Starbucks iOS App Updated to Secure Personal Information [Updated x2]

Discussion in 'iOS Blog Discussion' started by MacRumors, Jan 17, 2014.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Starbucks has released an update to its iOS app that safeguards customer's personal information stored on the phone. An earlier version of the app saved sensitive information, such as usernames, passwords and location data, in a clear text format. Potential criminals who obtained physical access to a customer's iPhone could download these details with minimal effort.

    As announced by Starbucks chief information officer Curt Garner, an updated version of the Starbucks mobile app is available now in the iOS App Store. Though the safeguard measures were not detailed, Garner did confirm that the changes made to app provide "extra layers of protection" for consumers.
    A followup inquiry by The Verge clarified that the app no longer stores personal data in clear text format. Garner encouraged all Starbucks customers to download the latest version of the company's app.

    Version 2.6.2 of Starbucks for the iPhone is available for download from the iOS App Store. [Direct Link]

    Update: The App Store appears to now be offering the previous 2.6.1 version of Starbucks. It is unclear why the new version has been pulled from the App Store.

    Update 2: The new version 2.6.2 has returned to the App Store.

    Article Link: Starbucks iOS App Updated to Secure Personal Information [Updated x2]
  2. BJMRamage macrumors 68020


    Oct 2, 2007
    still looks like Version 2.6.1 on the store for me.
    gotta check to see what my phone says
  3. JayLenochiniMac macrumors G5

    Nov 7, 2007
    New Sanfrakota
    Same here. No idea why that version is showing under available updates and it's already open. Probably a iOS 7 bug that Apple themselves need to fix.
  4. blcamp macrumors regular


    May 16, 2012
    Grand Rapids, MI, USA
    Look at Version History in App Store

    In App Store on iPhone (5, iOS7) it shows 2.6.1 as most recent, then 2.6.2, then an identical 2.6.1 entry again. That's messed up.

    I don't have this app but I do enjoy a Starbucks from time to time. Is this app really worth the trouble? I see an awful lot of bad reviews for the app...
  5. pdgill macrumors newbie

    Dec 26, 2008
    Seems so fishy to me

    So most likely from the moment the app took usernames and passwords it has stored them in plain text. And now once it became public knowledge it only takes a week or less for an update?

    Kind of a dick move for Starbucks to only care about our security once they get caught. Typical, probably. But still dick.
  6. IvanX macrumors 6502

    Mar 10, 2012
    As I said in the other thread on this matter: they won't say what they did to improve security, but expect us to trust them like we did before? Once bitten, twice shy :rolleyes:
  7. BJMRamage macrumors 68020


    Oct 2, 2007
    you build up "stars" for drinks/food you purchase. after so many stars you get free refills on hot or iced coffees. once you get more stars you get free flavorings or maybe a free drink. Plus, with the app, (and no card info needed) you can download free songs/apps/books of the week (different from the cards in store)

    I was given some starbucks gift cards and only use those in the app. i don't really use the app to find a starbucks location and i don't have it connected with passbook.
  8. iLondoner macrumors 6502


    App store says 2.6.2 for me.

    Didn't exactly fear any outbreaks of world domination and no coffee got stolen in the meantime.
  9. Jessica Lares macrumors G3

    Jessica Lares

    Oct 31, 2009
    Near Dallas, Texas, USA
    It is worth the trouble to get a card when you get perks along with it. And by perks, meaning 2 for 1 deals on sandwiches, drinks, etc. Plus, the whole half off during happy hour which comes and goes.
  10. citi macrumors 65816


    May 2, 2006
    Simi Valley, CA
    It's a great deal really. I never pay cash at starbucks. It's easier to load 5$ on the card and use that for points. Also, the free drink applies to any food or beverage.
  11. iMarc845 macrumors member


    Jul 3, 2008
    Rockland County, NY
    Request to MacRumors: Date- and Time-Stamp On Updates

    Attention MacRumors Staff:

    This article has two updates on it. Here's a request: PLEASE provide a Date- and Time-Stamp on your article updates.

    It is useful to know, for instance, how much time elapsed between when the App update to 2.6.2 was "pulled" and when it re-appeared.

    Thank you!
  12. Dr. Echsel macrumors member

    Apr 4, 2011
    Louisville, KY
    Yeah, they updated the app, but it's still clunky and feels so outdated...
  13. PsychoLogicXen macrumors member

    Jun 9, 2011
    Orange County, CA
    Glad they responded so quickly to the initial discovery. Looks like they made a couple much needed UI fixes too. The "Home" button in the bottom nav no longer displays ambiguously as "..."
  14. Mums Suspended


    Oct 4, 2011
  15. Chupa Chupa macrumors G5

    Chupa Chupa

    Jul 16, 2002
    I guess

    a) what does that have to do with the way the data was stored in the app? Also If Starbucks was selling the information why leave it in clear text format for all to see?

    b) assume they are selling information -- what information does Starbucks have that Google does not other than what kind of coffee I order? Silly.
  16. alent1234 macrumors 603

    Jun 19, 2009

    add it to passbook with your favorite locations and forget it except to recharge your card. what is so clunky?
  17. SusanK macrumors 68000

    Oct 9, 2012
    App not needed for perks

    A registered Starbucks card is all you need for the freebies. The app is not necessary. Register the card from you computer or phone SBUX CS and rep will register for you.
  18. JAT macrumors 603

    Dec 31, 2001
    Mpls, MN
    Some of the editors do, some don't.
  19. Jimmy James macrumors 601

    Jimmy James

    Oct 26, 2008
    They took over the world in Austin Powers.
  20. CBJammin103 macrumors regular


    Jun 6, 2007
    Louisiana, United States
    Wait. How is it even possible that a development team that would store passwords in plaintext get hired in the first place, much less by a huge company like Starbucks? This blows my mind as a web developer. :confused:

    Here we are talking about agencies and black hats breaking into computers with hardware backdoors / secret zero day exploits / man-on-the-side attacks and there are still people storing passwords in plaintext on the device. Which means that they were probably storing them in plaintext on their servers too.
  21. rhett7660 macrumors G5


    Jan 9, 2008
    Sunny, Southern California
    I am showing 2.6.2 in the store and on my phone.

    I think it is worth having the app. All the little perks you get with it are well worth it to me.
  22. kdarling macrumors P6


    Jun 9, 2007
    First university coding class = 47 years ago
    In this case, the data was being stored as part of an optional Crashlytics clear text crash log file used for debugging.

    This is why I dislike ever using someone else's add-on tools. Only trust code you write yourself, or at least vet all the output of the third party tools you're using.
  23. LostSoul80 macrumors 68020


    Jan 25, 2009
    Yeah, they'd better remove the added security soon to comply with pdgill from Macrumors complaining about them implementing a security feature.

  24. HiRez macrumors 603


    Jan 6, 2004
    Western US
    I just set it to auto-reload after it gets below a certain amount (which you can set), so I pretty much always use Passbook and never touch the app. Only time I need to use the app is when I want to check how many rewards I have, and when they are expiring (don't wait too long or they go away).

    The app is kind of crappy to mediocre (not the worst I've seen but could be a lot better). But the system of using your phone to pay for coffee at Starbucks works great, I never pay cash there anymore (bring change for tips though). Not really sure why NFC is needed, scanning the phone is super easy.
  25. HMI macrumors 6502a


    May 23, 2012
    So, no zeros or ones were harmed in the production of this release?

Share This Page

52 January 17, 2014