Mi Band 6

Warning: *Privacy Not Included with this product

Wearables Fitness Trackers

Mi Band 6

Xiaomi
Bluetooth

Review date: Nov. 8, 2021

|
Mozilla researched 8 hours
|

Mozilla says

|
People voted: Super creepy

Mi—owned by Beijing-based Xiaomi—offers the Mi Band 6 as a lower cost health and fitness tracker. It tracks what most fitness trackers track--heart rate, sleep, stress, steps, calories, menstrual cycles, and more. Should you trust it? Xiaomi, the parent company of Mi, was recently caught secretly collecting data on some users, so buyer beware.

What could happen if something goes wrong?

Things got a little confusing for us while reviewing the Mi Band 6. The company that sells the Mi Band is Chinese tech giant Xiaomi. It seems the company that may make the device technology is Huami, which also makes the Amazfit fitness trackers. The privacy policy on the Mi website links to a Xiaomi privacy policy. When we spoke with representatives from Mi, they told us their Mi Band 6 had a device-specific privacy policy and shared a pdf with us of a privacy policy from Huami, one we couldn’t find anywhere publicly online. The company says users can only access the privacy policy once they've downloaded the app. Oh, and recently Huami changed its name to Zepp Health Corp. As we said, it’s all very confusing.

What we do know is, Xiaomi--the company behind the Mi Band-- came under fire in 2020 when researchers reportedly found they were secretly collecting users' data during private web browsing and phone use. According to the Xiaomi privacy policy, the company does not sell personal information to third parties. They say they may share personal information with Xiaomi affiliates and the Mi Ecosystem. They also share personal information with third parties for marketing purposes. According to the Huami privacy policy the representatives from Mi shared with us, they can also share personal information with Huami-affiliated companies and with third parties for advertising and other purposes.

All in all, it seems to us a lot of personal information may be shared with any number of affiliate companies in the Xiaomi, Mi, Huami ecosystem. And we found it very odd they provided us with a pdf of a privacy policy for the device that we were unable to find publicly available online. Consumers should be able to read a product's privacy policy before buying the product or downloading the app. What’s the worst that could happen? Well, this device collects a lot of personal information and we can’t exactly tell where all that personal information is going in the confusing world of privacy policies we reviewed. That’s not good for consumers at all.

Tips to protect yourself

  • Be very careful who you chose to share your wellness data with.
  • Don't connect your app to any social networks like Facebook.
  • Minimize volumes of data collected about you by an app
  • Use two-factor authentication
  • mobile

Can it snoop on me? information

Camera

Device: No

App: Yes

Microphone

Device: No

App: Yes

Tracks location

Device: No

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

The data can be shared with HUAMI-affiliated companies or with third-party providers including advertising and marketing providers. Their advertising partners may deliver targeted advertisements to you when you visit non-HUAMI related websites within their networks.

How can you control your data?

Where you have consented to HUAMI’s processing of your personal information or sensitive personal information, you may withdraw that consent at any time and cease further processing by contacting HUAMI.

The company shall cease to retain personal information, or remove the means by which the personal information can be associated with particular individuals, as soon as it is reasonable to assume that the purpose for which that personal information was collected is no longer being served by retention of the personal information.

What is the company’s known track record of protecting users’ data?

Needs Improvement

Speaking to Forbes in early 2020, security researchers Gabriel Cirlig and Andrew Tierney claimed that Xiaomi’s mobile web browsers collect an inordinate amount of data even in incognito mode. This allegedly included all URLs and search queries made in the stock MIUI browser, Mi Browser Pro, and Mint Browser. Combined, these browsers have more than 15 million downloads on the Google Play Store.

Can this product be used offline?

Yes

User-friendly privacy information?

Yes

Xiaomi provides the IoT privacy white paper.

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

Xiaomi runs a vulnerability disclosure process via https://trust.mi.com/misrc/bulletins

Privacy policy

Yes

Does the product use AI? information

Yes

You can connect the band to Alexa

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Voice recognition, if you connect it to Alexa

Is the company transparent about how the AI works?

Yes

Does the user have control over the AI features?

Yes

*Privacy Not Included

Dive Deeper

  • Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
    Thomas Brewster Link opens in a new tab
  • Is selling your privacy for a cheaper phone really a good idea?
    Android Authority Link opens in a new tab
  • Ignore China’s New Data Privacy Law at Your Peril
    Wired Link opens in a new tab

Comments

Got a comment? Let us hear it.