In April this year, Apple Inc., was criticized for a "glitch" that allowed the iPhone to save location data of users. Apple devices running on iOS 4 were discovered by developers to have logged information about their location without users' knowledge. In May, Apple provided an update, known as iOS version 4.3.3, which deletes and disables the location tracker.

In June, CNET reported that Google, like Apple and Skyhook Wireless, gather the hardware IDs -- called MAC addresses -- of phones, laptops and other devices with Wi-Fi connections, along with the devices' locations, in order to map the street addresses of access points and routers around the globe. While this helps users' mobile devices quickly determine locations, CNET pointed out that Google, as well as Skyhook, was making these location databases easily accessible to anyone on the Internet, thus raising privacy concerns. Google and Skyhook Wireless, however, last month took measures to curb access to their databases.

Now Stanford researcher Elie Bursztein is demonstrating at the Black Hat USA 2011 security conference that Microsoft is making available online the locations of Wi-Fi devices without taking privacy precautions. He says that Microsoft's Live.com makes public the precise geographical location of wi-fi enabled gadgets.

"To my surprise, Microsoft's API did not enforce any query restrictions," Bursztein wrote in a blog post. "You can get the location for a single MAC address and do as many queries as you want."

Bursztein recommended that Microsoft adopt some of the same limits that its competitors already have.

According to CNET, Live.com publishes the precise geographical location of Android phones, Apple devices, and other Wi-Fi enabled gadgets. Microsoft, CNET reported, assembled the database -- available at http://inference.location.live.com -- through crowdsourced data gathering from Windows Phone 7 devices andStreet View-esque cars.

In a statement, Reid Kuhn, partner group program manager for the Windows Phone Engineering Team, admitted that Microsoft collects publicly broadcast cell tower IDs and MAC addresses of Wi-Fi access points to provide location-based services.

"If a user chooses to use their smartphone or mobile device as a Wi-Fi access point, their MAC address may also be included as a part of our service. However, since mobile devices typically move from one place to another they are not helpful in providing location," Kuhn stated. "Once we determine that a device is not in a fixed location we remove it from our list of active MAC addresses."

CNET has confirmed how Live.com's interface works independently and also with Bursztein.

Declan McCullagh, chief political correspondent for CNET, noted that Microsoft did not respond to queries whether its database includes only Wi-Fi devices acting as access points, or whether client devices using the networks have been included. He said that if Microsoft collects only the Wi-Fi addresses of access points, the privacy concerns are lessened.

But McCullagh also points out:

* Millions of phones and computers are used as access points.

* While MAC addresses aren't typically transmitted over the Internet, anyone within Wi-Fi range can record a device's Wi-Fi address.

* Microsoft does not appear to provide an opt-out mechanism that would allow someone to remove his or her Wi-Fi address from the Live.com database.

* Microsoft's database extends beyond U.S. locations.

* The Live.com database records the changing positions of the Wi-Fi addresses, meaning it could be used to track the movements of a handheld device.

The Black Hat security conference is scheduled for July 30 - Aug. 2 at Caesar's Palace in Las Vegas, Nevada.