Microsoft Statement: We Collect Your Location Data Too

Wednesday, April 27, 2011



UPDATE:  Apple Lied: Filed Patent for Mobile Device Tracking: Revelations of the patent application now confirm suspicions that Apple was quite aware of the storage of geolocation tracking data, that it was not merely a database of Wi-Fi locations, and the building of location histories on their customers was not due to a software glitch...

*   *   *

Not to be outdone by the competition, Microsoft has also released a Q&A style statement regarding the company's practice of collecting geolocation tracking information from mobile devices.

Apple similarly released a statement regarding the uproar over revelations that the iOS operating system maintains a geolocation tracking file that records location information of devices running the operating system.

Apple's statement employs some semantic play that attempts to both confirm and deny suspicions about the data collection, and attributes the controversy to technical glitches in the iOS operating system and the company's lack of open communication on the issue.

In contrast, the Microsoft statement is more technically thorough, does not attribute the data collection to any flaws in the operating system software, and makes no attempt to apologize for the practice.

The statement confirms that Microsoft collects and store location data, but insists the information is not device specific and does not compromise user privacy.

Th data is collected in a similar manner as Apple employs, by triangulating the device location using signals from transmission towers and from Wi-Fi connections in the vicinity of the device.

Unlike Apple, Microsoft insists that users can prevent the collection of the location data by disabling the Location Services feature. Apple is expected to update the iOS to allow users the same option.

Microsoft does survey Wi-Fi locations ("Managed Driving"), but insists they collect no "payload" data from open and unencrypted Wi-Fi connections, as was the case in the past with Google Maps, and says the company does not disclose the location of those connections.

Microsoft insists that if the Wi-Fi feature is disabled on a device, that no location data is collected or transmitted, and also states that even if the feature is active, data is only collected if the user gives an application permission to access location data.

As with Apple, Microsoft offered assurances that any data collected and stored is done so anonymously in order to preserve customer privacy.

An excerpt from the Microsoft statement is as follows:

How do location services for Windows Phone work?

When you allow an application or game to access your device's location, the application or game will connect to Microsoft's location services and request the approximate location of the device. The location service will respond by providing the application or game with the location coordinates of the user's device (when available), which the application or game can then use to enrich the user experience. 
How does Microsoft provide location services?

To provide location services, Microsoft assembles and maintains a database that records the location of certain mobile cell towers and Wi-Fi access points. These data points are used to calculate and provide an approximate location of the user's device by comparing the Wi-Fi access points and cell towers that a user's device can detect to the location database, which contains correlations of known Wi-Fi access points and cell towers to observed latitudes and longitudes.

How does Microsoft collect location information from mobile devices?

In addition to managed driving, in order to assemble and maintain its location database, Microsoft surveys available Wi-Fi access points when users are using location-aware features or applications on their mobile device. These Wi-Fi access points are only surveyed if all of the following conditions are met:

•  The user has given permission to turn on location services on the device. The user has allowed a particular application to access location services and the application requests location information.

•  Wi-Fi is turned on on the device.

If any of these conditions are not met, the mobile device will not survey Wi-Fi access points.

What Wi-Fi data elements do you collect from mobile devices using Microsoft's location services?

The Wi-Fi access point elements observed and information collected from mobile devices includes the following:

•  BSSID (the MAC address of the Wi-Fi access point)

•  Signal strength

•  Randomly generated unique device ID

If GPS is available on the mobile device, Microsoft will also collect the following:

•  Observed latitude and longitude

•  Direction and speed

The full statement also provides direction on how to disable the Locations Services features and manage the collection of the device location information.

Microsoft's statement comes off as much more genuine than Apple's attempt to dodge the privacy violations bullet, nonetheless both companies - as well as Google and probably many others - have been less than forthright regarding the collection, transmission and storage of sensitive data about their customers.

Possibly Related Articles:
PDAs/Smart Phones
Microsoft Privacy Mobile Devices geo-location Smart Phone Headlines Tracking
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.