I have Xiaomi Redmi 8 and i've noticed strange activity in files matching following pattern:

/storage/emulated/0/MIUI/debug_log/common/tcpdump.pcap*

(MIUI is proprietary GUI that ships exclusively with Xiaomi phones)

These are unencrypted pcap files which seem to be regulary rotated. Can be opened in wireshark and contain actual dumps of my personal traffic.

(luckily most of it is TLS encrypted, but RNG in their kernel might be compromised as well...)

Is your phone doing this too?