Microsoft’s Windows Phone 7.5 “Mango” update has introduced an important privacy change to the operating system.
Microsoft has been accused of tracking Windows Phone locations without explicit end user consent. A lawsuit was filed in a Seattle federal court earlier this month, backed by analysis from a well known security researcher. Windows Phone 7 allegedly sends user location info to Microsoft’s inference.location.live.net even if a user says “no” when prompted by the mobile operating system’s camera application.
Microsoft denied the claims earlier this week and insisted that the company was investigating the accusations. “Microsoft is investigating the claims raised in the complaint,” explained a Microsoft spokesperson in a statement issued shortly after the lawsuit. “We take consumer privacy issues very seriously. Our objective was — and remains — to provide consumers with control over whether and how data used to determine the location of their devices are used, and we designed the Windows Phone operating system with this in mind.”
It now appears that Microsoft has made a change to the way the camera application accesses location data in Windows Phone 7.5. Rafael Rivera, famous for his work on jailbreaking Windows Phone 7, originally revealed that packets of data were sent to Microsoft’s location services before a user selected an accept button in Windows Phone 7 to communicate its location. Rivera has now completed the same tests on Windows Phone 7.5 and he claims that Microsoft no longer sends location data prior to being granted permission to do so. “The behavior I’m now seeing is perfectly aligned with Microsoft’s letter to the U.S. House of Representatives,” said Rivera in a blog post on Wednesday. Microsoft’s Windows Phone 7.5 operating system now correctly adheres to the company’s promised location functionality:
- Microsoft does not collect information to determine the approximate location of a device unless a user has expressly allowed an application to collect location information
- Microsoft only collects information to help determine a phone’s approximate location if (a) the user has allowed an application to access and use location data, and (b) that application actually requests the location data.
Microsoft is still the subject of the ongoing lawsuit despite the changes in Windows Phone 7.5.