This is the preliminary Geolocation API Implementation Report. It is based on the test suite as it appeared on 21 February 2011.
| Test | Chrome 9 | Android Honeycomb | Safari 5 | Firefox 3.6 | Opera |
|---|---|---|---|---|---|
| Test 00001: user denies access, check that error callback is called with correct code | PASS | PASS | PASS | PASS | |
| Test 00002: user allows access, check that success callback is called or error callback is called with correct code. | PASS | PASS | PASS | PASS | |
| Test 00018: call getCurrentPosition, check that there's UI appearing with the document host | PASS | PASS | PASS | PASS | |
| Test 00019: call watchPosition, check that there's UI appearing with the document host | PASS | PASS | PASS | PASS | |
| Test 00141: user asked to approve/remember, then asked to revoke, then reload. The permission dialogue should reappear. | PASS | PASS | PASS | PASS | |
| Test 00142: user asked to deny/remember, then ask to revoke, then reload. The permission dialogue should reappear | PASS | PASS | PASS | PASS | |
| Test 00026: check that window.navigator.geolocation exists and is of type 'object'. | PASS | PASS | PASS | PASS | |
| Test 00150: check that the geolocation property of window.navigator is enumerable. | PASS | PASS | PASS | PASS | |
| Test 00027: call getCurrentPosition without arguments, check that exception is thrown | PASS | PASS | PASS | FAIL | |
| Test 00011: call getCurrentPosition with null success callback, check that exception is thrown | PASS | PASS | PASS | FAIL | |
| Test 00013: call getCurrentPosition with null success and error callbacks, check that exception is thrown | PASS | PASS | PASS | FAIL | |
| Test 00028: call getCurrentPosition() with wrong type for first argument. Exception expected. | PASS | PASS | PASS | FAIL | |
| Test 00029: call getCurrentPosition() with wrong type for second argument. Exception expected. | PASS | PASS | PASS | FAIL | |
| Test 00030: call getCurrentPosition() with wrong type for third argument. No exception expected. | PASS | PASS | PASS | FAIL | |
| Test 00031: Check that getCurrentPosition returns synchronously before any callbacks are invoked. | PASS | PASS | PASS | PASS | |
| Test 00058: call watchPosition with no arguments, check that exception is thrown | PASS | PASS | PASS | FAIL | |
| Test 00015: call watchPosition with null success callback, check that exception is thrown | PASS | PASS | PASS | FAIL | |
| Test 00017: call watchPosition with null success and error callbacks, check that exception is thrown | PASS | PASS | PASS | FAIL | |
| Test 00059: call watchPosition() with wrong type for first argument. Exception expected. | PASS | PASS | PASS | FAIL | |
| Test 00060: call watchPosition() with wrong type for second argument. Exception expected. | PASS | PASS | PASS | FAIL | |
| Test 00061: call watchPosition() with wrong type for third argument. No exception expected. | PASS | PASS | PASS | FAIL | |
| Test 00062: check that watchPosition returns synchronously before any callbacks are invoked. | PASS | PASS | PASS | PASS | |
| Test 00151: check that watchPosition | PASS | PASS | PASS | PASS | |
| Test 00080: Test that calling clearWatch with invalid watch IDs does not cause an exception. | PASS | PASS | PASS | PASS | |
| Test 00123: call getCurrentPosition with wrong type for enableHighAccuracy. No exception expected. | PASS | PASS | PASS | PASS | |
| Test 00124: call watchPosition with wrong type for enableHighAccuracy. No exception expected. | PASS | PASS | PASS | PASS | |
| Test 00086: set timeout and maximumAge to 0, check that timeout error raised (getCurrentPosition) | PASS | PASS | PASS | FAIL | |
| Test 00088: set timeout and maximumAge to 0, check that timeout error raised (watchPosition) | PASS | PASS | PASS | FAIL | |
| Test 00091: check that a negative timeout value is equivalent to a 0 timeout value (getCurrentLocation) | PASS | PASS | PASS | FAIL | |
| Test 00092: check that a negative timeout value is equivalent to a 0 timeout value (watchPosition) | PASS | PASS | PASS | FAIL | |
| Test 00095: check existence of timestamp attribute, and correct type | PASS | PASS | PASS | PASS | |
| Test 00152: check for latitude and longitude. | PASS | PASS | PASS | PASS | |
| Test 00104: check type of altitude | PASS | PASS | PASS | PASS | |
| Test 00153: check for accuracy property. | PASS | PASS | PASS | PASS | |
| Test 00105: check type of altitudeAccuracy | PASS | PASS | PASS | PASS | |
| Test 00106: check type of heading | PASS | PASS | PASS | PASS | |
| Test 00107: check type of speed | PASS | PASS | PASS | PASS | |
| Test 00108: check that the error type exists and that its attributes have the right numeric value | PASS | PASS | PASS | FAIL | |
Location information tests:
Note: The inclusion of the following web sites in this implementation report does not imply any endorsement by the Geolocation Working Group. When filling out this implementation report, we did not test the actual implementations, but looked at the claims made by the various web sites in Terms of Use and Privacy Policy statements.
| Test | google.com/latitude | twitter.com | flickr.com/map - User not logged in |
|---|---|---|---|
| only requested when necessary | The purpose of this service is to share your location with friends. The location is requested immediately after login. | Location is only requested after the user has explicitly specified that he/she wants to attach location information to a tweet. | Location is only requested once the user clicks on the "Find my location" button. |
| only used for the task | Task: Find your friends on a map and share where you are with the friends you choose. The Google privacy policy states: [...] we may use the information we collect to: Provide, maintain, protect, and improve our services (including advertising services) and develop new services. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use. |
Task: Location information is added to individual new Tweets on Twitter.com and via other applications/mobile devices that support this feature. | Task: Submit your location in order to view Flickr images geotagged with locations near you. Yahoo Privacy Policy states that "Yahoo! may access, store, and use the location information described above to provide location-aware products and services (such as Yahoo! Local), serve advertising, search results, and other content. Other uses of location information may include determining the appropriate language for presenting a website and assisting in the detection of fraud and abuse." |
| dispose of when the task is completed, unless expressly permitted | The location information is stored until the user manually deletes it. | Location data attached to tweets by default becomes public information the moment it is submitted. Twitter stores the location information that is publicly displayed with a Tweet for as long as the Tweet exists. (http://support.twitter.com/groups/31-twitter-basics/topics/111-features/articles/78525-about-the-tweet-location-feature) | We're unable to find confirmation in Yahoo's Privacy policy on Data Storage and Anonymization that the location data is NOT deleted. |
| protected against unauthorized access | The location data is accessible to the users and their specified friends. The Google privacy policy document (http://www.google.com/intl/en/privacy/privacy-policy.html) includes details on protection in the "Information security" section. | Location data attached to protected tweets is only accessible to manually approved recipients (http://support.twitter.com/groups/31-twitter-basics/topics/113-online-safety/articles/14016-about-public-and-protected-tweets) | Yahoo's Security policy statement suggests that this information is sufficiently protected. |
| if stored, made available for update and deletion | Location history management interface: https://www.google.com/latitude/b/0/history/manage |
Twitter provides an interface that lets users delete all location information from your past tweets. It also lets users delete individual past tweets. | N/A |
| makes a clear statement about their retransmission policy | Location data is only shared with other users that have been explicitly added (as "Friends"), which falls under the "express permission" definition. The Terms of Service for Google Latitude state that "By using Google's mobile products and services you consent to the collection, use, sharing, and onward transfer of your data." Location data can also be shared with third party applications via the Latitude API under the Google Latitude API Terms of Service. | All tweets with location data attached are retransmitted via Twitter's API and SMS service and made available to third party recipients under Twitter's terms of service http://dev.twitter.com/pages/api_terms | Yahoo's Privacy policy on location data: http://info.yahoo.com/privacy/us/yahoo/location/ . |
Recipients disclosure tests:
| Test | google.com/latitude | twitter.com | flickr.com/map - User not logged in |
|---|---|---|---|
| location information is being collected | The Google Latitude UI explicitly shows the user's location on a map. | The Twitter UI clearly displays the location information right below the tweet input field. | Location data is only requested when the user clicks on the "Find my location" button. |
| for what purpose it is collected | "Find your friends on a map and share where you are with the friends you choose." (https://www.google.com/latitude/b/0) |
The purpose of collecting the location information is clearly stated in the settings UI. | The purpose of clicking on the button to "Find my location" should be quite clear to the user from the world map context and the already displayed geotagged images there. |
| how long it is retained | The service history management UI makes it clear that the location data is kept until manually deleted by the user. | From the settings page: "When you tweet with a location, Twitter stores that location. You can switch location on/off before each tweet and always have the option to delete your location history." | No information at all is disclosed to the user. |
| how it is secured | The location data is accessible to the users and their specified friends. The Google privacy policy document (http://www.google.com/intl/en/privacy/privacy-policy.html) includes details on protection in the "Information security" section. | Location data attached to protected tweets is only accessible to manually approved recipients (http://support.twitter.com/groups/31-twitter-basics/topics/113-online-safety/articles/14016-about-public-and-protected-tweets) | No information about the security of the data being transmitted (and it is unencrypted). |
| how it is shared | Location data is only shared with other users that have been explicitly added (as "Friends"). The Terms of Service for Google Latitude state that "By using Google's mobile products and services you consent to the collection, use, sharing, and onward transfer of your data." Location data can also be shared with third party applications via the Latitude API under the Google Latitude API Terms of Service. |
All tweets with location data attached are retransmitted via Twitter's API and SMS service and made available to third party recipients under Twitter's terms of service http://dev.twitter.com/pages/api_terms | Yahoo's Privacy policy on location data is linked to from the flickr.com UI: http://info.yahoo.com/privacy/us/yahoo/location/ . |
| how it may be accessed/updated/deleted | Location history management interface: https://www.google.com/latitude/b/0/history/manage |
All location information from past tweets can be deleted from the settings page. | N/A |