Privacy and Security in the Windows Sensor and Location Platform
This section describes privacy and security features in the Windows Sensor and Location platform.
Location data can violate a user's privacy, especially if the information identifies a specific person. A street address, or the latitude and longitude coordinates that determine it, are considered personally identifiable information. Users expect computer software to keep this kind of information secure. The challenge for software developers is to find ways to give users the features they want and need, without violating their privacy.
The sensor and location platform in Windows provides the following features to help ensure that location data remains private:
In Windows 8, there are three types of settings for enabling location. There is a setting for administrators that can disable location for all users, a per-user setting to enable or disable location, and for Windows Store apps, users can apply per-app location settings. By default, per-user location settings are turned off until the user provides explicit consent to access the data through Control Panel.
For more information on location settings in Windows 8, see Location settings.
Windows provides disclosure messages to the user. These messages help users understand how using location data can result in the disclosure of personally identifiable information.
Desktop apps that use the Location API can call the RequestPermissions method to open a system dialog box that prompts users to enable location.
Location drivers use the sensor class extension. The class extension processes all I/O requests and makes sure that only programs that have user permission can access location data.
Review the following resources to help you develop software that protects user privacy.
- About Location Notifications
- About Managing Permissions
- About Logging Location Activity