
Foursquare constantly tracking users' locations - valverde
http://blog.valverde.me/2014/01/07/foursquare-constantly-tracking-users-locations/
======
joshbaptiste
The second portion of the post which explains how to capture traffic leaving
your device is more informative and probably should have been the main thesis
rather than focusing on Foursquare's non-surprising use of constant geo
location updates.

~~~
valverde
Thank you for the feedback. That was my original intention, but seeing the
constant location updates from Foursquare while writing the article surprised
me (admittedly not too much).

~~~
Breefield
While recently digging into CoreLocation's CLLocationManager recently I also
discovered that any app which is given location privileges can be saving your
location every 10 min in the background. It was a surprise to me too.

~~~
tlack
This, along with the M7 motion co-processor in the new iPhone 5S, and Apple's
pretty substantial investment in iBeacons, tells me that Apple sees the future
of the iOS ecosystem as a series of experience-enhancing physically-aware
ambient apps.

(The kind of apps that require a good notification center - like the one in
iOS7 - cuz they're spewing so many little bits of suggestions at you.)

I suspect Apple will tread carefully in these waters, but initial signs are
worrisome. Let's hope that they can figure out the personal analytics thing
and work in some privacy with it too. They're not an ad company, so it's
possible. :)

------
fintler
It was enabled for me by default, but the iOS location icon is always
displayed on the Springboard when it's being used.

Also, Foursquare will constantly send you notifications saying "It looks like
you're near Foobar, would you like to check in?". They make it very, very
obvious that they're tracking your location.

It was a quick matter of going into preferences and looking to see what
applications used location services recently to fix things up. The biggest
offenders were Foursquare and the Google app. I ended up turning Google off
completely, and disabled Foursquare except for when I have the app open.
Problem solved.

~~~
kkwok
Have you seen noticeable battery life improvements?

~~~
fintler
No. However, this is a newer iPhone 5 and I plug it in every night -- so I
really don't pay attention to the battery.

Older models, or not plugging it in every night, might show something
different.

------
spellboots
Is this not the entire point of Foursquare?

~~~
amirmc
Seems like you're commenting based only on the title. Here's the first
sentence of the article:

 _" It might sound weird to accuse Foursquare of collecting location data
since that is the whole point of the service, but Foursquare is overstepping
its bounds by constantly keeping track of their users' every move (and more) —
even if they never open the app."_

~~~
hdouble
Hard to blame Foursquare which you need to install while Google itself is
doing it on Android phones to track when Android phones enter stores.

[http://digiday.com/platforms/google-
tracking/](http://digiday.com/platforms/google-tracking/)

~~~
charleslmunger
[https://support.google.com/websearch/answer/3402922](https://support.google.com/websearch/answer/3402922)

"This feature turns on when you opt in to Google now. "

Opt in, not opt out.

------
newman314
I wish there was an OS option that does the equivalent of "Only permit
location based service calls when app is open and active"

I want the option of enabling Yelp only when I use Yelp etc.

~~~
37prime
I beleive that in iOS 7 you could disable Background App Refresh for apps like
Foursquare and Yelp.

~~~
stevenp
This is true, and Foursquare does use Background Refresh, but I don't believe
that encompasses background location updates, so changing the setting to
disable them in Foursquare is still necessary.

------
drdeadringer
A company focused on enabling users to report their own locations... knows the
locations of their users.

I am not surprised.

~~~
prodigal_erik
A service known for letting you announce your location ... now knows your
location even when you haven't announced it.

------
chubot
BTW here is a nice project I came across that should do the same thing as
Fiddler, but it's for Linux rather than Windows:

[http://mitmproxy.org/](http://mitmproxy.org/)

To decrypt HTTPS you follow the same procedure of installing a root
certificate on your phone.

~~~
205guy
There is also burp
([http://portswigger.net/burp/](http://portswigger.net/burp/)) that is
distributed as a JAR.

------
msoad
Because of this I assume companies will start encrypting their JSON to make it
impossible to see what is going through their application. A lot of lawsuits
can start from this kind of exploring.

~~~
valverde
Making it impossible is impossible. They might make it more difficult.

~~~
spellboots
On iOS this isn't necessarily true under certain constraints.

They can make it impossible given the device is not jailbroken. Sometimes
there are versions of iOS that are un-jailbreakable. If you are not Apple, it
could very well be impossible to figure out what an app is sending to a remote
service if it gets its cryptography right.

Edit: thinking about it, although it may be impossible to MITM the connection,
presumably one can inspect the compiled application to determine what it would
send, so I think I was wrong about this

~~~
ID_HOME
Apple doesn't have the best track record around auditing software for
obfuscated functionality. The OS is built around the assumption that an app
can misbehave without risking the user's resources. Of course, jailbreaking
disproves this.

------
devinegan
The WiFi scan data is interesting. I guess Google maps cars have made it ok
for corporations to War Drive at massive scale. But using your users devices
to do it for you is interesting.

------
AndrewTerry
FWIW, in the IOS version of the app, the offending check box appears to be
disabled by default.

(I certainly didn't disable it, so I can only assume that's the state from
install).

~~~
valverde
Interesting. I created a test account just to be sure I hadn't accidentally
opted in before and, sure enough, it was enabled.

------
angryasian
I'm pretty sure there are a lot of apps that have similar behavior. I know at
one time Twitter and Facebook did something similar.

~~~
soneca
Does Facebook still do that? Do you remember where you read that it did at one
time?

~~~
valverde
I had Facebook installed while investigating for this article, and could not
identify a similar behavior.

Google, on the other hand, did the exact same thing, but I remember explicitly
agreeing to that.

~~~
soneca
valverde, my startup www.frequento.com.br/parceiros works on a related topic,
would love to talk to you about it.

I just added you on LinkedIn (Rodrigo Pontes), or email me.

------
nikoftime
I'm on an iPhone 5S and it significantly diminishes my working battery life
unless I manually close the app.

------
chippy
Does this also work if the user has signed out of Foursquare? (on Android?)

------
jgalt212
growth hacking

