Archive for July, 2010

Foursquare passwords sent in clear text!

Thursday, July 15th, 2010

I had a look at Foursquare recently as a few of my colleagues were using it. One of the apps I downloaded was FourSquareX .

I was really surprised by a message on the logon screen saying that passwords are sent in clear text:

FourSquareX warning screen showing that password is sent in clear text.

I figured this might just be for the API but decided to investigate whether this is also the case on the main site and it seems it is. Running LiveHTTPHeaders you can see the following when you log on to foursquare.com (I’ve put some asterisks in to remove user identifiable stuff):


F***231419577AFW=true&F*****1419575D1V=********%40gmail.com&password=4square

(this is the same on the ‘/mobile/’ site)

And when you change your account password (in this example to ‘nothidden’):

-----------------------------*****591617307847261632891267
Content-Disposition: form-data; name="****2314598660HU"
nothidden
-----------------------------*****591617307847261632891267
Content-Disposition: form-data; name="****231459867BB4"
nothidden

I’m really surprised at this as it means a packet sniffer could easily pick out your password. It also suggests a relaxed attitude towards sending and maybe even storing users data. I wouldn’t be surprised if the smartphone apps (such as the Android one) also send password details in clear text although I haven’t tested this hypothesis.

So, if I keep using it I will definitely use a unique password for Foursquare.com and not store any sensitive data in your account. Like my erm.. email, date of birth, where you’ve been for the past few days for example…

Posted in Android, FourSquare, GPS, Gaming, Security, Uncategorized, iPhone | No Comments »

App Inventor for Android

Wednesday, July 14th, 2010

Now even your cat can program…

I was actually really disappointed that the cat didn’t start coding. Which reminds me of a sketch by Paul Merton which took the p*** out of the ‘abdominiser’ and Rap’Tou adverts in the UK. He had a piece of flat foam (the ‘abominator’) with some holes in it which claimed to be able to do all sorts of amazing things including ‘teach your cat to play the piano’.

Posted in Android, Fun, SDK | No Comments »

SportyPal Pro / 2 about to launch

Wednesday, July 14th, 2010

I’ve used a few different mobile apps for tracking my runs. I really like AllSportGPS on the Blackberry for the fact that it gives you a lot of feedback on the screen while you are running.

However, since I left my previous company and ditched my BB I have been using SportyPal which also works nicely and is free although isn’t as feature rich. They have just announced SportyPal Pro (or 2, they don’t seem to have decided the branding yet). I’m guessing the ‘pro’ title means there will be a charge for the product. I think up until now they have relied on advertising on their website.

SportyPal 2

SportyPal 2

Of course, if you don’t want to be hauling a device around with you then there is the Garmin Forerunner but maybe that isn’t quite geeky enough. I quite like things like the ‘race’ option on AllSportGPS where you can watch on the map where your ‘former self’ was on the run at the same time.

Tags: , , , , , ,
Posted in AllSportGPS, Android, Cross Platform, GPS Running, GPhone, Sporty Pal, SportyPal | 1 Comment »

Fitaly on Android (update)

Tuesday, July 13th, 2010

Thanks to Google Analytics I know that quite a few visits to this site are for people looking for a version of Fitaly running on Android.

I’ve found a great resource if you are interested in a ‘quick and dirty’ coded version for Android here.

What is particularly nice is that he has included the source code and links to other useful input resources. However, interesting to note he still prefers using Swype. I wonder if Swype would consider allowing you to redesign the keyboard so you could get a Fitaly and Swype mashup :-)

Posted in Fitaly, GPhone, Input, SDK, Swype, UK | 1 Comment »

Swype built in on Droid X

Thursday, July 8th, 2010

Good to hear that Swype will be included on the Droid X from Motorola. I reported on Swype and the Shark technology to which it bears a striking resemblance a while back. Having used it on a Nexus One I can say that the latest version makes entering text a lot faster than lots of tapping on the screen.

Link to engadget article about Droid X with Swype here.

I also found this comment by one of the creators of Swype that says that the Swype technology was actually patented before the Shark technology from IBM was created and the two were developed separately in parallel.

Tags: ,
Posted in Input, Uncategorized | No Comments »