Phones

Researcher Claims Windows Phone 7 Snoops On Users' Locations

When it was revealed this spring that iPhone secretly reported on users' locations, Microsoft made clear that Windows Phone 7 didn't do the same thing. But now a security researcher claims that Windows Phone 7 does in fact gather location data and report it to a server without users' knowledge.

Rafael Rivera, first known for jailbreaking Windows Phone 7, claims on the Within Windows blog that Windows Phone 7 gathers location information, and then sends it to Microsoft servers without users' knowledge.

He says that when you run the camera app, several packets of location information are sent to the agps.location.live.net server and several to Microsoft's Location Inference service hosted at inference.location.live.net. He says it is done without users knowing that it is happening. Here's what he says is sent from his test device, a Samsung Focus:

OS Version (7.0.7004.WM7_7.0_Ship(mojobld).20100916-1429)
Device Information (SAMSUNG/SGH-i917 and SAMSUNG Electronics/SAMSUNG MITs/i917UCJJ1/[digits])
Wireless access points around me (MAC addresses, power levels)
Various GUID-based identifiers

He concludes:

In response to these packets was pin-point accurate positioning information --- all before I granted the Camera application access to location data.

Congress held hearings about smartphones and location data, and Microsoft testified that Windows Phone 7 didn't report on location data without the user giving approval. If Rivera is right, it appears that testimony might not be true.

I can't say that I know the truth about this. But if it is true, it's certainly disturbing, and something Microsoft will need to fix right away. Windows Phone 7 has enough problems right now. It doesn't need another one having to do with snooping on its users.