Making a better map
We use location telemetry from all mobile Mapbox SDKs to improve our map, directions, travel times, and to provide aggregate insights
Location data is used to identify new streets, hiking trails, and bike paths
Sensor data helps us better understand turn restrictions and identify one-way streets
Speed profiles and traffic
Understanding posted and time-sliced real-world speeds improves traffic modeling and routing
A minimal footprint
As developers we understand the resource constraints of mobile platforms. Our data collection has been optimized in collaboration with developers in our community and has been field tested with millions of users. As a result, we can improve maps without any noticeable impact on an application's footprint.
Telemetry, not tracking: no ads or advertising data
We do not record advertising identifiers (IDFA on iOS, AAID on Android) with our location telemetry, so the data cannot be employed for targeted advertising.
Users should be in charge of their own location telemetry data. Developers employing our Maps SDKs for iOS and Android are required by Mapbox to provide the ability for users to opt out of location telemetry reporting and must provide a location opt-out feature within the settings of any native app.
Our stated Law Enforcement Guidelines note that we will only disclose user content – including maps, location information or other data – in response to a probable cause search warrant. If we have a good-faith belief that there is an emergency involving the danger of death or severe physical injury, we may also provide the limited information necessary to prevent that harm, if we have it.
As a practical matter, we quickly anonymize the location telemetry data we receive and do not attempt to track individuals. We do not believe this... Read more
As a practical matter, we quickly anonymize the location telemetry data we receive and do not attempt to track individuals. We do not believe this type of information is of interest or practical use to law enforcement. Per our transparency report, Mapbox has never received a government request for user location data.
SSL and data security
We secure all location telemetry on-device and in transit to our servers. Communication between our SDKs and servers is via SSL/TLS. We publish the certificates in our source code:
- iOS (Digicert, GeoTrust)
- Android (Digicert, GeoTrust)
This practice is called certificate pinning and is best-practice... Read more
This practice is called certificate pinning and is best-practice in the industry. TLS/SSL pinning is used to ensure only Mapbox receives the data produced by Mapbox clients, and prevents Mapbox clients from reporting to a hostile network operator or other third party that is attempting to intercept network traffic.
Our SDKs also check for certificate revocation. We pin to multiple certificates issued by authorities that support the Online Certificate Status Protocol (OCSP). OCSP makes some attempts to intercept traffic impossible and others more difficult. (iOS natively supports certificate revocation checking.) SSL pinning and OCSP go a long way toward securing communications, but security best practices and technology are evolving quickly. We continue to iterate on our approach and are considering additional technologies such as Domain Name System Security Extensions.
Once it reaches our servers, data remains encrypted using industry best practices, including hardware security modules designed to be tamper-proof. No one has access to the master keys.
Access to mobile data within our infrastructure is restricted. Access to all of the involved infrastructure is constantly and automatically audited and reviewed by multiple members of our security team.