A few months ago I went to Las Vegas to watch U2 at the Sphere. When I learned that I needed to open the app or website in order to get in I panicked in fear of the shitty internet that is common in massive events, so I opened my tickets since I left the hotel. Unless this stuff works completely offline, it is a terrible idea.
I used to work or a mobile event app company that made a lot of the big festival/conference apps. Everything was built to function locally from a sqlite file on your phone that was constantly updated when you did have coverage.
It was 100% expected that you would have no cell signal the entire event and we built in as many mitigations as we could think of.
This was 2013ish, I think there are a lot more mesh network devices that can relay signal nowadays but I'm not involved anymore in that stuff.
It was the best on-call I've ever had because.. nobody had cell signal while the event was on to complain about something.
This person complains that people didn't have network access on their phones when they were at the gate. I can only assume that they waited till they were at the gate to install/use the app so it never got its offline data.
Always open your event apps before getting to the event. Sometimes they're completely bare bones and have to reach out and pull that apps specific database so its sure you have the latest. Most of the event apps are a template that is modified for each event and just has different assets/sqlite.
What is the worst that can happen? I have it installed on my iPhone and deny whatever permissions it asks for.
I have enough confidence in the sandbox that "installing an app" is basically never an issue (though I don't out of the principle that most things companies have apps for just shouldn't be apps).
I don't know the worst, but juice is not worth the squeeze in my opinion. If you recall, Ticketmaster was just recently hacked, so the worst pretty much happened in that any data they had collected on their users is potentially been leaked. So if they can't protect that data, then I'm not participating in giving them data.
Sure, but the data you give them is pretty much a condition of attending their shows, not whether you use their app, Chrome, or a PC in the library to buy the ticket. Regardless, they will get some contact and basic financial info for you unless you avoid all their concerts (which is certainly a principled and defensible choice!)
They do not need to know my address, my phone number, credit card number or any of the other BS that "they need" including my name. Their website has a ton of trackers uBlock blocks, so their website is trying to collect even more data than what their "forms" request.
Of course they list those things as things the app 'collects,' because the app literally asks you for all that info as billing info when you buy tickets in that app and when you provide it, it collects it. The app isn't somehow extracting your personal info from some API. Yes, it's probably got the same adtech as the next app, but overall it's just collecting what you tell it.
If anyone is in the situation that they need to put an untrustworthy app on their android device, the "work profile" feature can segment it off further.
For the past 9 years, Android has allowed users to disable location permission per app. More recently, you can choose to share "noisy" location, which just provides an approximation of your location.
Great. So an app can plug my IP address into a geolocation query, and might ultimately determine that I'm somewhere in $city. Or maybe the next city over. Or maybe half a continent away.
But sure, this "works" without consent, since there is no extra step to enable networking for an app.
That explains nothing. I'm pretty sure it's talking about info that you type into form fields in the app. Same reason FB "links" your health info even though it has no access to the health info stored by your OS.
The same applies if you use their website. It'll still ask for that info with a web form.
You're implying that the data from the app is stored in a different more secure manner than the data from the website? That makes zero sense. The fact that they got hacked and is the only thing that matters, not which mode of input you provided the data they did not protect.
No, I'm asserting that the app acquires as much data as the website (ie. whatever you typed into their forms) and it gets leaked all the same. Refusing to install the app makes no sense if you still use the website
An app absolutely can track more data than a website. You don't have the website open/active on your phone at all times, but you have the app installed at all times, even when it's not running.
You do know that apps can record data in the background, right?
A website is also sandboxed by your browser in a much stricter manner than an app is on your phone, at least by default.
I don't have specific information on the Ticketmaster app here, but to say that an app is the same as website from a tracking perspective on a phone is absurd.
My point is that you and the other guy are just making stuff up and spreading misinformation. At the API level, an app that doesn't have the user's explicit permission to get location, camera, run in the background, etc is not that different from a web app. My question was obviously rhetorical.
So your position is that an app installed on my phone is not able to track or collect any more data, and does not have access to any other information, than a website that I load in my device browser (assuming I log into that website with the same credentials I use in the native app)?
I agree that this might be true in some cases. Note that I never said or implied that an app could do things without permission - but my fault if that wasn't clear.
Now, that said, would it perhaps be fair to say that the average user is much more likely to grant additional permissions to a native app on their phone than they would to a website?
If a website asks for your location, or access to the camera or to your contacts or whatever, I think many people would refuse. There's still a sense that a website is "out there" on the Internet, and you shouldn't necessarily trust it.
But when an app you've installed on your device asks for these things, in order to "operate properly" or provide functionality, then I think people are much more likely to grant it.
After all they've installed the app on their device, they've already trusted the vendor that much, it's only an incremental step at this point.
And once the device does have this elevated access, and access to more data, then there are absolutely more opportunities to collect data on users without their understanding.
I say "understanding" here rather than "consent" because typically consent is given via some long and complicated T&Cs that no one reads. Which is of course on the user, but again if you don't grant permission in the first place (because you're on a website not an app), it's not a problem.
And we have historically seen that some companies (not all companies of course) take advantage of this app access to collect data for themselves without your knowledge. I hope that part isn't up for debate here..
Well, as it also notes, it works offline if you remember to open the ticket before you get there, and they don't (or at least didn't used to) give you sufficient warning. I found out that's how it works the hard way when it was new by having to walk a half mile back from the venue to get service to load the tickets.
There's also the chance the ticketmaster app won't work properly later even if you did do it. I've had other apps shit the bed for no apparent reason in offline mode before. I add them to my wallet now just in case.
Sure, I'm just reacting because TOTP is like the textbook example of a system designed to work without interactive access to a networked resource. The whole as TM designed it has crappy affordances, but you could fix that without breaking the design.
Why though? Lord knows I hate Ticketmaster as much as everyone else but “airline model” sounds fucking terrible. I hope I never see the day where I’m removing belts and shoes to get into a concert.
To be fair though I always get at least somewhat reasonable concert prices by doing presale. Sign up for the artist’s “presale club” and/or get the credit cards that have presale as a perk. Get in queue ahead of time. You won’t have to deal with the dynamic pricing/public sale shenanigans that we hear about. On Reddit I often see people complaining about paying at least 2x what I paid for similar tickets.
Recent experience for a large stadiums event suggests they have fixed the notifications. I got a lot of notifications encouraging me to a) charge my phone and b) download the ticket before arrival.
