Microsoft is currently being sued for tracking users using Windows Phone 7 handsets without authorization. The claim was supported using packet traces by an independent security researcher.
Microsoft denied the allegations, but now Rafael RiveraÂ from Within Windows has been able to replicate the findings, showing Windows Phone 7 does ping Microsoftâ€™s servers to establish the location of a handset using surrounding WIFI access points before permission has been granted by the user.
While this is of course pretty convenient it is against Microsoftâ€™s own guidelines to developers, which says â€œMicrosoft does not collect information to determine the approximate location of a device unless a user has expressly allowed an application to collect location information.â€
The case, being brought in U.S. District Court, Western District of Washington by Rebecca Cousineau, is of course seeking class action status, but I wonder if enough Windows Phone 7 users would be perturbed enough to join her in the suit.
In the mean time I suspect Microsoft already has an emergency patch in the works to fix the breach.
Read more at Within Windows here.