Sep 25, 2011
Following the recent lawsuit filed against Microsoft earlier this month, a Windows Phone hacker has now uncovered the real score about this allegation. The complaint allegedly claims that the new Windows Phone OS is tracking users without their consent is found to be TRUE. The evidence was unearthed by the name of Rafael Rivera (I believe that this is not his real name) in his curiosity whether the lawsuit that was filed was true or not.
This hacker is one of the programmers behind the Windows Phone jailbreaking tool ChevronWP. Equipped with skills needed, he decided to focus his attention to the Windows Phone camera application to determine if by any chance user information is being sent to Microsoft. The OS version installed in his test subject is Windows Phone OS 7.0.7004.0.
After successfully performing some trick on the target device, he discovered that the application is really sending several packets to Microsoft servers. The information was sent to agps.location.live.net and to the Microsoft’s Location Inference a.k.a Orion which is hosted at inference.location.live.net. The information that was confirmed to have been transmitted which I believe is not limited to:
- OS version
- Device information
- Nearest access point information that includes MAC addresses and signal level
- Various GUID-based identifiers
Additionally, what Rivera has found out is that this information were being sent before a particular user responds to the application request “ALLOW THE CAMERA TO USE YOUR LOCATION?”. He believes that this is happening in advance so that the camera application can prepare the necessary location information needed to figure out the location of the phone and stored it internally for future use by the location services.
If found to be true, this event will contradict to the statement made by Microsoft that says “Microsoft does not collect information to determine the approximate location of a device unless a user has expressly allowed an application to collect location information”.