After stories of iOS security concerns came out, Microsoft was quick to address on how its Windows Phone handles tracking and privacy security. The federal government then asked for Apple to come before the House of Representatives and answer some questions regarding what they are doing with users personal information.
Because of the questions that the government has on the issue, a letter was sent to Microsoft and others asking them to clarify the process they use for collecting information through mobile phones. Microsoft then responded yesterday with a nine-page letter detailing their processes and where they stand on privacy with regards to mobile computing. The following information was given in the letter:
1. User Choice and Control. Microsoft does not collect information to determine the approximate location of a device unless a user has expressly allowed an application to collect location information. Users that have allowed an application to access location data always have the option to access to location at an application level or they can disable location collection altogether for all applications by disabling the location service feature on their phone.
2. Observing Location Only When the User Needs It. Microsoft only collects information to help determine a phone’s approximate location if (a) the user has allowed an application to access and use location data, and (b) that application actually requests the location data. If an application does not request location, Microsoft will not collect location data.
3. Collecting Information About Landmarks, Not About Users. Microsoft’s collection of location data is focused squarely on finding landmarks that help determine a phone’s location more quickly and effectively. In our case, the landmarks we use are nearby WiFi access points and cell towers. The information we collect and store helps us determine where those landmarks are, not where device users are located. In fact, we’ve recently taken specific steps to eliminate the use and storage of unique device identifiers by our location service when collecting information about these landmarks. Without a unique identifier, or some other significant change to our operating system or practices, we cannot track an individual device.
4. Transparency About Microsoft’s Practices. Microsoft gives consumers opportunities to learn more about its location data collection practices. When the user makes a decision to allow an application to access and use location data, Microsoft provides a link to the Windows Phone Privacy Statement, 1 which includes its own section on location services with information describing the data Windows Phone 7 collects or stores to determine location, how that data is used, and how consumers can enable or disable location-based features. Additionally, at the time Windows Phone 7 launched last November, Microsoft published a consumer-friendly Q&A in the “Help and How-To” section of its Windows Phone website to address commonly-asked questions about location services and consumer privacy.2 This Q&A provides detailed information on how location services work for Windows Phone 7, the data Microsoft collects to provide location services, and step-by-step instructions (as well as diagrams) on how to enable and disable location services on Windows Phone 7 and the methods Microsoft uses to assemble and maintain its location database. Prior to launch of Windows Phone 7, Microsoft proactively engaged with various government and consumer organizations to start constructive dialogues regarding our location data collection and use practices.
Microsoft also spoke to their belief on gathering information on users:
We believe that our careful and deliberate approach to user privacy in the development of the Windows Phone 7 operating system reflects Microsoft’s commitment to give users informed choice about the collection and use of location information and to facilitate the delivery of device location information solely at the user’s request and solely for the user’s benefit.
I appreciate that Microsoft is taking steps to be transparent in how they collect information, but honestly, as a smartphone user you must understand that you are carrying a small computer that essentially uses location information to fulfill many services that are important to the devices functionality (especially with tight Bing integration in Windows Phone). So, my advice is to protect yourself and be aware and educated on what your smartphone does and which services you are running at all times. You can read the nine-page letter to Congress in its entirety here.