Starbucks iOS App Updated to Secure Personal Information [Updated x2]

Discussion in 'iOS Blog Discussion' started by MacRumors, Jan 17, 2014.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    Starbucks has released an update to its iOS app that safeguards customer's personal information stored on the phone. An earlier version of the app saved sensitive information, such as usernames, passwords and location data, in a clear text format. Potential criminals who obtained physical access to a customer's iPhone could download these details with minimal effort.

    As announced by Starbucks chief information officer Curt Garner, an updated version of the Starbucks mobile app is available now in the iOS App Store. Though the safeguard measures were not detailed, Garner did confirm that the changes made to app provide "extra layers of protection" for consumers.
    A followup inquiry by The Verge clarified that the app no longer stores personal data in clear text format. Garner encouraged all Starbucks customers to download the latest version of the company's app.

    Version 2.6.2 of Starbucks for the iPhone is available for download from the iOS App Store. [Direct Link]

    Update: The App Store appears to now be offering the previous 2.6.1 version of Starbucks. It is unclear why the new version has been pulled from the App Store.

    Update 2: The new version 2.6.2 has returned to the App Store.

    Article Link: Starbucks iOS App Updated to Secure Personal Information [Updated x2]
     
  2. macrumors 68000

    BJMRamage

    Joined:
    Oct 2, 2007
    #2
    still looks like Version 2.6.1 on the store for me.
    gotta check to see what my phone says
     
  3. macrumors G3

    Joined:
    Nov 7, 2007
    Location:
    New Sanfrakota
    #3
    Same here. No idea why that version is showing under available updates and it's already open. Probably a iOS 7 bug that Apple themselves need to fix.
     
  4. macrumors newbie

    blcamp

    Joined:
    May 16, 2012
    Location:
    Grand Rapids, MI, USA
    #4
    Look at Version History in App Store

    In App Store on iPhone (5, iOS7) it shows 2.6.1 as most recent, then 2.6.2, then an identical 2.6.1 entry again. That's messed up.

    I don't have this app but I do enjoy a Starbucks from time to time. Is this app really worth the trouble? I see an awful lot of bad reviews for the app...
     
  5. macrumors newbie

    Joined:
    Dec 26, 2008
    #5
    Seems so fishy to me

    So most likely from the moment the app took usernames and passwords it has stored them in plain text. And now once it became public knowledge it only takes a week or less for an update?

    Kind of a dick move for Starbucks to only care about our security once they get caught. Typical, probably. But still dick.
     
  6. macrumors regular

    Joined:
    Mar 10, 2012
    #6
    As I said in the other thread on this matter: they won't say what they did to improve security, but expect us to trust them like we did before? Once bitten, twice shy :rolleyes:
     
  7. macrumors 68000

    BJMRamage

    Joined:
    Oct 2, 2007
    #7
    you build up "stars" for drinks/food you purchase. after so many stars you get free refills on hot or iced coffees. once you get more stars you get free flavorings or maybe a free drink. Plus, with the app, (and no card info needed) you can download free songs/apps/books of the week (different from the cards in store)

    I was given some starbucks gift cards and only use those in the app. i don't really use the app to find a starbucks location and i don't have it connected with passbook.
     
  8. macrumors regular

    iLondoner

    #8
    App store says 2.6.2 for me.

    Didn't exactly fear any outbreaks of world domination and no coffee got stolen in the meantime.
     
  9. macrumors 604

    Jessica Lares

    Joined:
    Oct 31, 2009
    Location:
    Near Dallas, Texas, USA
    #9
    It is worth the trouble to get a card when you get perks along with it. And by perks, meaning 2 for 1 deals on sandwiches, drinks, etc. Plus, the whole half off during happy hour which comes and goes.
     
  10. macrumors 65816

    citi

    Joined:
    May 2, 2006
    Location:
    Simi Valley, CA
    #10
    It's a great deal really. I never pay cash at starbucks. It's easier to load 5$ on the card and use that for points. Also, the free drink applies to any food or beverage.
     
  11. macrumors member

    iMarc845

    Joined:
    Jul 3, 2008
    Location:
    Rockland County, NY
    #11
    Request to MacRumors: Date- and Time-Stamp On Updates

    Attention MacRumors Staff:

    This article has two updates on it. Here's a request: PLEASE provide a Date- and Time-Stamp on your article updates.

    It is useful to know, for instance, how much time elapsed between when the App update to 2.6.2 was "pulled" and when it re-appeared.

    Thank you!
     
  12. macrumors newbie

    Joined:
    Apr 4, 2011
    Location:
    Louisville, KY
    #12
    Yeah, they updated the app, but it's still clunky and feels so outdated...
     
  13. macrumors member

    Joined:
    Jun 9, 2011
    Location:
    Orange County, CA
    #13
    Glad they responded so quickly to the initial discovery. Looks like they made a couple much needed UI fixes too. The "Home" button in the bottom nav no longer displays ambiguously as "..."
     
  14. macrumors 6502

    Mums

    Joined:
    Oct 4, 2011
    #14
    You know they were selling the information.
     
  15. macrumors G4

    Chupa Chupa

    Joined:
    Jul 16, 2002
    #15
    I guess

    a) what does that have to do with the way the data was stored in the app? Also If Starbucks was selling the information why leave it in clear text format for all to see?

    b) assume they are selling information -- what information does Starbucks have that Google does not other than what kind of coffee I order? Silly.
     
  16. macrumors 603

    Joined:
    Jun 19, 2009
    #16

    add it to passbook with your favorite locations and forget it except to recharge your card. what is so clunky?
     
  17. macrumors 65816

    Joined:
    Oct 9, 2012
    #17
    App not needed for perks

    A registered Starbucks card is all you need for the freebies. The app is not necessary. Register the card from you computer or phone SBUX CS and rep will register for you.
     
  18. JAT
    macrumors 603

    Joined:
    Dec 31, 2001
    Location:
    Mpls, MN
    #18
    Some of the editors do, some don't.
     
  19. macrumors 68000

    Joined:
    Oct 26, 2008
    #19
    They took over the world in Austin Powers.
     
  20. macrumors regular

    CBJammin103

    Joined:
    Jun 6, 2007
    Location:
    Louisiana, United States
    #20
    Wait. How is it even possible that a development team that would store passwords in plaintext get hired in the first place, much less by a huge company like Starbucks? This blows my mind as a web developer. :confused:

    Here we are talking about agencies and black hats breaking into computers with hardware backdoors / secret zero day exploits / man-on-the-side attacks and there are still people storing passwords in plaintext on the device. Which means that they were probably storing them in plaintext on their servers too.
     
  21. macrumors G3

    rhett7660

    Joined:
    Jan 9, 2008
    Location:
    Sunny, Southern California
    #21
    I am showing 2.6.2 in the store and on my phone.

    I think it is worth having the app. All the little perks you get with it are well worth it to me.
     
  22. macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    Device engineer 30+ yrs, touchscreens 24+.
    #22
    In this case, the data was being stored as part of an optional Crashlytics clear text crash log file used for debugging.

    This is why I dislike ever using someone else's add-on tools. Only trust code you write yourself, or at least vet all the output of the third party tools you're using.
     
  23. macrumors 68020

    LostSoul80

    Joined:
    Jan 25, 2009
    #23
    Yeah, they'd better remove the added security soon to comply with pdgill from Macrumors complaining about them implementing a security feature.

    :eek:
     
  24. macrumors 601

    HiRez

    Joined:
    Jan 6, 2004
    Location:
    Western US
    #24
    I just set it to auto-reload after it gets below a certain amount (which you can set), so I pretty much always use Passbook and never touch the app. Only time I need to use the app is when I want to check how many rewards I have, and when they are expiring (don't wait too long or they go away).

    The app is kind of crappy to mediocre (not the worst I've seen but could be a lot better). But the system of using your phone to pay for coffee at Starbucks works great, I never pay cash there anymore (bring change for tips though). Not really sure why NFC is needed, scanning the phone is super easy.
     
  25. HMI
    macrumors 6502a

    HMI

    Joined:
    May 23, 2012
    #25
    So, no zeros or ones were harmed in the production of this release?
     

Share This Page