Windows Phone DOES transmit location information without user consent

Windows Phone DOES transmit location information without user consent

Summary: Statements made by Microsoft to the US House of Representatives prove to be at odds with how its Windows Phone OS actually works.

SHARE:

Earlier this month Microsoft was hit with a lawsuit which claimed that the new Windows Phone OS tracked users without their consent. Now new evidence has come to light which seems to prove that there is some substance to this lawsuit.

Enter Rafael Rivera, one of the programmer behind the Windows Phone jailbreaking tool ChevronWP. After initially being skeptical about the lawsuit, Rivera decided to test the Windows Phone camera app to see what information, if any, it sent to Microsoft when the phone was reset to the 'out-of-box' experience.

Note: The OS version tested by Rivera was Windows Phone OS 7.0.7004.0.

What Rivera discovered was that the app sent several packets to Microsoft, one to agps.location.live.net and several to Microsoft's Location Inference (codenamed Orion) service hosted at inference.location.live.net. The information transmitted included:

  • OS Version
  • Device Information
  • Wireless access points in the vicinity of the handset, including MAC addresses and power levels
  • Various GUID-based identifiers

But it gets worse:

In response to these packets was pin-point accurate positioning information - all before I granted the Camera application access to location data.

In other words, all this happens before the user has a chance to respond to this screen:

Rivera hypothesizes that what's happening here is that the camera app is calling up location services in preparation for location information and that location services then goes ahead to figure out where the phone is and caches that result.

Note: By default, location services is switched on in Windows Phone. If this service is disabled, no information is sent by the camera app.

However, this behavior DOES contradict a statement made by Microsoft to the US House of Representatives. Specifically:

[1. User Choice and Control.] Microsoft does not collect information to determine the approximate location of a device unless a user has expressly allowed an application to collect location information. Users that have allowed an application to access location data always have the option to access to location at an application level or they can disable location collection altogether for all applications by disabling the location service feature on their phone.

[2. Observing Location Only When the User Needs It.] Microsoft only collects information to help determine a phone's approximate location if (a) the user has allowed an application to access and use location data, and (b) that application actually requests the location data. If an application does not request location, Microsoft will not collect location data.

What still remains to be seen is whether Microsoft is storing this information.

tl;dr summary:

Microsoft says that it does not determine user location information for Windows Phone apps without consent, but research by programmer Rafael Rivera proves that this is not the case.

Topics: Operating Systems, Microsoft, Mobility, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

55 comments
Log in or register to join the discussion
  • RE: Windows Phone DOES transmit location information without user consent

    <B><I>"Note: The OS version tested by Rivera was Windows Phone OS 7.0.7004.0."</I></B><br><br><S>Why not the NoDo update? This kinda undermines the findings.<br><br>That's like saying "Windows' is still prone to 95% of malware, Microsoft said it wasn't!*<br><I>*This test was preformed on Windows XP SP2.</I>"<br><br>Would be better to test out the NoDo update or better yet, wait for Tuesday and test the Mango update after it comes out. Curious why Raf isn't running the latest update...?</S><br><br>Still, these findings are curious none the less.<br><br>EDIT: I see, he did test each WP release he just started with 7004 and worked his way up, with no change. Seems like it might be time to switch 3G off each time I smap a pic.
    The one and only, Cylon Centurion
    • RE: Windows Phone DOES transmit location information without user consent

      @Cylon Centurion Rivera says 'When Mango ships in 1-2 weeks, I???ll test that too. Stay tuned.'
      Adrian Kingsley-Hughes
    • RE: Windows Phone DOES transmit location information without user consent

      @Cylon Centurion Or wifi if you are on that... hopefully the Mango update will take care of this issue.
      athynz
    • RE: Windows Phone DOES transmit location information without user consent

      @Cylon Centurion Could it be that MS is allows allowing the location information to be transmitted so that they can let the phone and applications on the phone know where it is at and MS is not using/storing that information for its own use.
      rmark@...
      • RE: Windows Phone DOES transmit location information without user consent

        @rmark@??? Personally I think it might have to do with advertising. If Microsoft is going to sell locations of phones to advertisers, so ads can be done on a locational basis, it makes sense to know where the phones are. I remember reading something about Microsoft integrating Bing searches with advertising. But that could be misinformation, as with anything else you read on the internet.
        Rick_Kl
  • a good topic

    a good topic,[url=www.ecnikeshoes.com]ugg boots[/url]
    luminary911
  • Well when this came out about Apple I did not

    get upset, and for the very same reasons I'm not upset about MS either.

    Pagan jim
    James Quinn
    • RE: Windows Phone DOES transmit location information without user consent

      @James Quinn There is a difference. Apple was storing the info on the phone, and on the computer that synced with the phone. Microsoft is harvesting the data on a remote server, for an unspecified amount of time. The real test is: if the various fanboys will speak out against Microsoft the same as they spoke out against Apple.
      Rick_Kl
      • Yes

        @Rick_Kl

        I don't see any need for Microsoft to know where I am.
        Michael Alan Goff
      • RE: Windows Phone DOES transmit location information without user consent

        @Michael Alan Goff: the sad thing is Microsoft lied about this behavior, and was quick to criticize others for their misdoings. When questioned by Congress, Microsoft blatantly lied about their spying on endusers.
        Rick_Kl
      • RE: Windows Phone DOES transmit location information without user consent

        @Rick_Kl
        I agree. The situations are very different, as you explained. No information was sent to Apple, albeit that information was stored on the iPhone and attached computer. That is VERY different to the WP7 situation wherein information IS sent to MS. I, too, am curious about what MS fan-boys will have to say about his. :-)
        Wakemewhentrollsgone
      • RE: Windows Phone DOES transmit location information without user consent

        @Rick_Kl <br>Rick_K (on these blogs couple blogs back): <i>Microsoft just channeled most all of the WP7SOS phones into carrier stores except the phones used by Microsoft Employees and few fanboys </i><br><br>I think he claimed there were only few like 4 fanboys bought those apart from Microsoft employees. Of course that statement is paraphrased, but you could search for exact comments he did. Since there are only 4 users and rest of Microsoft employees, why would anyone care about the issue. Anyway you don't have one, so what is point of bashing here. Thats what exactly you said to iOS bashers those very day(s) when there was similar noise.
        Ram U
      • RE: Windows Phone DOES transmit location information without user consent

        @Rama.NET: I want to know if the staunch Microsoft supporters, will get upset about this. They came out of the woodwork to bash Apple for something similar, but not as nefarious.
        Rick_Kl
      • RE: Windows Phone DOES transmit location information without user consent

        @Rick_Kl Indeed... given their stance on the copy/paste issue I'm sure they'll be more than willing to give Microsoft a free pass on this.
        athynz
      • RE: Windows Phone DOES transmit location information without user consent

        @Rick_Kl
        Are you absolutely sure of this statement. Where Apple may have monitored and Google may have logged (even to the point of photographing Your location) that Microsoft is not somehow monitoring your behaviors? Don't forget Bing has to be an aggregator of information as well. Not spreading FUD, but in order to be truly off the grid the best means is not owning a phone, any personal property or using credit or banking transactions of any sort. BIG BROTHER always knows where you are. Time to quit thinking any platform truly provides anonymity.
        partman1969@...
      • RE: Windows Phone DOES transmit location information without user consent

        @Rick_Kl

        That is a real shame, really.

        I wish we had a bit more transparency in our companies.
        Michael Alan Goff
      • RE: Windows Phone DOES transmit location information without user consent

        @Rick_Kl

        The article says:<br><br>"Note: By default, location services is switched on in Windows Phone. If this service is disabled, no information is sent by the camera app."<br><br>And Microsoft says:<br>"[1. User Choice and Control.] Microsoft does not collect information to determine the approximate location of a device unless a user has expressly allowed an application to collect location information."<br><br>So what the heck is the problem here? If you go in and set the location services to disabled then you don't get tracked!<br>
        How can they be lying if you can turn the tracking service off?
        Unlike Apple and Google you get tracked no matter what!!! How come there's no big article on that?
        mikroland2.0
      • RE: Windows Phone DOES transmit location information without user consent

        @Rama.NET I personally do not care what someone else posted, show me something that I posted, and we can talk. I do believe that Microsoft is harvesting user data, but do not know why. Every article I have personally read indicates that Microsoft collects data dumps from those phones, and is storing it in a database. In June there was an article on how you could track the phone using live.net (or whatever it is called). All you needed was the MAC address of the phone and you could track where it was, and where it had been.
        Rick_Kl
      • RE: Windows Phone DOES transmit location information without user consent

        @Rick_Kl I think the location servers are telling the phone where it is at based on technical information the phone sends to it. That is, Wifi and MAC addresses are sent to the server and the server tells the phone it is located in New York City, Now York. It is not like the phone could possible know where it is at on its own.
        rmark@...
      • RE: Windows Phone DOES transmit location information without user consent

        @rmark@??? The talkback here is all screwed up. But the truth is; the phone sends WiFi locations, Cell towers, and GPS coordinates (if available). The things that bothers me is: Why is there a need to send a device specific unique ID? It is bad enough that Microsoft installed spyware in Windows, but to add spyware to phones too?
        Rick_Kl