[pmjordan]

Any such spoofing protection is of course not real security, as you could still extract the key from the app, or intercept the GPS API calls and feed them false information. So this isn't "having to brute force RSA or AES" level security, just making it slightly harder.

Still, it could be relevant:

It's not quite clear to me what Foursquare's business model is, but if location owners are handing over cash in return for checkins (i.e. new customers or increased repeat business) either indirectly or directly, then as such a customer of Foursquare you'd probably want the system to be less easily gamed - which is the reason I was surprised.

EDIT: the comment by a Foursquare employee blows that theory out of the water - the locations aren't paying them as far as I can tell, and are providing incentives for users on their own accord.