Starbucks Quickly Updates iOS App To Stop People Stealing Your Coffee

sbux

Following yesterday’s report that the official iOS Starbucks app was storing users’ credentials, passwords and GPS location in plain text — a big security no-no — the Seattle coffee maker has quickly pushed an update that seemingly resolves the issue. Or does it?

As we previously reported, security researcher Daniel Wood initially spotted the Starbucks app’s vulnerability. Alerting Starbucks of the issue, he then downloaded an updated version of the app which Starbucks claimed contained “adequate security measures,” only to find that little had changed: all your user data, email addresses, passwords and even your GPS location are stored in plain text. The story blew up, and Starbucks’ CIO wrote an open letter, saying it would be fixed.

Given all of this, it’s a little hard to know what to make of the Starbucks app’s 2.6.2 update, which promises “additional performance enhancements and safeguards.” Last time Starbucks claimed they’d fixed this, nothing had really changed. Could Starbucks have really added encryption of some sort to their app so quickly after all the recent fuss, or is this just another panacea?

To be honest, either way, this is probably not something you have to worry about. The only way a hacker could access your Starbucks data this way is if they had physical access to your device, in which case, you’ve got worse problems than someone mooching free coffee from you.

You can download the Starbucks app (and it’s new, more secure update) from the App Store for free.

Related

About the author

John BrownleeJohn Brownlee is a Contributing Editor. He has also written for Wired, Playboy, Boing Boing, Popular Mechanics, VentureBeat, and Gizmodo. He lives in Boston with his girlfriend and two parakeets. You can follow him here on Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , |