Starbucks iOS App Updated to Secure Personal Information [Updated x2] - MacRumors Forums
Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Jan 17, 2014, 08:35 AM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Starbucks iOS App Updated to Secure Personal Information [Updated x2]




Starbucks has released an update to its iOS app that safeguards customer's personal information stored on the phone. An earlier version of the app saved sensitive information, such as usernames, passwords and location data, in a clear text format. Potential criminals who obtained physical access to a customer's iPhone could download these details with minimal effort.

As announced by Starbucks chief information officer Curt Garner, an updated version of the Starbucks mobile app is available now in the iOS App Store. Though the safeguard measures were not detailed, Garner did confirm that the changes made to app provide "extra layers of protection" for consumers.
Quote:
As promised, we have released an updated version of Starbucks Mobile App for iOS which adds extra layers of protection. We encourage customers to download the update as an additional safeguard measure.
A followup inquiry by The Verge clarified that the app no longer stores personal data in clear text format. Garner encouraged all Starbucks customers to download the latest version of the company's app.

Version 2.6.2 of Starbucks for the iPhone is available for download from the iOS App Store. [Direct Link]

Update: The App Store appears to now be offering the previous 2.6.1 version of Starbucks. It is unclear why the new version has been pulled from the App Store.

Update 2: The new version 2.6.2 has returned to the App Store.

Article Link: Starbucks iOS App Updated to Secure Personal Information [Updated x2]
MacRumors is offline   0 Reply With Quote
Old Jan 17, 2014, 08:39 AM   #2
BJMRamage
macrumors 65816
 
BJMRamage's Avatar
 
Join Date: Oct 2007
still looks like Version 2.6.1 on the store for me.
gotta check to see what my phone says
BJMRamage is offline   0 Reply With Quote
Old Jan 17, 2014, 08:44 AM   #3
JayLenochiniMac
macrumors 601
 
Join Date: Nov 2007
Location: New Sanfrakota
Quote:
Originally Posted by BJMRamage View Post
still looks like Version 2.6.1 on the store for me.
gotta check to see what my phone says
Same here. No idea why that version is showing under available updates and it's already open. Probably a iOS 7 bug that Apple themselves need to fix.
JayLenochiniMac is offline   0 Reply With Quote
Old Jan 17, 2014, 08:50 AM   #4
blcamp
macrumors newbie
 
Join Date: May 2012
Location: Grand Rapids, MI, USA
Look at Version History in App Store

In App Store on iPhone (5, iOS7) it shows 2.6.1 as most recent, then 2.6.2, then an identical 2.6.1 entry again. That's messed up.

I don't have this app but I do enjoy a Starbucks from time to time. Is this app really worth the trouble? I see an awful lot of bad reviews for the app...
blcamp is offline   0 Reply With Quote
Old Jan 17, 2014, 08:52 AM   #5
pdgill
macrumors newbie
 
Join Date: Dec 2008
Seems so fishy to me

So most likely from the moment the app took usernames and passwords it has stored them in plain text. And now once it became public knowledge it only takes a week or less for an update?

Kind of a dick move for Starbucks to only care about our security once they get caught. Typical, probably. But still dick.
pdgill is offline   7 Reply With Quote
Old Jan 17, 2014, 09:00 AM   #6
IvanX
macrumors regular
 
Join Date: Mar 2012
As I said in the other thread on this matter: they won't say what they did to improve security, but expect us to trust them like we did before? Once bitten, twice shy
IvanX is offline   2 Reply With Quote
Old Jan 17, 2014, 09:46 AM   #7
BJMRamage
macrumors 65816
 
BJMRamage's Avatar
 
Join Date: Oct 2007
Quote:
Originally Posted by blcamp View Post
In App Store on iPhone (5, iOS7) it shows 2.6.1 as most recent, then 2.6.2, then an identical 2.6.1 entry again. That's messed up.

I don't have this app but I do enjoy a Starbucks from time to time. Is this app really worth the trouble? I see an awful lot of bad reviews for the app...
you build up "stars" for drinks/food you purchase. after so many stars you get free refills on hot or iced coffees. once you get more stars you get free flavorings or maybe a free drink. Plus, with the app, (and no card info needed) you can download free songs/apps/books of the week (different from the cards in store)

I was given some starbucks gift cards and only use those in the app. i don't really use the app to find a starbucks location and i don't have it connected with passbook.
BJMRamage is offline   1 Reply With Quote
Old Jan 17, 2014, 09:54 AM   #8
iLondoner
macrumors regular
 
Join Date: Nov 2012
Location: London (the big one, not London Ohio, Texas, Kentucky, etc)
App store says 2.6.2 for me.

Didn't exactly fear any outbreaks of world domination and no coffee got stolen in the meantime.
__________________
13" MacBook Air 27" iMac 3TB Fusion 3TB Time Capsule Apple TV 3 iPhone 5 iPad Air
iLondoner is offline   4 Reply With Quote
Old Jan 17, 2014, 10:19 AM   #9
Jessica Lares
macrumors 603
 
Jessica Lares's Avatar
 
Join Date: Oct 2009
Location: Near Dallas, Texas, USA
Quote:
Originally Posted by blcamp View Post
I don't have this app but I do enjoy a Starbucks from time to time. Is this app really worth the trouble? I see an awful lot of bad reviews for the app...
It is worth the trouble to get a card when you get perks along with it. And by perks, meaning 2 for 1 deals on sandwiches, drinks, etc. Plus, the whole half off during happy hour which comes and goes.
__________________
Have You Hugged Your Mac Today?
Daily Expressions | iMac G4 | Late 2011 13" MacBook Pro | iPod Nano (7G) | iPad Mini | iPod Touch (5G) | iPhone 5S
Jessica Lares is offline   0 Reply With Quote
Old Jan 17, 2014, 10:37 AM   #10
citi
macrumors 65816
 
Join Date: May 2006
Location: Simi Valley, CA
Send a message via AIM to citi Send a message via MSN to citi
Quote:
Originally Posted by Jessica Lares View Post
It is worth the trouble to get a card when you get perks along with it. And by perks, meaning 2 for 1 deals on sandwiches, drinks, etc. Plus, the whole half off during happy hour which comes and goes.
It's a great deal really. I never pay cash at starbucks. It's easier to load 5$ on the card and use that for points. Also, the free drink applies to any food or beverage.
__________________
Citi
Macbook Air 1.6 / Macbook Pro (15) 2.2 Quad 8gb ram / mac mini 1.8 4gb / 32gb Ipad Wi-Fi / VeriPhone 5 32gb
citi is offline   1 Reply With Quote
Old Jan 17, 2014, 10:45 AM   #11
iMarc845
macrumors member
 
Join Date: Jul 2008
Location: Rockland County, NY
Post Request to MacRumors: Date- and Time-Stamp On Updates

Attention MacRumors Staff:

This article has two updates on it. Here's a request: PLEASE provide a Date- and Time-Stamp on your article updates.

It is useful to know, for instance, how much time elapsed between when the App update to 2.6.2 was "pulled" and when it re-appeared.

Thank you!
__________________
12-core 2.66GHz Xeon Mac Pro 8-core 3.2GHz Xeon Mac Pro MacBook Core 2 Duo Mac Mini iPhone 5s iPad etc.
iMarc845 is offline   2 Reply With Quote
Old Jan 17, 2014, 10:51 AM   #12
Dr. Echsel
macrumors newbie
 
Join Date: Apr 2011
Location: Louisville, KY
Yeah, they updated the app, but it's still clunky and feels so outdated...
Dr. Echsel is offline   1 Reply With Quote
Old Jan 17, 2014, 10:53 AM   #13
PsychoLogicXen
macrumors member
 
Join Date: Jun 2011
Location: SoCal
Glad they responded so quickly to the initial discovery. Looks like they made a couple much needed UI fixes too. The "Home" button in the bottom nav no longer displays ambiguously as "..."
PsychoLogicXen is offline   1 Reply With Quote
Old Jan 17, 2014, 11:08 AM   #14
Mums
macrumors regular
 
Join Date: Oct 2011
You know they were selling the information.
Mums is offline   0 Reply With Quote
Old Jan 17, 2014, 11:12 AM   #15
Chupa Chupa
macrumors G3
 
Chupa Chupa's Avatar
 
Join Date: Jul 2002
Quote:
Originally Posted by Mums View Post
You know they were selling the information.
I guess

a) what does that have to do with the way the data was stored in the app? Also If Starbucks was selling the information why leave it in clear text format for all to see?

b) assume they are selling information -- what information does Starbucks have that Google does not other than what kind of coffee I order? Silly.
__________________
Walled Garden ≠ Prison:
"People who use Apple products considered their options, and chose Apple. If they regret their decision, they can dump it at any time." -- Harry McCracken, Technologizer.com
Chupa Chupa is offline   1 Reply With Quote
Old Jan 17, 2014, 11:40 AM   #16
alent1234
macrumors 603
 
Join Date: Jun 2009
Quote:
Originally Posted by Dr. Echsel View Post
Yeah, they updated the app, but it's still clunky and feels so outdated...

add it to passbook with your favorite locations and forget it except to recharge your card. what is so clunky?
alent1234 is offline   0 Reply With Quote
Old Jan 17, 2014, 11:45 AM   #17
SusanK
macrumors 6502a
 
Join Date: Oct 2012
App not needed for perks

A registered Starbucks card is all you need for the freebies. The app is not necessary. Register the card from you computer or phone SBUX CS and rep will register for you.
__________________
"If I had asked people what they wanted, they would have said faster horses."

-Henry Ford
SusanK is offline   1 Reply With Quote
Old Jan 17, 2014, 11:48 AM   #18
JAT
macrumors 603
 
Join Date: Dec 2001
Location: Mpls, MN
Quote:
Originally Posted by iMarc845 View Post
Attention MacRumors Staff:

This article has two updates on it. Here's a request: PLEASE provide a Date- and Time-Stamp on your article updates.

It is useful to know, for instance, how much time elapsed between when the App update to 2.6.2 was "pulled" and when it re-appeared.

Thank you!
Some of the editors do, some don't.
__________________
-- Spiky
JAT is offline   0 Reply With Quote
Old Jan 17, 2014, 12:00 PM   #19
Jimmy James
macrumors 65832
 
Join Date: Oct 2008
Quote:
Originally Posted by iLondoner View Post
Didn't exactly fear any outbreaks of world domination and no coffee got stolen in the meantime.
They took over the world in Austin Powers.
Jimmy James is offline   1 Reply With Quote
Old Jan 17, 2014, 12:00 PM   #20
CBJammin103
macrumors regular
 
Join Date: Jun 2007
Location: Louisiana, United States
Wait. How is it even possible that a development team that would store passwords in plaintext get hired in the first place, much less by a huge company like Starbucks? This blows my mind as a web developer.

Here we are talking about agencies and black hats breaking into computers with hardware backdoors / secret zero day exploits / man-on-the-side attacks and there are still people storing passwords in plaintext on the device. Which means that they were probably storing them in plaintext on their servers too.
__________________
iMac 27" Core i7 15" Retina Macbook Pro iPhone 5
CBJammin103 is offline   4 Reply With Quote
Old Jan 17, 2014, 12:04 PM   #21
rhett7660
macrumors 604
 
rhett7660's Avatar
 
Join Date: Jan 2008
Location: Sunny, Southern California
I am showing 2.6.2 in the store and on my phone.

I think it is worth having the app. All the little perks you get with it are well worth it to me.
__________________
"It's quite an experience to hold the hand of someone as they move from living to dead."
"Times are looking grim these days, holding on to everything, it's hard to draw the line"
rhett7660 is offline   0 Reply With Quote
Old Jan 17, 2014, 12:29 PM   #22
kdarling
macrumors Demi-God
 
kdarling's Avatar
 
Join Date: Jun 2007
Location: Device engineer 30+ yrs, touchscreens 23+.
Quote:
Originally Posted by CBJammin103 View Post
Wait. How is it even possible that a development team that would store passwords in plaintext get hired in the first place, much less by a huge company like Starbucks? This blows my mind as a web developer.
In this case, the data was being stored as part of an optional Crashlytics clear text crash log file used for debugging.

This is why I dislike ever using someone else's add-on tools. Only trust code you write yourself, or at least vet all the output of the third party tools you're using.
kdarling is offline   4 Reply With Quote
Old Jan 17, 2014, 12:34 PM   #23
LostSoul80
macrumors 68000
 
LostSoul80's Avatar
 
Join Date: Jan 2009
Quote:
Originally Posted by pdgill View Post
So most likely from the moment the app took usernames and passwords it has stored them in plain text. And now once it became public knowledge it only takes a week or less for an update?

Kind of a dick move for Starbucks to only care about our security once they get caught. Typical, probably. But still dick.
Yeah, they'd better remove the added security soon to comply with pdgill from Macrumors complaining about them implementing a security feature.

__________________
Automatic Fans: UltraFan
LostSoul80 is offline   0 Reply With Quote
Old Jan 17, 2014, 01:37 PM   #24
HiRez
macrumors 601
 
HiRez's Avatar
 
Join Date: Jan 2004
Location: Western US
Quote:
Originally Posted by alent1234 View Post
add it to passbook with your favorite locations and forget it except to recharge your card. what is so clunky?
I just set it to auto-reload after it gets below a certain amount (which you can set), so I pretty much always use Passbook and never touch the app. Only time I need to use the app is when I want to check how many rewards I have, and when they are expiring (don't wait too long or they go away).

The app is kind of crappy to mediocre (not the worst I've seen but could be a lot better). But the system of using your phone to pay for coffee at Starbucks works great, I never pay cash there anymore (bring change for tips though). Not really sure why NFC is needed, scanning the phone is super easy.
__________________
Go outside, the graphics are amazing!
HiRez is offline   0 Reply With Quote
Old Jan 17, 2014, 01:49 PM   #25
HMI
macrumors 6502a
 
HMI's Avatar
 
Join Date: May 2012
So, no zeros or ones were harmed in the production of this release?
HMI is offline   1 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
iWork for iOS and Mac Updated With Password-Protected Sharing, New Features [Updated] MacRumors MacRumors.com News Discussion 121 Jan 25, 2014 07:44 PM
'Evasi0n' Untethered Jailbreak Updated for Newer iPhones, iPads and iOS 7.x [Updated] MacRumors MacRumors.com News Discussion 83 Dec 27, 2013 06:03 PM
Updated 'Remote' App With iOS 7 Redesign Hits App Store MacRumors MacRumors.com News Discussion 135 Dec 13, 2013 07:12 AM
Stanford's iTunes U App Development Course Updated for iOS 7 MacRumors iOS Blog Discussion 22 Dec 10, 2013 01:24 PM
Updated App Remains Listed as Needing to Be Updated ThatJester Mac Basics and Help 0 Oct 8, 2012 04:33 PM

Forum Jump

All times are GMT -5. The time now is 05:21 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC