   Technology Stocks: Smartphones, Tablets, Wearables and Gadgets

From: Julius Wong7/24/2019 9:51:30 PM
From: Julius Wong8/28/2019 8:36:29 AM
From: Julius Wong10/5/2019 8:09:48 AM
From: Julius Wong11/13/2019 9:55:37 AM
From: Julius Wong2/7/2020 10:32:53 AM
From: Julius Wong2/11/2020 7:52:22 AM
From: Julius Wong2/14/2020 8:22:01 AM
From: radkapital5/2/2020 6:15:11 PM
Top Chinese Phone Brands and Their Best-Selling Models in India - Pandaily

Over the years, India has emerged as one of the fastest growing smartphone markets in the world. As the world’s second largest smartphone market, it is constantly attracting global brands seeking to expand their market share. According to the latest report from Counterpoint Research, Chinese brands Xiaomi, vivo, Realme and OPPO accounted for 73% of India’s market in terms of shipments in Q1 2020. Here are some of the Chinese titles performing well in the Indian market.

Best Chinese phone brands in India 2020 Xiaomi and Redmi Note series India is now Xiaomi’s biggest mobile phone market. In Q1 2020, it led the Indian smartphone market with a 30% market share. Aggressive offline expansion, customer focus and affordable prices have boosted company’s business there. The Redmi Note series handsets, including the Redmi Note 8 series and the Redmi Note 9 series, are the most popular smartphones under Rs. 15,000 in the country.

Xiaomi Redmi Note 9 Pro – Rs. 12,999

Redmi Note 9 Pro (Source: Xiaomi)The Redmi Note 9 Pro is a killer phone hitting India in March, the new budget phone from Xiaomi’s sub-brand Redmi comes as the successor to last year’s Redmi Note 8 series, with a lowered starting price of Rs. 12,999. It packs a 6.67-inch LCD screen with a 60Hz refresh rate and achole-punch frontal camera. The handset runs on the Qualcomm Snapdragon 720G SoC which is surprisingly powerful for this price range. The Redmi Note 9 Pro is also equipped with a powerful 5020mAh battery, supporting 18W fast charging.

Vivo and vivo Y series Vivo saw its market share in India grow from 12% to 17% last year. Vivo phones mainly target fashion conscious smartphone buyers, who are looking for a good camera, audio functionality, sleek design at a low price. The Y series models, usually featuring AI selfie capabilities, a dual-camera, a bezel-less screen, and a Qualcomm SoCs, performed well in Q1. The best-selling vivo Y series smartphones included the Y91, Y95, Y83, Y53. They are priced starting from Rs. 6990.

Vivo Y91 – Rs. 7,950.

VivoY91 India (Source: vivo)The Vivo Y91 launched in January 2019, is a stripped-down variant of the Vivo Y95. The phone comes with a 6.22-inch display, 4,030mAh battery, and is powered by a Qualcomm Snapdragon 439 processor. Its Halo FullView Display offers users an immersive viewing experience. The Y91 has a 13MP+2MP dual rear camera setup and an 8MP front-facing camera. The rear camera setup is reinforced by features such as Portrait mode, Autofocus, and more. The front camera includes AI Beautifying effects. The Vivo Y91’s starting price on Amazon is Rs. 7,950.

Realme and first 5G phone India Realme started as a sub-brand of OPPO until its separation in 2018. It launched its first product, the Realme 1 exclusively in India in May 2018. Realme grew ferociously by heaping 119% year-over-year in Q1 this year. It now commands 14% of the Indian smartphone segment, surpassing OPPO’s 12%. The Realme X50 Pro 5G was the first 5G phone in the Indian market. The Realme 5i and C3 are currently the hottest Realme phones in India under Rs. 10,000.

Realme C3 – Rs. 6,999

Realme C3 triple camera phone (Source: Realme)The Realme C3 is the latest budget smartphone from Realme, the successor to the Realme C2. With a starting price of Rs. 6999, the affordable phone has helped win market share for Realme in Q1 2020. It has a 6.5 inch display with 89.8% screen to body ratio, Corning Gorilla Glass 3, and a 5,000mAh battery. It features a dual camera 13MP + 5MP set up and runs on the new Helio G70 processor and Mali G52 GPU that guarantee fast performance in both routine tasks and mobile gaming, even while playing heavy games like COD and PUBG.

OPPO and A series OPPO has emerged as India’s favorite innovative handset brand in the premium segment. OPPO constantly focuses on camera capabilities and long-lasting and fast-charging batteries, which have impressed young customers the most. OPPO has similar offline marketing strategy to vivo. People can see OPPO and vivo selling everywhere in India. The budget friendly OPPO A5 series, A31 and A9 2020 have shown especially good performance.

OPPO A9 2020 – Rs. 17,390

The Oppo A9 2020 has a large 6.5-inch screen with a 89% screen-to-body ratio. The display comes with a water drop notch and Gorilla Glass 3+ for protection. It has a 5000mAh ultra battery with reverse charging capability, and a 48MP ultra wide quad camera setup supported by a 16MP selfie camera featuring AI beautification. The Snapdragon 665 + Game Boost 2.0 provide faster performances and smoother, more responsive gaming experience. OPPO A9 2020 comes with 128GB of ROM, which can be backed up by up to 256GB of additional memory thanks to a three-card slot (Dual Sim + MicroSD) for tons of extra storage.

OnePlus and Note 8 Pro series Chinese phone brand OnePlus has become the new leader of India’s premium smartphone segment (= Rs. 30,000 retail price), followed by Samsung and Apple in 2019. In 2019, its shipments grew 28% YoY and captured one-third of India’s premium segment.

OnePlus 8 – Rs 41,999

OnePlus 8 series smartphone (Source: OnePlus)The OnePlus 8 and OnePlus 8 Pro were launched a couple of weeks ago at an online event. The anticipated high-end phone is now available for pre-bookings in India on The OnePlus 8 starts at Rs. 41,999 for the base 6GB + 128GB storage model, while the price for the 8GB + 128GB variant is set at Rs. 54,999. The OnePlus 8 is a little bit smaller than the Pro variant with a 6.55-inch display. Additionally, it is equipped with a Snapdragon 865 processors, and supports 5G.

To: radkapital who wrote (3015)2/28/2021 6:54:08 PM
From: Latest Review
Excellent Article, yes xiaomi is Biggest selling phone in India due to socio economic Status of majority of Indians

To: Latest Review who wrote (3016)3/2/2021 10:09:18 AM
From: FJB
Are Xiaomi browsers spyware? Yes, they are…
Wladimir Palant

In case you missed it, there was a Forbes article on Mi Browser Pro and Mint Browser which are preinstalled on Xiaomi phones. The article accuses Xiaomi of exfiltrating a history of all visited websites. Xiaomi on the other hand accuses Forbes of misrepresenting the facts. They claim that the data collection is following best practices, the data itself being aggregated and anonymized, without any connection to user’s identity.

TL;DR: It is really that bad, and even worse actually.

If you’ve been following my blog for a while, you might find this argumentation familiar. It’s almost identical to Avast’s communication after they were found spying on the users and browser vendors pulled their extensions from add-on stores. In the end I was given proof that their data anonymization attempts were only moderately successful if you allow me this understatement.

Given that neither the Forbes article nor the security researchers involved seem to provide any technical details, I wanted to take a look for myself. I decompiled Mint Browser 3.4.0 and looked for clues. This isn’t the latest version, just in case Xiaomi already modified to code in reaction to the Forbes article. Update (2020-05-08): If you don’t need the technical explanation, the newer article gives an overview of the issue.

Disclaimer: I think that this is the first time I analyzed a larger Android application, so please be patient with me. I might have misinterpreted one thing or another, even though the big picture seems to be clear. Also, my conclusions are based exclusively on code analysis, I’ve never seen this browser in action.


The general analytics setup The Forbes article explains that the data is being transmitted to a Sensors Analytics backend. The Xiaomi article then provides the important clue: is the host name of this backend. They then go on explaining how it’s a server that Xiaomi owns rather than a third party. But they are merely trying to distract us: if sensitive data from my browser is being sent to this server, why would I care who owns it?

We find this server name mentioned in the class miui.globalbrowser.common_business.g.i (yes, some package and class names are mangled). It’s used in some initialization code:

final StringBuilder sb = new StringBuilder(); sb.append(""); sb.append(A.e); a = sb.toString();
Looking up A.e, it turns out to be a country code. So the i.a static member here ends up holding the endpoint URL with the user’s country code filled in. And it is being used in the class’ initialization function:

public void a(final Context c) { SensorsDataAPI.sharedInstance(this.c = c, i.a, this.d); SensorsDataAPI.sharedInstance().identify(com.xiaomi.mistatistic.sdk.e.a(this.c)); this.c(); this.d(); this.e(); this.b(); }
The Sensors Analytics API is public, so we can look up the SensorsDataAPI class and learn that the first sharedInstance() call creates an instance and sets its server URL. The next line calls identify() setting an “anonymous ID” for this instance which will be sent along with every data point, more on that later.

The call to this.c() is also worth noting as this will set a bunch of additional properties to be sent with each request:

public void c() { final JSONObject jsonObject = new JSONObject(); jsonObject.put("uuid", (Object)com.xiaomi.mistatistic.sdk.e.a(this.c)); int n; if (H.f(miui.globalbrowser.common.a.a())) { n = 1; } else { n = 0; } jsonObject.put("internet_status", n); jsonObject.put("platform", (Object)"AndroidApp"); jsonObject.put("miui_version", (Object)Build$VERSION.INCREMENTAL); final String e = A.e; a(e); jsonObject.put("miui_region", (Object)e); jsonObject.put("system_language", (Object)A.b); SensorsDataAPI.sharedInstance(this.c).registerSuperProperties(jsonObject); }
There we have the same “anonymous ID” sent as uuid parameter, just in case. In addition, the usual version, region, language data is being sent.

For me, it wasn’t entirely trivial to figure out where this class is being initialized from. Turns out, from class miui.globalbrowser.common_business.g.b:

public static void a(final String s, final Map<String, String> map) { a(s, map, true); } public static void a(final String s, final Map<String, String> map, final boolean b) { if (b) { i.a().a(s, map); } miui.globalbrowser.common_business.g.d.a().a(s, map); }
So the miui.globalbrowser.common_business.g.b.a() call will set the third parameter to true by default. This call accesses a singleton miui.globalbrowser.common_business.g.i instance (will be created if it doesn’t exist) and makes it actually track an event (s is the event name here and map are the parameters being sent in addition to the default ones). The additional miui.globalbrowser.common_business.g.d.a() call triggers their MiStatistics analytics framework which I didn’t investigate.

And that’s it. We now have to find where in the code miui.globalbrowser.common_business.g.b class is used and what data it receives. All that data will be sent to Sensors Analytics backend regularly.

How anonymous is that ID? Looking up com.xiaomi.mistatistic.sdk.e.a() eventually turns up ID generation code very close to the one cited in the Xiaomi blog post:

public static String d(final Context context) { if (!TextUtils.isEmpty((CharSequence)y.g)) { return y.g; } final long currentTimeMillis = System.currentTimeMillis(); final String a = L.a(context, "anonymous_id", ""); final long a2 = L.a(context, "aigt", 0L); final long a3 = L.a(context, "anonymous_ei", 7776000000L); if (!TextUtils.isEmpty((CharSequence)a) && currentTimeMillis - a2 < a3) { y.g = a; } else { L.b(context, "anonymous_id", y.g = UUID.randomUUID().toString()); } L.c(context, "aigt", currentTimeMillis); return y.g; }
The L.a() call is retrieving a value from context.getSharedPreferences() with fallback. L.b() and L.c() calls will store a value there. So Xiaomi is trying to tell us: “Look, the ID is randomly generated, without any relation to the user. And it is renewed every 90 days!”

Now 90 days are a rather long time interval even for a randomly generated ID. With enough data points it should be easy to deduce the user’s identity from it. But there is another catch. See that aigt preference? What is its value?

The intention here seems to be that aigt is the timestamp when the ID was generated. So if that timestamp deviates from current time by more than 7776000000 milliseconds (90 days) a new ID is going to be generated. However, this implementation is buggy, it will update aigt on every call rather than only when a new ID is generated. So the only scenario where a new ID will be generated is: this method wasn’t called for 90 days, meaning that the browser wasn’t started for 90 days. And that’s rather unlikely, so one has to consider this ID permanent.

And if this weren’t enough, there is another catch. If you look at the SensorsDataAPI class again, you will see that the “anonymous ID” is merely a fallback when a login ID isn’t available. And what is the login ID here? We’ll find it being set in the miui.globalbrowser.common_business.g.i class:

public void b() { final Account a = miui.globalbrowser.common.c.b.a(this.c); if (a != null && !TextUtils.isEmpty((CharSequence) { SensorsDataAPI.sharedInstance().login(; } }
That’s exactly what it looks like: a Xiaomi account ID. So if the user is logged into the browser, the tracking data will be connected to their Xiaomi account. And that one is linked to the user’s email address at the very least, probably to other identifying parameters as well.

What is being collected? As mentioned above, we need to look at the places where miui.globalbrowser.common_business.g.b class methods are called. And very often these are quite typical for product analytics, for example:

final HashMap<String, String> hashMap = new HashMap<String, String>(); if (ex.getCause() != null) { hashMap.put("cause", ex.getCause().toString()); } miui.globalbrowser.common_business.g.b.a("rv_crashed", hashMap);
So there was a crash and the vendor is notified about the issue. Elsewhere the data indicates that a particular element of the user interface was opened, also very useful information to improve the product. And then there is this in class

public void onPageFinished(final WebView webView, final String d) { ... if (!this.c && !TextUtils.isEmpty((CharSequence)d)) { miui.globalbrowser.common_business.g.b.a("page_load_event_finish", "url", this.a(d)); } ... } public void onPageStarted(final WebView webView, final String e, final Bitmap bitmap) { ... if (!this.b && !TextUtils.isEmpty((CharSequence)e)) { miui.globalbrowser.common_business.g.b.a("page_load_event_start", "url", this.a(e)); } ... }
That’s the code sending all visited websites to an analytics server. Once when the page starts loading, and another time when it finishes. And the Xiaomi blog post explains why this code exists: “The URL is collected to identify web pages which load slowly; this gives us insight into how to best improve overall browsing performance.”

Are you convinced by this explanation? Because I’m not. If this is all about slow websites, why not calculate the page load times locally and transmit only the slow ones? This still wouldn’t be great for privacy but an order of magnitude better than what Xiaomi actually implemented. Xiaomi really needs to try harder if we are to assume incompetence rather than malice here. How was it decided that sending all visited addresses is a good compromise? Was privacy even considered in that decision? Would they still make the same decision today? And if not, how did they adapt their processes to reflect this?

But there are far more cases where their analytics code collects too much data. In class we’ll see:

final HashMap<String, String> hashMap = new HashMap<String, String>(); hashMap.put("used_searchengine",; hashMap.put("search_position", miui.globalbrowser.common_business.g.e.c()); hashMap.put("search_method", miui.globalbrowser.common_business.g.e.b()); hashMap.put("search_word", s); miui.globalbrowser.common_business.g.b.a("search", hashMap);
So searching from the navigation bar won’t merely track the search engine used but also what you searched for. In the class we see for example:

final HashMap<String, String> hashMap = new HashMap<String, String>(); hashMap.put("op", s); hashMap.put("suffix", s2); hashMap.put("url", s3); if (d.c(s4)) { s = "privacy"; } else { s = "general"; } hashMap.put("type", s); b.a("download_files", hashMap);
This isn’t merely tracking the fact that files were downloaded but also the URLs downloaded. What kind of legitimate interest could Xiaomi have here?

And then this browser appears to provide some custom user interface for YouTube videos. Almost everything is being tracked there, for example in class

final HashMap<String, String> hashMap = new HashMap<String, String>(); hashMap.put("op", "search"); hashMap.put("search_word", text); hashMap.put("search_type", s); hashMap.put("page", this.w); miui.globalbrowser.common_business.g.b.a("youtube_search_op", hashMap);
Why does Xiaomi need to know what people search on YouTube? And not just that, elsewhere they seem to collect data on what videos people watch and how much time they spend doing that. Xiaomi also seems to know what websites people have configured in their speed dial and when they click those. This doesn’t leave a good impression, could it be surveillance functionality after all?

Conclusions If you use Mint Browser (and presumably Mi Browser Pro similarly), Xiaomi doesn’t merely know which websites you visit but also what you search for, which videos you watch, what you download and what sites you added to the Quick Dial page. Heck, they even track which porn site triggered the reminder to switch to incognito mode! Yes, if Xiaomi wants anybody to believe that this wasn’t malicious they have a lot more explaining to do.

The claim that this data is anonymized cannot be maintained either. Even given the random user ID (which appears to be permanent by mistake) deducing user’s identity should be easy, we’ve seen it before. But they also transmit user’s Xiaomi account ID if they know it, which is directly linked to the user’s identity.

Xiaomi now announced that they will turn off collection of visited websites in incognito mode. That’s a step in the right direction, albeit a tiny one. Will they still collecting all the other data in incognito mode? And even if not, why collect so much data during regular browsing? What reason is there that justifies all these privacy violations?

Update (2020-05-07): I looked into the privacy-related changes implemented in Mint Browser 3.4.3. It’s was a bigger improvement than what it sounded like, the “statistics” collection functionality can be disabled entirely. However, you have to make sure that you have “Incognito Mode” turned on and “Enhanced Incognito Mode” turned off – that’s the only configuration where you can have your privacy.

