Researchers accuse Xiaomi web browsers of collecting browsing data – even in Incognito mode

Xiaomi smartphones are unanimously agreed to be one of the best value purchases available in the market at any point in time. Packing some insane hardware at some very lucrative price points, especially at the lower end of the smartphone market, these phones make an offer that a lot of people just can’t refuse. Xiaomi has also been receptive to the needs of the developer community, with decisions such as allowing bootloader unlocking without sacrificing the manufacturer’s warranty — a combination that a lot of other popular OEMs discard, as well as vastly improving upon their kernel source releases. These reasons make them one of the most popular devices in our forums, and they have rightfully earned that spot of popularity.

However, recent reports from security researchers point towards a worrying privacy issue observed on Xiaomi’s web browsers. Forbes’ cybersecurity contributor and associate editor Thomas Brewster, along with cybersecurity researchers Gabi Cirlig and Andrew Tierney recently concluded in a report that Xiaomi’s various web browsers were sending data to remote servers. They allege that the data being sent included a history of all websites visited, including the URLs, all search engine queries, and all the items viewed on Xiaomi’s news feed, along with device metadata. What’s even worrying about this data collection allegation is that this data is being collected even if you seemingly browse with “incognito mode” enabled.

This data collection seemingly occurs on the pre-installed stock browser on MIUI, as well as Mi Browser Pro and Mint Browser, both of which are available for download through the Google Play Store. Together, these browsers have over 15 million downloads on the Play Store, while the stock browser is preloaded on all Xiaomi devices. The devices tested include the Xiaomi Redmi Note 8, Xiaomi Mi A1, Xiaomi Mi 10, Xiaomi Redmi K20, and the Xiaomi Mi Mix 3. There wasn’t a distinction between Xiaomi’s Android One or MIUI devices, as the collection code was found in the default browser anyway. As such, this issue does not appear to be MIUI-centric but depends on whether you use any of these three browsers on your device, irrespective of the underlying OS. Other browsers, like Google Chrome and Apple Safari collect far less data, restricting themselves to usage and crash analytics.

Xiaomi responded by seemingly confirming that the browsing data it was collecting was fully compliant with local laws and regulations on user data privacy matters. The collected information was user-consented and anonymized. However, the company denied the claims in the research.

The research claims are untrue. Privacy and security is of top concern.

This video shows the collection of anonymous browsing data, which is one of the most common solutions adopted by internet companies to improve the overall browser product experience through analyzing non-personally identifiable information.

The researchers, however, found this claim of anonymity to be dubious. The data that Xiaomi was sending was admittedly “encrypted”, but it was encoded in base64, which can easily be decoded. Since the browsing data can be decoded in a rather trivial manner, and since the collected data also contained device metadata, this browsing data could seemingly be correlated to the actions by individual users without significant effort.

Further, the researchers found that the Xiaomi browsers were pinging domains related to Sensors Analytics, a Chinese startup also known as Sensors Data, known for providing behavioral analytics services. The browsers also contained an API called SensorDataAPI. Xiaomi is also listed as a customer on the Sensors Data website.

Xiaomi has responded to the report from Forbes with denial on several aspects:

While Sensors Analytics provides a data analysis solution for Xiaomi, the collected anonymous data are stored on Xiaomi’s own servers and will not be shared with Sensors Analytics, or any other third-party companies.

The researchers responded against Xiaomi’s denial with further proof of their data collection practice.

The parameter data_list is the one I am interested in.

URL decode.

base64 decode.

Gunzip.

JSON data.

I don’t think that should be there. pic.twitter.com/5CYH5FU9E4

— Cybergibbons (@cybergibbons) April 30, 2020

With the information available at hand, there does appear to be a worrying privacy issue in the way these browsers function. We’ve reached out to Xiaomi for further comment on these claims.

---

Source: Forbes

The post Researchers accuse Xiaomi web browsers of collecting browsing data – even in Incognito mode appeared first on xda-developers.

from xda-developers https://ift.tt/2KQ8aZD
via IFTTT

The Redmi K30i may be a cheaper version of the Xiaomi Redmi K30 5G

Rebranding is undoubtedly an effective method to cater to a large number of consumers with minimum effort. Xiaomi, for example, was able to take advantage of the hype around the “POCO” tag by presenting the 4G variant of the Redmi K30 as the POCO X2 in India. Interestingly, the 5G-capable Redmi K30 has remained exclusive to China so far. While we don’t have any knowledge of a potential global launch of the Redmi K30 5G, we now have evidence that Xiaomi may launch a cheaper version of the device called the “Redmi K30i”.

Redmi K30 5G XDA Forums

The Redmi K30 4G and Redmi K30 5G were launched together in China back in December 2019. Features like the 120Hz LCD display panel and quad cameras are present in both smartphones, but the most distinguished difference between the two is in terms of processing power and associated cellular technology. The Redmi K30 4G is powered by the Qualcomm Snapdragon 730G while the 5G variant is powered by the Qualcomm Snapdragon 765G. Now, evidence of the existence of a cheaper Redmi K30 5G first appeared when Xiaomi updated the TENAA listing for the Redmi K30 5G with the model name “M2001G7AC”. Most importantly, the update mentions that they changed the camera specs to include a “48MP version”.

Next, XDA’s ever-reliable Xiaomi tipster, kacskrz, spotted a new string in the latest version of the MIUI Camera app:

<string name="back_picasso_48m">4:REDMI K30i 5G:AI QUAD CAMERA:48MP QUAD CAMERA</string>

For those not familiar with Xiaomi’s naming convention, “picasso” is the code-name for the Redmi K30 5G. The string also explicitly states that the “Redmi K30i 5G” has an “AI quad camera” with a 48MP main sensor. The company might have replaced the 64MP Sony IMX686 sensor from the original Redmi K30 series with a 48MP Samsung/Sony module to bring the cost further down. Xiaomi, in fact, made a similar move recently as they launched the global version of the Redmi Note 9 Pro with a downgraded front camera (16MP) compared to the Indian model (32MP in the Redmi Note 9 Pro Max).

Hopefully, we will learn more about this new 5G phone from Xiaomi as it comes closer to launch. Right now, we do not have information on which markets this new phone will be arriving in.

The post The Redmi K30i may be a cheaper version of the Xiaomi Redmi K30 5G appeared first on xda-developers.

from xda-developers https://ift.tt/3bYvcti
via IFTTT

Global smartphone and tablet sales predictably tanked in Q1 2020 due to COVID-19

It’s no secret that smartphone and tablet sales are on the decline due to the ongoing COVID-19 pandemic. The situation has forced fewer smartphones to be made, planned product launches to be scaled back or delayed, and fewer people to go out and buy devices. Thanks to recently released Q1 2020 sales data, we now know just how bad things are. Renowned analytics companies IDC, Strategy Analytics, Canalys, and CounterpointResearch have independently published data on smartphone and data sales in the first quarter of this year. Here’s a summary of the key findings in each report:

Note: Since each source provides slightly different figures for smartphone sales, market share, etc., we’re only citing each report where there’s unique information.

Counterpoint Research

• Global smartphone market declined 13% YoY (Q1 2019 to Q1 2020). This is the first time since Q1 2014 that the smartphone market has fallen below 300 million units in a quarter. The decline is mainly driven by a 27% YoY shipment decline in China. As a result, Chinese smartphone market share in the global smartphone market declined from 26% in Q1 2019 to 22% in Q1 2020. CounterpointResearch believes that the impact of COVID-19 on the supply side of smartphones and components could leave OEMs to diversify their supply chain by moving some production to countries like India and Vietnam.
• The share of 5G smartphone shipments increased from 1% in Q4 2019 to 8% in Q1 2020.
• Xiaomi (7%) and Realme (157%) were the only major brands to achieve global growth YoY thanks to strong growth in India.
• Huawei was the only major smartphone brand in China to grow sales, as the company saw a 6% rise to 28.7 million units, which helped the company capture 39% of total smartphone sales in the country.
• The effect of COVID-19 on the smartphone market will likely be worse in Q2 2020, though mostly in countries still under lockdown. As China is recovering, brands with a larger share in China, like Huawei, will be better positioned. Furthermore, companies that were hit hard by the lockdown in China, like Lenovo, will recover as manufacturing resumes. Brands with a great online presence, like Realme, will do better than those that rely on offline sales. Sales of budget phones will be hit the hardest while sales of premium devices will be least affected.

Strategy Analytics

• Global 5G smartphone shipments surged past 24 million units in Q1 2020 thanks to higher than expected demand in China. 18.7 million total 5G phones were shipped in 2019.
• Samsung shipped 8.3 million 5G phones globally in Q1 2020. Huawei (including Honor) was at the second spot at 8 million 5G phones shipped globally. Vivo was third, with 2.9 million shipments of its iQOO 3 and X30 5G.

Canalys

• Apple was one of the lest affected vendors thanks to strong sales of the iPhone 11 in early Q1 2020. However, they were still down 8% with 37 million shipments.

IDC

• The first quarter usually sees a decline in shipments quarter over quarter (i.e. Q4 to Q1), with average sequential decline over the last three years being between -15% to -20%. But Q1 2020 has been the largest annual YoY decline ever, with smartphone shipments in China declining 20.3% YoY and shipments in the U.S and Western Europe declining 16.1% and 18.3%, respectively.
• Samsung retained its top position of 21.1% market share (despite an 18.9% YoY decline) due to the success of its Galaxy A series.
• Huawei maintained the second position globally, though the company’s global sales decline 17.1%. It managed to offset some of the COVID-19 impact by cutting prices early on the Mate 30, P30, Honor V30, and Honor 9X. Their diversified offline and online sales channels helped reach consumers even during the lockdown.
• Tablet shipments continued to decline, down 18.2% YoY to 24.6 million units. Meanwhile, detachables grew 56.8% YoY thanks to Apple. Slate tablets saw shipments decline 36.4% YoY. Apple maintained its pole position, followed by Samsung (with a 3.9% growth YoY) and Huawei (with an 8.3% decline YoY).

Interestingly, all reports offer contradictory figures for Chinese OEM Vivo. According to CounterpointResearch, the company saw a 10% YoY decline in Q1 2020. This is in contrast to Canalys, which states that Vivo grew 3% YoY, and IDC, which states that Vivo grew 7% YoY.

---

Source: CounterpointResearch (1,2), IDC (1,2), StrategyAnalytics, Canalys

The post Global smartphone and tablet sales predictably tanked in Q1 2020 due to COVID-19 appeared first on xda-developers.

from xda-developers https://ift.tt/2y8VdaO
via IFTTT

Here are the 5 new OxygenOS features that OnePlus is working on

OxygenOS from OnePlus is inarguably one of the best Android skins out there. It offers users a good selection of useful features and customization options, while still maintaining a near-stock Android look. To achieve this, the company pays close attention to what its users want and regularly hosts Open Ears forums around the world to directly engage with the community for feedback. In a bid to streamline this process and give more users the opportunity to provide feedback, OnePlus launched the IDEAS program early this year in March.

With the new IDEAS program, OnePlus encouraged its community to submit suggestions for new features that they would like to see in OxygenOS and it promised to include some of the most popular features submitted in future versions of the software. In the first month of its release, Always-on Display (AOD) was the top idea submitted by the community and, soon thereafter, OnePlus announced that it had added AOD to the OxygenOS update roadmap. It’s been 8 weeks since the IDEAS program was first announced and the company has now shared a recap of their progress so far.

In a recent post on the OnePlus forums, the company revealed that it has received over 5000 ideas, 25,000 likes, and over 2000 comments on the IDEAS platform. The post also marked the end of the beta phase for the program and revealed that it will be under “renovation” over the next few months. Furthermore, the company announced that out of all the ideas submitted by the community it will be adopting 5 new features that will soon be added to OxygenOS. These include:

• Always-On Display — development to be finished around June, with the closed beta test/open beta test to follow in August/September (subject to changes, there are various factors working).
• Enable fingerprint unlock for hidden pictures in gallery — included in the roadmap
• Play sound when battery is fully charged — included in the roadmap
• Folders within the app drawer — included in the roadmap
• Adding more essential features to Zen mode — included in the roadmap

Additionally, OnePlus also listed down all the ideas that won’t be added to OxygenOS along with a detailed response about why they chose not to include a particular feature. Here are some of the features OnePlus won’t be adding to OxygenOS:

• Edge notification light
• OnePlus Dex
• Call recording
• Google message for the stock SMS/RCS app
• Study mode
• API support for Gcam
• Improve the adaptive brightness
• Custom fingerprint animations
• Real-time weather wallpaper
• Real One Hand mode
• AMOLED dark
• Boost capabilities of the alert slider
• An option to set battery charging limit to 80%
• Variable charging speed
• Allow users to choose which stock apps to install during setup

OnePlus rejected the Dex (AKA desktop mode) because they believe that most users focus on file transfer, notifications, and controlling the phone when connected to a PC. For call recording, the company noted that it’s already available in OxygenOS in India, China, UK, France, Bangladesh, and the Netherlands for the OnePlus 6/6T, 7/7 Pro, 7T/7T Pro, but they won’t add it broadly due to the risk of falling afoul of local user privacy and legal requirements.

The Study mode idea was rejected because it overlaps with existing features in OxygenOS, like DND, reading mode, screen lock, Zen mode, etc. However, they are considering updating reading mode so it’ll automatically adjust the screen time duration, and they’ll consider designing per-app blocking of apps in Zen mode. Gcam API support was dropped as only a small number of users were using Google Camera ports and since these ports are made by third-party developers it would be difficult to keep up maintenance in case things change.

OnePlus also said that the True one-handed mode was rejected because most users activate one-handed mode to perform one quick action rather than making a series of continuous actions. And finally, the company revealed that other features, like Google Messages for the stock SMS app, improving the adaptive brightness, limiting the battery when charging to 80&, variable charging speed, etc. were dropped because they are either already available in some form in OxygenOS or are things that the user can take care for themselves.

As of now, OnePlus hasn’t revealed a definite release timeline for 4 of the 5 features that it will be adding to OxygenOS, but we expect the company to share more details in the near future.

---

Source: OnePlus Community forums

The post Here are the 5 new OxygenOS features that OnePlus is working on appeared first on xda-developers.

from xda-developers https://ift.tt/3d29aG8
via IFTTT

Clyma Weather is a simple weather app that combines data from 3 weather providers

Apple shook the tech world last month when they acquired the popular hyperlocal weather app “Dark Sky” and immediately announced they were going to discontinue the Android app. If you’ve been on the hunt for a good replacement, check out Clyma Weather by XDA Senior Member KDB223. It’s a fresh new weather app available on the Google Play Store today.

Clyma bills itself as a simple and clean app that will deliver “no more inconsistent weather reports.” Rather than checking multiple weather providers to get a reliable forecast in your area, Clyma combines data from three providers so the forecasts are more consistent. Dark Sky is one of those 3 providers (the other two are OpenWeatherMap and Weatherbit) until the API is phased out. Check out the full feature list and screenshots below.

Clyma Features:

• 3 reputed weather providers – No more inconsistency, with data sourced from 3 separate, independent, and reputed weather providers (Dark Sky, OpenWeatherMap, Weatherbit).
• Weekly forecast – Daily weather forecast for the next 7 days so you can plan ahead for the whole week
• Clean, simple, and beautiful design – Bold colors and dynamic animations for every weather condition for a pleasant surprise every time you check the weather.
• Multiple themes – Choose from multiple themes, including a dark theme and black theme for OLED screens. Clyma also supports system-level dark theme on Android 10 and above.
• Homescreen widgets – Get the latest accurate weather right on your home screen, in a total of 3 different sizes (Clyma Pro)

In a future update, the developer plans to add support for hourly weather forecasts.

Here are screenshots of the app running on my Pixel device:

You can download the app from the Google Play Store now. The developer says the app will be available soon from XDA Labs.

Clyma Weather: Simple, Multi-source and Accurate (Free⁺, Google Play) →

The app is quite new and is still in development, so if you have feedback, leave a comment on the developer’s forum thread linked below.

Read more about Clyma in the Apps and Games Forum

The post Clyma Weather is a simple weather app that combines data from 3 weather providers appeared first on xda-developers.

from xda-developers https://ift.tt/2YmlKvZ
via IFTTT

RCS support in Google Messages is rolling out in Italy

Rich Communication Services, or RCS, is a communication protocol that’s often described as the successor to SMS or an alternative to iMessage for Android. With RCS, users can exchange media files in high quality, see read receipts, see typing indicators, start group chats, and more over mobile data and even Wi-Fi. However, universal, app-independent RCS support requires carriers to implement the protocol in their networks, which some have done while others have dragged their feet on. Google has been pushing RCS adoption under its “Chat” banner, using the company’s own servers and “Messages” app to bypass the need for carrier adoption. So far, Google has rolled out RCS in the Google Messages app for users in the U.S., Spain, the U.K., and France, but now they’re expanding support to another European country: Italy.

The Italian rollout was first reported by Italian technology website TuttoAndroid (via AndroidPolice). While WhatsApp is widely used in Europe, RCS will prove to be a viable alternative that’s built into the main messaging app on your phone. This is convenient and easily accessible for the average user, which is especially important during these times when we’re all stuck at home because of the COVID-19 pandemic. It is possible that we’ll also RCS roll out to other markets as well in the coming weeks. This is probably just wishful thinking, but we could even see a global release of RCS in the Messages app.

“Google Chat” rolling out in Messages for some users in Italy. Source: TuttoAndroid

TuttoAndroid indicates that the feature is rolling out independent of carrier support, so be sure to download the Messages app and check to see if the feature has rolled out for you. If the feature is available for you, you should be greeted by a “welcome to Chat” pop-up when you launch the app. Take note that all participants in a conversation have to enable “Chat” in order to use RCS features, otherwise you’ll fall back to SMS.

Messages (Free, Google Play) →

The post RCS support in Google Messages is rolling out in Italy appeared first on xda-developers.

from xda-developers https://ift.tt/3bU74In
via IFTTT

Quick Cursor enables one-handed control on Android using a mouse pointer

Smartphones keep getting bigger, but the need to use a phone with only one hand never changes. While most of the time you may be able to use both hands, there’s always going to be a situation where your other hand is occupied. Quick Cursor is a handy app that makes it easy to reach the very top of your screen with just one hand.

We previously covered an app called Reachability that added a cursor to the screen for hard-to-reach places. However, that app hasn’t been updated in a long time, and Quick Cursor is the same concept. Basically, whenever you need some extra reach, you can swipe from the side of the display and bring out a cursor. It consists of two parts: the tracker and the cursor. The tracker is what you drag around, in easy one-handed reach, to move the cursor at the top of the display.

In the GIF above, the large circle towards the bottom of the display is where my finger is at. I effortlessly swiped in from the left side of the display, dragged the tracker to reach the link, and then tapped the tracker to select it. All from the comfort of the bottom third of the display.

Quick Cursor has plenty of customization options to get it looking and working exactly how you want. You can choose which edge you want to swipe from to bring out the cursor, adjust the size of the area, customize the look of the cursor and tracker, etc. There are also more features if you purchase the Pro mode. If you have trouble reaching all corners of your phone, check out this app.

Read more about Quick Cursor in the Apps and Games Forum

Quick Cursor: one hand mouse pointer (Free⁺, Google Play) →

The post Quick Cursor enables one-handed control on Android using a mouse pointer appeared first on xda-developers.

from xda-developers https://ift.tt/3d3LvoI
via IFTTT