Microsoft is one of many companies including Google and Skyhook that keeps a Wi-Fi geolocation database in order to provide location specific information to phones, laptops, tablets, etc. Most of these databases collect the MAC addresses and GPS locations of Wi-Fi access points and store that information to provide information to devices. Recently Google locked down their database after a privacy concern was raised about the information stored. Microsoft is now responding the same way after a researcher raised similar concerns about the information stored in Microsoft’s database.
In general, the information in these databases is obtained by Microsoft (or Google) driving vehicles around and noting MAC addresses of Wi-Fi access points and the GPS location of those points. Another way to gather the same data is to have smartphones, which all have GPS capabilities these days, send the MAC address of the access point they are connected to in conjunction with their current GPS location. Cell tower locations can also be sent along with this other data. The goal here is to expand the database. This makes suggestions based on location better for end users.
Previously, the issue with privacy was that both Apple and Google were storing histories of locations the phone has been, right on the device itself. Microsoft very smartly did not do this type of data storage on their Windows 7 phones.
The new issue is that these databases sometimes record the MAC address of a phone itself. This happens when a person is using their phone as a mobile hotspot. In that situation any phone or other devices that connects to that hotspot will transmit the phone’s MAC address itself because it is acting as an access point. The issue with that is that until recently the database could be queried. If a phone had been used as a mobil hotspot, its MAC address could be queried and the exact location of that phone could be quickly determined.
This exact thing also happened with Google and after a CNET report on the device MAC addresses was released, Google locked down access to their database. Microsoft has now done the exact same thing, over the same concerns. Microsoft didn’t just restrict access to the database, it changed the requirements to get location information. Previously one MAC address was enough to query the database, now you need two adjacent addresses. If you aren’t in an area that can provide that information, you are out of luck in terms of gaining location based information.
Locking down the database seems like the right move, but it does become a bummer for laptops without GPS chips. Those devices are essentially going to be unable to get location based information now unless there are two access points nearby. The real question here is exactly how big of an issue is this? What percentage of smart phone users are using their phones as mobile access points? That would answer what percentage of people are exposing their MAC address to outside queries. Also, the MAC address for a specific phone is a difficult piece of information to find just for the sake of stalking.
Do you think Microsoft and Google have made the right call on restricting access to these databases? Let us know in the comments.