Microsoft Accused of Collecting Windows Phone Location Data

The data is allegedly collected when a phone's camera is turned on, even if a user has chosen not to have data recorded.

A Windows Phone 7 user has filed a lawsuit against Microsoft, claiming that the software maker collects data from mobile phone users without their knowledge.

Data, including location information, is collected from Windows Phone 7 devices such as the HTC 7 Mozart and Samsung Omnia 7 when a phone's camera is turned on, even if a user has chosen not to have data recorded, alleges the lawsuit filed in federal district court in Seattle by Rebecca Cousineau.

Cousineau is asking for both an injunction to stop Microsoft from collecting the data, and punitive damages to punish the company for collecting the information in the first place.

Microsoft has remained silent on the lawsuit.

The lawsuit also contends that Microsoft misled Congress this year when it said that it did not collect data from mobile users without their permission, Reuters reported.

In a letter responding to queries from several members of the House of Representatives, Microsoft admitted that it "collects limited information necessary to determine the approximate location of a device." But added that "collection is always with the express consent of the user and the goal of our collection is never to track where a specific device has been or is going."

Microsoft collects location data from users to deliver "useful and relevant experiences to users, such as local movie options, directions to a nearby coffee shop or to find a meeting of nearby friends, the letter said.

Microsoft, Apple, Google and Nokia appeared at a congressional hearing this year on data collection practices by mobile operating system makers. That forum followed revelations by researchers that Apple was collecting location data from iPhone users without their knowledge. Researchers found that the data, gathered from cellphone towers, was being placed in an unprotected file on the user's phone and copied to the user's computer when that individual synchronized data between the handset and Apple's iTunes program.

Following the Apple revelations, Google admitted that it, too, collected data from phones running its Android operating system. Anything tying the origin of the data to a person, though, is stripped from it after it's collected, it said. What's more, collection of location information can be turned off when a user first sets up their Android phone.

Apple imposes opt-in restrictions on iPhone location services, too, but they apply only to applications and websites that want to gather geo data from the phone.

The iPhone data collection issue discovered by the security researchers was eventually diffused by Apple when it released version 4.3.3 of its mobile operating system, iOS.

Whether or not to allow a mobile to collect location data about itself presents users with a dilemma. They can shut down the option and preserve their privacy but by doing so, they also disable some of a phone's nifty features, such as geotagging photos taken with the handset's camera and calling up maps of a current location.

Copyright © 2011 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)