Mapbox Telemetry

Mapbox SDKs collect anonymous data about the map and device location to continuously update and improve your maps.

Anonymous sensor data helps find missing roads, determine road speeds and traffic, and classify biking and walking transit routes in cities. This data contributes to a better map of our world for your users.

Making a better map

We use telemetry from all Mapbox SDKs to improve our map, directions, travel times, and search. We collect anonymous data about how users interact with the map to help developers build better location based applications.

Location telemetry is critical to improving the map. We use the data to discover missing roads, determine turn restrictions, build speed profiles, and improve OpenStreetMap.

New streets: Location data is used to identify new streets, hiking trails, and bike paths.
Turn restrictions: Sensor data helps us better understand turn restrictions and identify one-way streets.
Speed profiles and traffic: Understanding posted and time-sliced real-world speeds improves traffic modeling and routing.
Lane detection: High-definition mapping requires intra-road analysis of lane counts and types.

A minimal footprint

As developers we understand the resource constraints of mobile platforms. Our data collection has been optimized in collaboration with developers in our community and has been field tested with millions of users. As a result, we can improve maps without any noticeable impact on an application's footprint.

Telemetry, not tracking: no ads or advertising data

We do not record advertising identifiers (IDFA on iOS, AAID on Android), so the data cannot be employed for targeted advertising.

Consumer opt-out

Users should be in charge of their own location data. Developers employing our Maps SDKs for iOS and Android are required by Mapbox to provide the ability for users to opt out of location telemetry reporting and must provide a location opt-out feature within the settings of any native app.

Law enforcement

We support and honor the hard work of law enforcement officials to protect citizens' safety and security, but we operate within a climate of heightened government interest in personal data.

Our stated Law Enforcement Guidelines note that we will only disclose user content – including maps, location information or other data – in response to a probable cause search warrant. If we have a good-faith belief that there is an emergency involving the danger of death or severe physical injury, we may also provide the limited information necessary to prevent that harm, if we have it.

Protecting Users’ Location Data From An Unconstitutional Search

SSL and data security

We secure all telemetry on-device and in transit to our servers. Communication between our SDKs and servers is via SSL/TLS. We publish the certificates in our source code:

  • iOS (Digicert, GeoTrust)
  • Android (Digicert, GeoTrust)

This practice is called certificate pinning and is best-practice in the industry. TLS/SSL pinning is used to ensure only Mapbox receives the data produced by Mapbox clients, and prevents Mapbox clients from reporting to a hostile network operator or other third party that is attempting to intercept network traffic.

Our SDKs also check for certificate revocation. We pin to multiple certificates issued by authorities that support the Online Certificate Status Protocol (OCSP). OCSP makes some attempts to intercept traffic impossible and others more difficult. (iOS natively supports certificate revocation checking.) SSL pinning and OCSP go a long way toward securing communications, but security best practices and technology are evolving quickly. We continue to iterate on our approach and are considering additional technologies such as Domain Name System Security Extensions.

Once it reaches our servers, data remains encrypted using industry best practices, including hardware security modules designed to be tamper-proof. No one has access to the master keys.

Access to mobile data within our infrastructure is restricted. Access to all of the involved infrastructure is constantly and automatically audited and reviewed by multiple members of our security team.

Telemetry

Event telemetry

Mapbox SDK clients record data on the following classes of events. Examples of each are provided.

  • Accounting and billing: Map loads, search sessions, offline map downloads, "turnstile" events to count monthly active users (MAUs)
  • Feedback about problems: App crashes, mid-trip navigation rerouting, improperly overlapping turn-by-turn instruction audio, user-submitted feedback
  • Data to improve our maps & services: Anonymous location data, significant differences between mapped and observed speed limits, whether the top result from a search was selected, Vision SDK detections of objects like stop signs

Event attributes

Mapbox SDK clients report the following identifiers and metadata with every event. This data is not used to create or maintain records about individuals.

  • IP address: Necessary to deliver data across the internet, as well as to manage abuse and ensure service availability. We delete IP address data automatically after 30 days.
  • Session and instance identifiers: UUIDs recording the installation of the app and its specific use, including the IDFV in iOS
  • App ID: Application identifier
  • Device data: OS type, device model
  • Connectivity data: Whether the device is connected via wifi, CAT5, or cellular data
  • View data: The device orientation, screen resolution, and font scaling
  • Timestamp: the time and date of the event

The above event data is collected in batches and reported to Mapbox asynchronously.

Questions?

We believe we have a responsibility as developers to safeguard user privacy. If you have any questions please email privacy@mapbox.com and someone from our team will be in touch with you.