Microsoft Edge Shares Precise Location Data

A new report finds Microsoft Edge is among several mobile browsers sharing precise user location data with third-party companies.

A new report has found that a significant number of popular mobile browsers are harvesting user location data. The study examined 15 browsers and discovered that 8 of them collect this information. The report specifically identified Microsoft Edge and Aloha as browsers that not only collect but also share precise location tracking details with external third-party companies. This practice exposes sensitive user information, such as daily routines and frequently visited places, without explicit and clear user consent for such sharing. The findings raise questions about the data privacy practices of widely used software and the extent to which user data is being monetized or otherwise utilized by data brokers and advertisers.

For businesses, this news is particularly concerning. IT and security teams are responsible for maintaining corporate data security and ensuring employee privacy, and the use of browsers that share location data can create significant compliance and security risks. Unsanctioned data sharing can violate privacy regulations like GDPR and CCPA, potentially leading to legal penalties. Furthermore, precise location data can be exploited in targeted social engineering attacks or corporate espionage. This report serves as a reminder for CTOs and developers to carefully vet all software, including browsers, deployed on corporate devices and to establish clear policies regarding application permissions and data privacy settings.

The sharing of precise location data without clear, explicit user consent undermines user privacy and trust in major software providers. For developers and security teams, it highlights the need to scrutinize the default behaviors and data-sharing practices of all software used within an organization.

For businesses, deploying browsers that share sensitive location data creates significant security and compliance risks. This practice can violate data privacy regulations like GDPR, expose employees to targeted attacks, and potentially leak confidential information related to company activities and locations, leading to legal and financial repercussions.