Dissecting Case 01438 Exhibit B, Part 4

Microsoft has just finished their investigation into the Windows Phone location data transmission claims originally brought forward by security researcher Samy Kamkar (and later dissected/validated by me). A few statements came out; let’s start by dissecting their press statement:

We have completed our investigation into the Windows Phone’s location service and the unintended sending of Wi-Fi access point and cell tower information.  We’ve posted what we learned and the steps we’ve taken to correct these behaviors on our Location and Privacy FAQs page and our privacy statement found at http://mango.microsoft.com/windowsphone/en-US/howto/wp7/web/location-and-my-privacy.aspx and http://mango.microsoft.com/windowsphone/en-us/privacy.aspx.

Microsoft is committed to user privacy.  As our Privacy Statement explains, the Windows Phone location service uses and stores only limited information about nearby Wi-Fi access points and cell towers, which we use to help provide users with location services more efficiently and effectively.  Most importantly, it does not use or store any information that identifies users or uniquely identifies a device, and Windows Phone does not track users or their devices.

Okay, that was simply a teaser to the new bits added to the privacy policy:

This notice describes unintended behavior in the Windows Phone software involving location services, explains how Microsoft is eliminating that behavior, and reminds you that you can prevent access to location information if you choose to do so.

As described in the Location Services section of this Privacy Statement, the location information stored and used by the Windows Phone location service is limited information about nearby Wi-Fi access points and cell towers that we use to help provide you with location services more efficiently and effectively. It does not include any information that identifies you or uniquely identifies your device and does not allow Microsoft to track you or your device.

The “Windows Phone location service” referred to here is really an entity representative of a few moving cogs – e.g. inference.location.live.net and agps.location.live.net. Take note of the language used here – Microsoft doesn’t discount the fact that PII may exist in the packets on the wire. They simply reaffirm that the data isn’t stored or used. (Seems odd it would be transmitted if unused but eh.) As we have no insight into how these services work, we have to trust Microsoft here. And I think we should.

We have identified an unintended behavior in the Windows Phone 7 software that results in information about nearby Wi-Fi access points and cell towers being periodically sent to Microsoft when using the Camera application, and, for phones that are configured for US-English, when using the phone's voice command features (such as "Find Pizza"). For the Camera, the software bug results in the behavior even where you have disabled geo-tagging photos in the Camera application.

The Windows Phone 7.5 update eliminates this unintended behavior by the Camera application and voice command feature. After the update, information about nearby Wi-Fi access points and cell towers will be sent when using the Camera application only if you have agreed to tag your photos with location. For voice commands, location information will no longer be requested and information about nearby Wi-Fi access points and cell towers will not be sent to Microsoft when using voice commands.

The language here is a bit confusing. They identified an unintended behavior – singular – but talk to issues in both the Camera and voice command features. I suspect this is because, like I mentioned in a previous post, these modules simply hit a bug specific to the location services code on the phone. Not necessarily application-specific bugs. But hey, they’re fixed now. This behavior aligns perfectly with their U.S. House of Representatives letter now.

We also have identified that the Windows Phone 7.5 update contains an unintended behavior when using the "Me" feature in the People Hub. Each time you access the "Me" feature, information about nearby Wi-Fi access points and cell towers is sent to the Windows Phone location service. The information sent, received and stored by the Windows Phone location service when you use the "Me" feature does not identify you or your individual device. Nevertheless, this behavior is unintended and will be eliminated as part of the next scheduled update to Windows Phone 7.5. After that update, information about nearby Wi-Fi access points and cell towers will be sent only if you have agreed to allow the "Check In" function of the "Me" feature to access and use location information.

Ruh roh! Looks like a worm snuck into the “Mango” shipment. It turns out, the “Me” tile has a similar location leakage problem as well. (This applies to people using the built-in Twitter or check-in functionalities.) Kudos to Microsoft for coming clean here, way before the press spun it out of control.

You will receive a notice on your phone when software updates are available, and you can always disable all access to location information by applications and collection of location information by the Windows Phone location service at any time by going to Settings > Location and toggling the location switch to OFF.

Finished off with an easy workaround.