Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Starbucks iOS App Updated to Secure Personal Information [Updated x2]

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,540
39,387



starbucksapp.png
Starbucks has released an update to its iOS app that safeguards customer's personal information stored on the phone. An earlier version of the app saved sensitive information, such as usernames, passwords and location data, in a clear text format. Potential criminals who obtained physical access to a customer's iPhone could download these details with minimal effort.

As announced by Starbucks chief information officer Curt Garner, an updated version of the Starbucks mobile app is available now in the iOS App Store. Though the safeguard measures were not detailed, Garner did confirm that the changes made to app provide "extra layers of protection" for consumers.
As promised, we have released an updated version of Starbucks Mobile App for iOS which adds extra layers of protection. We encourage customers to download the update as an additional safeguard measure.
Click to expand...
A followup inquiry by The Verge clarified that the app no longer stores personal data in clear text format. Garner encouraged all Starbucks customers to download the latest version of the company's app.

Version 2.6.2 of Starbucks for the iPhone is available for download from the iOS App Store. [Direct Link]

Update: The App Store appears to now be offering the previous 2.6.1 version of Starbucks. It is unclear why the new version has been pulled from the App Store.

Update 2: The new version 2.6.2 has returned to the App Store.

Article Link: Starbucks iOS App Updated to Secure Personal Information [Updated x2]
 
Article Link
https://www.macrumors.com/2014/01/17/starbucks-app-updated-security/
still looks like Version 2.6.1 on the store for me.
gotta check to see what my phone says
 
Look at Version History in App Store

In App Store on iPhone (5, iOS7) it shows 2.6.1 as most recent, then 2.6.2, then an identical 2.6.1 entry again. That's messed up.

I don't have this app but I do enjoy a Starbucks from time to time. Is this app really worth the trouble? I see an awful lot of bad reviews for the app...
 
Seems so fishy to me

So most likely from the moment the app took usernames and passwords it has stored them in plain text. And now once it became public knowledge it only takes a week or less for an update?

Kind of a dick move for Starbucks to only care about our security once they get caught. Typical, probably. But still dick.
 
As I said in the other thread on this matter: they won't say what they did to improve security, but expect us to trust them like we did before? Once bitten, twice shy :rolleyes:
 
blcamp said:
In App Store on iPhone (5, iOS7) it shows 2.6.1 as most recent, then 2.6.2, then an identical 2.6.1 entry again. That's messed up.

I don't have this app but I do enjoy a Starbucks from time to time. Is this app really worth the trouble? I see an awful lot of bad reviews for the app...
Click to expand...

you build up "stars" for drinks/food you purchase. after so many stars you get free refills on hot or iced coffees. once you get more stars you get free flavorings or maybe a free drink. Plus, with the app, (and no card info needed) you can download free songs/apps/books of the week (different from the cards in store)

I was given some starbucks gift cards and only use those in the app. i don't really use the app to find a starbucks location and i don't have it connected with passbook.
 
blcamp said:
I don't have this app but I do enjoy a Starbucks from time to time. Is this app really worth the trouble? I see an awful lot of bad reviews for the app...
Click to expand...

It is worth the trouble to get a card when you get perks along with it. And by perks, meaning 2 for 1 deals on sandwiches, drinks, etc. Plus, the whole half off during happy hour which comes and goes.
 
Jessica Lares said:
It is worth the trouble to get a card when you get perks along with it. And by perks, meaning 2 for 1 deals on sandwiches, drinks, etc. Plus, the whole half off during happy hour which comes and goes.
Click to expand...

It's a great deal really. I never pay cash at starbucks. It's easier to load 5$ on the card and use that for points. Also, the free drink applies to any food or beverage.
 
Request to MacRumors: Date- and Time-Stamp On Updates

Attention MacRumors Staff:

This article has two updates on it. Here's a request: PLEASE provide a Date- and Time-Stamp on your article updates.

It is useful to know, for instance, how much time elapsed between when the App update to 2.6.2 was "pulled" and when it re-appeared.

Thank you!
 
Glad they responded so quickly to the initial discovery. Looks like they made a couple much needed UI fixes too. The "Home" button in the bottom nav no longer displays ambiguously as "..."
 
Mums said:
You know they were selling the information.
Click to expand...

I guess

a) what does that have to do with the way the data was stored in the app? Also If Starbucks was selling the information why leave it in clear text format for all to see?

b) assume they are selling information -- what information does Starbucks have that Google does not other than what kind of coffee I order? Silly.
 
App not needed for perks

A registered Starbucks card is all you need for the freebies. The app is not necessary. Register the card from you computer or phone SBUX CS and rep will register for you.
 
iMarc845 said:
Attention MacRumors Staff:

This article has two updates on it. Here's a request: PLEASE provide a Date- and Time-Stamp on your article updates.

It is useful to know, for instance, how much time elapsed between when the App update to 2.6.2 was "pulled" and when it re-appeared.

Thank you!
Click to expand...

Some of the editors do, some don't.
 
Wait. How is it even possible that a development team that would store passwords in plaintext get hired in the first place, much less by a huge company like Starbucks? This blows my mind as a web developer. :confused:

Here we are talking about agencies and black hats breaking into computers with hardware backdoors / secret zero day exploits / man-on-the-side attacks and there are still people storing passwords in plaintext on the device. Which means that they were probably storing them in plaintext on their servers too.
 
CBJammin103 said:
Wait. How is it even possible that a development team that would store passwords in plaintext get hired in the first place, much less by a huge company like Starbucks? This blows my mind as a web developer. :confused:
Click to expand...

In this case, the data was being stored as part of an optional Crashlytics clear text crash log file used for debugging.

This is why I dislike ever using someone else's add-on tools. Only trust code you write yourself, or at least vet all the output of the third party tools you're using.
 
pdgill said:
So most likely from the moment the app took usernames and passwords it has stored them in plain text. And now once it became public knowledge it only takes a week or less for an update?

Kind of a dick move for Starbucks to only care about our security once they get caught. Typical, probably. But still dick.
Click to expand...

Yeah, they'd better remove the added security soon to comply with pdgill from Macrumors complaining about them implementing a security feature.

:eek:
 
alent1234 said:
add it to passbook with your favorite locations and forget it except to recharge your card. what is so clunky?
Click to expand...

I just set it to auto-reload after it gets below a certain amount (which you can set), so I pretty much always use Passbook and never touch the app. Only time I need to use the app is when I want to check how many rewards I have, and when they are expiring (don't wait too long or they go away).

The app is kind of crappy to mediocre (not the worst I've seen but could be a lot better). But the system of using your phone to pay for coffee at Starbucks works great, I never pay cash there anymore (bring change for tips though). Not really sure why NFC is needed, scanning the phone is super easy.
 
So, no zeros or ones were harmed in the production of this release?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back