Foursquare for iPhone v1.9.2 arrives with SSL support

An update to the foursquare iPhone app is now available in the app store. v1.9.2 brings “SSL support” and “API updates.”

Adding SSL support solves a potential security issue that has existed since foursquare’s first app: passwords were sent in clear text without any encryption. If a hacker had access to any routers between you and foursquare, or if you were connected to public WiFi where someone was intercepting HTTP requests, your password could potentially have been compromised.

With SSL, passwords are sent over HTTPS in encrypted format, so they’re only readable by the end server.

This is a common problem that affects a number of products, including foursquare rival Gowalla. They say they’ll be releasing a new client soon that fixes the issue.

Although this problem has existed since last year, no one had called any attention to it until Martin Kou noticed it and blogged about it on August 22. The story hit Slashdot and other tech news sites. That evening foursquare responded with a post on their blog saying an update would be available shortly.

It’s not clear exactly what the “API Updates” include. There are no visible changes to the app.

You should update the app as soon as possible to prevent any possibly security issues.

UPDATE: The Android app has been updated with SSL support, as well. A WebOS update will be available tomorrow later this week (see Geoff’s comment below) and a BlackBerry update next week.

No related posts.

This entry was posted on August 31, 2010, 12:12 pm and is filed under Buzz. You can follow any responses to this entry through RSS 2.0. Both comments and pings are currently closed.

Comments (3)
Trackbacks (1)

#1 by Michael Bauser on August 31, 2010 - 2:32 pm

Android app also has a new version today, listing “SSL support” in the change.log
#2 by Geoff on August 31, 2010 - 4:02 pm

To clarify, I’ll be submitting the updated webOS app to Palm tomorrow, so it might not be available until Thursday, Friday at the latest.
#3 by prowse! on November 27, 2010 - 8:24 am

Unfortunately, SSL-ing the API or app is 10 impossible and 2) only for the login and ineffective. The WHOLE site must be made SSL. My account was attacked through the clever use of FireSheep, the culprit got in to the NON-ssl settings page, changed my email to theirs (no verification of email changing is used in foursquare), and then my password – which is probably verified via email, but at this point it was the culprit’s email. Get it?

SSL “support” comes from the certificate on the SERVER, not solely from within an app. Also, as yet, via Zendesk help, I have not recieved any information regarding the return of my “stolen” account.

foursquare for iPhone1.9.2リリース - 4sqWalker

Comments are closed.

- API Apps
- B-Roll
- Badges
- Business
- Buzz
- Foursquare FAQ
- Fun
- Mobile Apps
  - Android
  - iPhone
- Podcast
- Specials
- Tips
- Untappd
Follow us on foursquare

About Foursquareon
Recent Tweets
- RT @4sqSoDak: Salute your country--follow U.S. Marine Corps on @foursquare - https://t.co/HYm6MYou about 10 hours ago Reply Retweet Favorite
- RT @hust0058: My post about the Super Cars on foursquare in @indystar. #social46 #superindy @visitindy http://t.co/rPYjWTXN about 13 hours ago Reply Retweet Favorite
@aboutfoursquare
Contact

This site is not affiliated with, endorsed or certified by Foursquare Labs, Inc. All of the foursquare™ logos (including all badges) and trademarks displayed on this site are the property of Foursquare Labs, Inc.

Tips? Ideas? Email us at:
tips@aboutfoursquare.com

Interested in advertising on aboutfoursquare.com?
ads@aboutfoursquare.com

Foursquare for iPhone v1.9.2 arrives with SSL support

Recent Tweets

Contact