Microsoft reveals WP7 data collection practices

The details come as Apple and Google face scrutiny for their location data collection activities

In the midst of an uproar over ways that Apple and Google collect and store location information from mobile phones, Microsoft has laid out details about its Windows Phone 7 data collection policies.

Microsoft says that it collects location information only if users allow an application to access location data and when that particular application requests location information. It also said that it keeps that data in a Microsoft database.

Apple has come under fire in recent weeks after researchers showed that the iPhone and iPad store location data about users on the devices. Additional research found that both Apple and Google collect location information about users even when applications that require location information aren't running.

Google has defended itself by saying that location sharing by users of Android-based mobile phones is opt-in and that all location data the company stores is anonymized. Apple has not commented on the situation.

Microsoft said that it assembles and maintains a database of the locations of cell towers and Wi-Fi access points in order to provide its location services. When a user accesses an application that requires location information, Microsoft compares the Wi-Fi access points and cell towers in range of the device with the location database, which contains details of the locations of the access points and cell towers.

Microsoft has assembled the database in two ways, it said. One is via teams of people who drive around with phones that collect information about Wi-Fi access points, matching that data with location information collected via GPS. The company started that process last year and plans to continue this year, it said.

In addition, when customers are using location-aware applications and Wi-Fi is turned on, the phones collect information about nearby Wi-Fi access points. If the user has GPS turned on, Microsoft will also collect location details.

Microsoft said it only collects location information when a particular application requests it. Also, it said that when it collects location information, it matches it with a randomly generated ID assigned to the device, which is retained for a limited period. It uses that ID to distinguish location requests.

The company left a few unanswered questions, including how long it retains data collected from user phones. It said it stores the data in a Microsoft database, but did not specify whether it also stores any such data on user devices.

Because Microsoft has a relatively small mobile market share, it may escape some of the questions aimed at its competitors. Over the past weeks, the Illinois attorney general, Minnesota Senator Al Franken and Congressman Edward Markey have all asked Apple and Google to respond to questions about their location collection activities. Two consumers have filed a lawsuit in Florida charging both companies with fraud. In addition, governments in Korea and Europe are reportedly investigating the matter.

Nancy Gohring covers mobile phones and cloud computing for The IDG News Service. Follow Nancy on Twitter at @idgnancy. Nancy's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags Appleconsumer electronicsGoogleMicrosoftsecuritysmartphonesPhonesprivacy

More about AppleGoogleIDGMicrosoftO'ReillyReilly

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Nancy Gohring

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts