 30 days.

How to disable data collection: step-by-step instructions for MIUI

You can significantly reduce the amount of information you transmit through system settings. MIUI 12–14 (relevant to Redmi, POCO, Xiaomi):

β˜‘οΈ Disabling data collection in MIUI

Done: 0 / 5

Detailed instructions:

  1. Turn off personalized ads: Go to Settings β†’ Google β†’ Advertisements and deactivate Personalized Ads. Then go back to the basic settings and select Settings. β†’ Privacy β†’ Advertising where you turn off personalized recommendations MIUI.
  2. Disable access to the location: C Settings β†’ Privacy β†’ Permits β†’ Location Disable all apps except maps and navigators.Please note that even Mi Browser can request geodata to display local ads.
  3. Turn off the diagnostics. MIUI: Go to Settings. β†’ The phone. β†’ Reviews and diagnostics and deactivate the option to Send Error Reports. This will stop the transfer of system logs to Xiaomi servers.
  4. Remove unnecessary system applications: Apps like Mi Browser, Mi Video, Mi Music, and GetApps collect data about your activity and can be disabled or deleted through Settings. β†’ Annexes β†’ Application management (click on three dots in the upper right corner and select Show all processes).
  5. Limit access to Mi Account: In Settings β†’ Accounts. β†’ Mi Account β†’ Sync disable unnecessary options (such as syncing your browser or notes) and delete backups to Mi Cloud if you don’t use them.

For advanced users: if you are willing to sacrifice some features, you can completely block access to Xiaomi servers through a firewall or change. DNS. For example, add in /etc/hosts (root required) the following lines:

127.0.0.1 data.mistat.xiaomi.com


127.0.0.1 sdkconfig.ad.xiaomi.com




127.0.0.1 api.io.mi.com

What happens if you turn off all Xiaomi services?
Without access to servers, Xiaomi will stop working: - Push notifications in branded applications - Synchronization through Mi Cloud - Updates MIUI (You will have to install manually - Some functions of the smart home (Mi Home) However, the basic functions of the smartphone (calls, SMS, Third-party applications) will remain operational.

Comparison of firmware: CN vs Global/EEA β€” more private?

One of the key factors affecting data collection is the regional version of the firmware. Xiaomi releases three main types of data. MIUI:

  • πŸ‡¨πŸ‡³ MIUI CN (China: Designed for the Chinese market, collects the maximum amount of data, including system telemetry, browser history and even microphone recordings (for voice assistant). GDPR.
  • 🌍 MIUI Global: International version with moderate data collection, subject to local laws (e.g. EU restrictions) GDPR).
  • πŸ‡ͺπŸ‡Ί MIUI EEA (European Economic Area: The most "private" version, adapted to the requirements of the European Union, minimum telemetry, explicit consent to data collection.

Compare the key differences in the table:

ParameterMIUI CN (China)MIUI GlobalMIUI EEA (EU)
Telemetry of the systemOn by default, you can't turn offOn, but can be turned off in settingsDeactivated by default
Browser data collectionYes (including the story in incognito mode)Yeah, but with a notice.No (only with explicit consent)
GeolocationIt is constantly transmitted (even without it). GPS)Only when using the servicesOnly with the permission of the user
AdvertisingPersonalized, you can't turn it off.You can turn it off in the settings.Deactivated by default
Data storageServers in China (under the jurisdiction of local laws)Servers in Singapore/IndiaServers in Germany (for EU users)

If you buy a Xiaomi smartphone in Russia or CIS countries, most likely you will have a smartphone. MIUI Global or MIUI RU (To check your firmware, go to Settings β†’ The phone. β†’ Version. MIUI. If there is a name at the end CN β€” You have Chinese firmware.

How to move to a more private firmware?:

  1. Download the official ROM for your model from the site MIUI Downloads (select region) EEA or Global).
  2. Unlock the bootloader through the Mi Unlock Tool (requires a Mi Account account and wait 7-15 days).
  3. Install firmware via Fastboot or Recovery (instructions are available on the forums) XDA Developers or 4PDA).

πŸ’‘

Transition to MIUI EEA β€” The most effective way to reduce data collection without losing functionality, however, after the update, all settings will reset, and some services (for example, Mi Pay) may stop working.

Xiaomi Smart Devices: What Do They Know About You?

Smartphones aren’t the only Xiaomi devices that collect data. Smartwatches, fitness bracelets, routers, and even vacuum cleaners are transferring information to the company’s servers.

  • πŸ•’ Mi Band / Xiaomi Smart Band: Collects data on steps, heart rate, sleep, location (if enabled) GPS). It transmits information to the Mi Fit app, which syncs with Mi Account, and in 2020, it was revealed that Mi Band 4 sent unencrypted user data to servers in China.
  • πŸ“‘ Xiaomi Routers (Mi Router): Record the history of connected devices, MAC-Addresses, traffic (including visited sites if Parental Control is enabled) send usage statistics to Xiaomi servers by default.
  • πŸ€– Mi Robot Vacuum: Creates maps of your home to within centimeters, stored in the Mi Home Cloud, and can be shared with third parties (e.g. for marketing purposes) In 2021, Xiaomi patented the technology to use vacuum cleaner cards to target furniture advertising.
  • πŸ”Š Smart speakers (Mi) AI Speaker: They record voice commands and send them to the cloud for processing. Like Amazon Alexa or Google Assistant, these recordings can be listened to by moderators (according to former Xiaomi employees).

How to limit data collection to smart devices?:

  1. For Mi Band: In the Mi Fit app, disable Sync with Mi Account and Location Permission.
  2. For routers: In the administrator panel (192.168.31.1) disable Cloud management and Usage Statistics.
  3. For vacuum cleaner: In Mi Home, delete the stored room maps and turn off Cloud Synchronization.
  4. For speakers: in voice settings (Xiao) AI) Turn off the history of voice commands.

If you use a Mi Home smart home, remember that all devices are connected to one account, and a data leak from one gadget can compromise the entire system. For example, if an attacker gains access to your Mi Account, they can see when you are home (according to the vacuum cleaner) and hear conversations (via the speaker).

πŸ’‘

For maximum privacy, use Xiaomi smart devices without being tied to Mi Account. For example, routers and some models of vacuum cleaners can work in local mode (without the cloud).

The legal status of Xiaomi data collection varies by region.

1.The European Union (GDPR)

Xiaomi is obliged to comply with the General Data Protection Regulation in the EU (GDPR), provide:

  • The user’s explicit consent to the collection of data.
  • The right to access, rectify or delete your data.
  • Restriction of data transfer outside the EU (if servers are not certified by the EU) GDPR).

In 2021, Xiaomi was fined in the Netherlands for violating the law. GDPR: The company collected data on user behavior in the browser without proper notice, after which Xiaomi updated its privacy policy and added the option to disable telemetry in the browser. MIUI EEA.

2. Russia and CIS countries

In Russia, there is a federal law. β„– 152-FZ "On personal data", which requires:

  • Storage of data of Russian citizens on servers located in Russia.
  • User consent to data processing.

However, Xiaomi does not have data centers in Russia, so formally violates this requirement: in 2022, Roskomnadzor initiated an inspection against Xiaomi on the fact of transferring data from Russians abroad, but sanctions have not yet followed.

3. China

In China, Xiaomi is required to comply with the Cybersecurity Act (2017) and the Personal Data Protection Act (2021), which:

  • Companies are required to provide data to authorities upon request (e.g., to β€œmaintain national security”).
  • It prohibits the transfer of data outside China without the permission of regulators.

This means that if you are using a firmware MIUI CN, Your data may be transferred to Chinese intelligence agencies without your knowledge.

Conclusion: users from Russia and the EU are advised to avoid Chinese firmware (MIUI CN) use MIUI Global or MIUI EEA. It’s also worth checking your privacy settings regularly, as Xiaomi may change its data collection policy after updates.

πŸ“Š Do you trust Xiaomi to protect your data?
I totally trust you.
I do, but with reservations.
Neutrally.
I don't trust you.
I totally distrust you.

What to do if your data has already been leaked?

If you suspect that your data has been compromised (for example, after a Mi Account database leak or a phishing attack), follow the following algorithm:

  1. Change passwords: Change your Mi Account password immediately at account.xiaomi.com. Use a complex password (at least 12 characters) and enable two-factor authentication (via a two-factor authentication tool). SMS Google Authenticator).
  2. Check your account activity: In the Mi Account settings (Security) β†’ Entry history) check if there were unauthorized logins from unknown devices or IP-address.
  3. Revoke permissions: In Settings β†’ Accounts. β†’ Mi Account β†’ Permissions management disable access to contacts, locations, photos and other data.
  4. Remove backups from Mi Cloud: Go to Settings β†’ Mi Cloud β†’ Backup and delete all stored data (photos, contacts, SMS).
  5. Check your devices for viruses: Install an antivirus (like Dr.Web or Kaspersky) and scan your smartphone for spyware. Some malware masquerades as Xiaomi system services.
  6. Contact us for support: If you are sure that data was stolen, write to Xiaomi support on privacy@xiaomi.com Requiring to remove your information from the databases.

If a leak has caused financial losses (for example, through Mi Pay), immediately block bank cards and report fraud to the police. In Russia, such cases are considered under article 159.6 of the Criminal Code of the Russian Federation ("Fraud in the field of computer information").

Signs that your data may have leaked:

  • πŸ“§ Xiaomi’s unexpected emails about changing your password or logging in from a new device.
  • πŸ“± The emergence of unfamiliar devices in the history of synchronization Mi Cloud.
  • πŸ’³ Write off money through Mi Pay or other Xiaomi payment services.
  • πŸ” Advertising in Mi Browser or GetApps related to your personal interests (for example, loan offers after searching banks).

πŸ’‘

If you sell or transfer your Xiaomi smartphone to another person, be sure to complete a full factory reset (Settings) β†’ Additionally. β†’ Reset your settings) and delete your Mi Account from your device, otherwise the new owner will be able to recover your data!

FAQ: Frequent questions about access to Xiaomi data

❓ Can you completely disable data collection on Xiaomi?
It is impossible to completely disable data collection, since some services (for example, checking for updates or running Mi Account) require minimal telemetry. However, you can reduce the amount of information transmitted by 80-90% through the settings described in this article. For maximum privacy, use custom firmware like LineageOS or Pixel Experience, but this will require unlocking the bootloader and losing some functions (for example, the camera).
❓ Does Xiaomi transfer data to China if I use global firmware?
Yeah, even on MIUI Global data (e.g., system telemetry or application errors) can be transmitted to servers in China, but the volume of this data is less than in China. MIUI CN, And they're usually anonymized. To check where your data is going, use traffic monitoring apps like NetGuard or PCAPdroid.
❓ Xiaomi can listen to my conversations through a microphone?
Technically, yes, but only if you have explicitly given permission to access the microphone for applications like Xiao. AI In 2020, researchers at Forbes discovered that Mi Browser was recording sound in the background, but Xiaomi denied these allegations, saying it was a bug. Turn off microphone access for all applications except calls and voice assistants (Settings) β†’ Privacy β†’ Permits β†’ Remove or disable the Xiao AI Other Xiaomi Voice Services.
❓ What happens if I turn off all Xiaomi services?
Disabling services will lead to the loss of the following functions: Synchronization of contacts, notes and photos through Mi Cloud. Push notifications in proprietary applications (Mi Home, Mi Fit). Automatic updates MIUI (You'll have to install it manually. Some smart home features (e.g. remote).