"Note: The OS version tested by Rivera was Windows Phone OS 7.0.7004.0."
Why not the NoDo update? This kinda undermines the findings.
That's like saying "Windows' is still prone to 95% of malware, Microsoft said it wasn't!*
*This test was preformed on Windows XP SP2. "
Would be better to test out the NoDo update or better yet, wait for Tuesday and test the Mango update after it comes out. Curious why Raf isn't running the latest update...?
Still, these findings are curious none the less.
EDIT: I see, he did test each WP release he just started with 7004 and worked his way up, with no change. Seems like it might be time to switch 3G off each time I smap a pic.
Earlier this month Microsoft was hit with a lawsuit which claimed that the new Windows Phone OS tracked users without their consent. Now new evidence has come to light which seems to prove that there is some substance to this lawsuit.
Enter Rafael Rivera, one of the programmer behind the Windows Phone jailbreaking tool ChevronWP. After initially being skeptical about the lawsuit, Rivera decided to test the Windows Phone camera app to see what information, if any, it sent to Microsoft when the phone was reset to the ‘out-of-box’ experience.
Note: The OS version tested by Rivera was Windows Phone OS 7.0.7004.0.
What Rivera discovered was that the app sent several packets to Microsoft, one to agps.location.live.net and several to Microsoft’s Location Inference (codenamed Orion) service hosted at inference.location.live.net. The information transmitted included:
- OS Version
- Device Information
- Wireless access points in the vicinity of the handset, including MAC addresses and power levels
- Various GUID-based identifiers
But it gets worse:
In response to these packets was pin-point accurate positioning information - all before I granted the Camera application access to location data.
In other words, all this happens before the user has a chance to respond to this screen:
Rivera hypothesizes that what’s happening here is that the camera app is calling up location services in preparation for location information and that location services then goes ahead to figure out where the phone is and caches that result.
Note: By default, location services is switched on in Windows Phone. If this service is disabled, no information is sent by the camera app.
However, this behavior DOES contradict a statement made by Microsoft to the US House of Representatives. Specifically:
[1. User Choice and Control.] Microsoft does not collect information to determine the approximate location of a device unless a user has expressly allowed an application to collect location information. Users that have allowed an application to access location data always have the option to access to location at an application level or they can disable location collection altogether for all applications by disabling the location service feature on their phone.
[2. Observing Location Only When the User Needs It.] Microsoft only collects information to help determine a phone’s approximate location if (a) the user has allowed an application to access and use location data, and (b) that application actually requests the location data. If an application does not request location, Microsoft will not collect location data.
What still remains to be seen is whether Microsoft is storing this information.
tl;dr summary:
Microsoft says that it does not determine user location information for Windows Phone apps without consent, but research by programmer Rafael Rivera proves that this is not the case.
