The Microsoft Phone Link (formerly known as “Your Phone”) app for Windows, Android, and iOS lets you access parts of your smartphone from within Windows. However, Microsoft has not built the service with your privacy in mind. Instead, the software behemoth relays your personal data through its servers, despite the app only working while your devices are connected to the same local network.
The Microsoft Privacy Statement (February 2023) doesn’t expressly state that Microsoft relays your personal data through its servers. The app‘s requirement for both devices to be on the same local network leads customers to believe that their data is transferred directly between their devices. That’s obviously how this should work, right?
However, in my testing, neither Windows nor Android made direct device connections when using most app features. Crucially, your personal data, such as text messages, clipboard contents, recent photos, and notifications, are not transferred directly over the local network. Notifications may contain sensitive information from your apps, such as the subject and contents of private messages and emails, security codes from authentication apps and texts, caller identities, etc.
I contacted the Microsoft Privacy Team and requested it to clarify some of the vaguer parts of the Microsoft Privacy Statement regarding the Phone Link feature.
Privacy-conscious consumers will realize they have no guarantees that Microsoft doesn’t scan, retain, or do anything else with the data that needlessly passes through its servers. The most charitable interpretation of the same-network requirement is that Microsoft aspires to transfer data locally, but it hasn’t yet made it work.
The same-network requirement might be a privacy measure designed to prevent an abusive partner from spying on your usage of your phone while you’re away from your computer. Microsoft apparently did not consider it a problem that it can spy on all your data as it passes through its servers.
It’s a feature; not a bug.
If you care about privacy, you might want to consider using alternatives to the Microsoft Phone Link app. The leading free and open-source contender is KDE Connect. It transfers your data encrypted and directly between your devices over the local network. It even lets you connect multiple computers, not just your computer and a smartphone. However, KDE Connect doesn’t support screen mirroring, one of Phone Link’s key selling points. Other free and open-source apps for screen mirroring are available, but they’re more difficult to use than Phone Link.