Windows Phone 7 Smartphones Tracking User Location Without Authorization [REPORT]

wp7cameranotification

The news comes from a post on WinRumors - a blog dedicated to covering Microsoft-related news and rumors - which cites an in-depth investigation by Windows Phone 7 developer and hacker Rafael Rivera.

Rivera used a Samsung Focus on different builds of Windows Phone 7 (7004, 7390, 7392) and it was found that all of them send location data to Microsoft’s servers at agps.location.live.net and inference.location.live.net without permission from the user. The sent data includes the OS version, information about the smartphone device, wireless networks nearby etc.

From WinRumors:

Rafael Rivera, famous for his work on jailbreaking Windows Phone 7, has investigated the [unauthorized location tracking] claims thoroughly. After initially labelling the claims “skimpy”, Rivera has tested the camera application in Windows Phone 7 to determine whether Microsoft sends device location information to its servers without explicit user confirmation. Rivera explains that packets are sent to agps.location.live.net and several to Microsoft’s Location Inference service hosted at inference.location.live.net.

In testing, whenever the Camera app was launched, location data was found to be sent up to the ‘cloud’. This is when WP7’s location services were turned on but the camera wasn’t enabled to use them.

Rivera believes that Camera app wakes up the location service which, in turn, caches location data before it can be given to the camera. As the camera isn’t allowed to do this, it doesn’t read the data but it ends up being sent back and forth between the phone and Microsoft’s servers.

The question, now, is whether the location data sent to Microsoft’s servers is recognizable and stored or is processed and then deleted immediately.

Earlier this year when there were reports of Apple and Google tracking user locations on iOS and Android devices (respectively), Microsoft proudly informed PCMag that their smartphone OS doesn’t track location data.

It would be quite embarrassing for Microsoft if this investigation and its results turn out to be true (which, well, seems to be the case).

Here’s the official statement from Microsoft on the issue:

Microsoft is investigating the claims raised in the complaint. We take consumer privacy issues very seriously. Our objective was — and remains — to provide consumers with control over whether and how data used to determine the location of their devices are used, and we designed the Windows Phone operating system with this in mind.

You can follow us on Twitter or join our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the web.

In a report published today, it appears that Microsoft Windows Phone 7 smartphones are tracking and sending location data to online servers without the user’s consent.

The news comes from a post on WinRumors – a blog dedicated to covering Microsoft-related news and rumors – which cites an in-depth investigation by Windows Phone 7 developer and hacker Rafael Rivera.

Rivera used a Samsung Focus on different builds of Windows Phone 7 (7004, 7390, 7392) and it was found that all of them send location data to Microsoft’s servers at agps.location.live.net and inference.location.live.net without permission from the user. The sent data includes the OS version, information about the smartphone device, wireless networks nearby etc.

From WinRumors:

Rafael Rivera, famous for his work on jailbreaking Windows Phone 7, has investigated the [unauthorized location tracking] claims thoroughly. After initially labelling the claims “skimpy”, Rivera has tested the camera application in Windows Phone 7 to determine whether Microsoft sends device location information to its servers without explicit user confirmation. Rivera explains that packets are sent to agps.location.live.net and several to Microsoft’s Location Inference service hosted at inference.location.live.net.

In testing, whenever the Camera app was launched, location data was found to be sent up to the ‘cloud’. This is when WP7’s location services were turned on but the camera wasn’t enabled to use them.

Rivera believes that Camera app wakes up the location service which, in turn, caches location data before it can be given to the camera. As the camera isn’t allowed to do this, it doesn’t read the data but it ends up being sent back and forth between the phone and Microsoft’s servers.

The question, now, is whether the location data sent to Microsoft’s servers is recognizable and stored or is processed and then deleted immediately.

Earlier this year when there were reports of Apple and Google tracking user locations on iOS and Android devices (respectively), Microsoft proudly informed PCMag that their smartphone OS doesn’t track location data.

It would be quite embarrassing for Microsoft if this investigation and its results turn out to be true (which, well, seems to be the case).

Here’s the official statement from Microsoft on the issue:

Microsoft is investigating the claims raised in the complaint. We take consumer privacy issues very seriously. Our objective was — and remains — to provide consumers with control over whether and how data used to determine the location of their devices are used, and we designed the Windows Phone operating system with this in mind.

You can follow us on Twitter or join our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the web.