Starbucks iOS App Updated to Secure Personal Information [Updated x2]

MacRumors

macrumors bot
Original poster
Apr 12, 2001
7,468
8,524



Starbucks has released an update to its iOS app that safeguards customer's personal information stored on the phone. An earlier version of the app saved sensitive information, such as usernames, passwords and location data, in a clear text format. Potential criminals who obtained physical access to a customer's iPhone could download these details with minimal effort.

As announced by Starbucks chief information officer Curt Garner, an updated version of the Starbucks mobile app is available now in the iOS App Store. Though the safeguard measures were not detailed, Garner did confirm that the changes made to app provide "extra layers of protection" for consumers.
As promised, we have released an updated version of Starbucks Mobile App for iOS which adds extra layers of protection. We encourage customers to download the update as an additional safeguard measure.
A followup inquiry by The Verge clarified that the app no longer stores personal data in clear text format. Garner encouraged all Starbucks customers to download the latest version of the company's app.

Version 2.6.2 of Starbucks for the iPhone is available for download from the iOS App Store. [Direct Link]

Update: The App Store appears to now be offering the previous 2.6.1 version of Starbucks. It is unclear why the new version has been pulled from the App Store.

Update 2: The new version 2.6.2 has returned to the App Store.

Article Link: Starbucks iOS App Updated to Secure Personal Information [Updated x2]
 

BJMRamage

macrumors 68020
Oct 2, 2007
2,436
863
still looks like Version 2.6.1 on the store for me.
gotta check to see what my phone says
 

blcamp

macrumors regular
May 16, 2012
165
342
Grand Rapids, MI, USA
Look at Version History in App Store

In App Store on iPhone (5, iOS7) it shows 2.6.1 as most recent, then 2.6.2, then an identical 2.6.1 entry again. That's messed up.

I don't have this app but I do enjoy a Starbucks from time to time. Is this app really worth the trouble? I see an awful lot of bad reviews for the app...
 

pdgill

macrumors newbie
Dec 26, 2008
2
0
Seems so fishy to me

So most likely from the moment the app took usernames and passwords it has stored them in plain text. And now once it became public knowledge it only takes a week or less for an update?

Kind of a dick move for Starbucks to only care about our security once they get caught. Typical, probably. But still dick.
 

IvanX

macrumors 6502
Mar 10, 2012
334
101
As I said in the other thread on this matter: they won't say what they did to improve security, but expect us to trust them like we did before? Once bitten, twice shy :rolleyes:
 

BJMRamage

macrumors 68020
Oct 2, 2007
2,436
863
In App Store on iPhone (5, iOS7) it shows 2.6.1 as most recent, then 2.6.2, then an identical 2.6.1 entry again. That's messed up.

I don't have this app but I do enjoy a Starbucks from time to time. Is this app really worth the trouble? I see an awful lot of bad reviews for the app...
you build up "stars" for drinks/food you purchase. after so many stars you get free refills on hot or iced coffees. once you get more stars you get free flavorings or maybe a free drink. Plus, with the app, (and no card info needed) you can download free songs/apps/books of the week (different from the cards in store)

I was given some starbucks gift cards and only use those in the app. i don't really use the app to find a starbucks location and i don't have it connected with passbook.
 

Jessica Lares

macrumors G3
Oct 31, 2009
9,200
722
Near Dallas, Texas, USA
I don't have this app but I do enjoy a Starbucks from time to time. Is this app really worth the trouble? I see an awful lot of bad reviews for the app...
It is worth the trouble to get a card when you get perks along with it. And by perks, meaning 2 for 1 deals on sandwiches, drinks, etc. Plus, the whole half off during happy hour which comes and goes.
 

citi

macrumors 65816
May 2, 2006
1,361
508
Simi Valley, CA
It is worth the trouble to get a card when you get perks along with it. And by perks, meaning 2 for 1 deals on sandwiches, drinks, etc. Plus, the whole half off during happy hour which comes and goes.
It's a great deal really. I never pay cash at starbucks. It's easier to load 5$ on the card and use that for points. Also, the free drink applies to any food or beverage.
 

iMarc845

macrumors member
Jul 3, 2008
93
21
Rockland County, NY
Request to MacRumors: Date- and Time-Stamp On Updates

Attention MacRumors Staff:

This article has two updates on it. Here's a request: PLEASE provide a Date- and Time-Stamp on your article updates.

It is useful to know, for instance, how much time elapsed between when the App update to 2.6.2 was "pulled" and when it re-appeared.

Thank you!
 

PsychoLogicXen

macrumors member
Jun 9, 2011
77
8
Orange County, CA
Glad they responded so quickly to the initial discovery. Looks like they made a couple much needed UI fixes too. The "Home" button in the bottom nav no longer displays ambiguously as "..."
 

Chupa Chupa

macrumors G5
Jul 16, 2002
14,830
7,369
You know they were selling the information.
I guess

a) what does that have to do with the way the data was stored in the app? Also If Starbucks was selling the information why leave it in clear text format for all to see?

b) assume they are selling information -- what information does Starbucks have that Google does not other than what kind of coffee I order? Silly.
 

SusanK

macrumors 68000
Oct 9, 2012
1,673
2,636
App not needed for perks

A registered Starbucks card is all you need for the freebies. The app is not necessary. Register the card from you computer or phone SBUX CS and rep will register for you.
 

JAT

macrumors 603
Dec 31, 2001
6,451
122
Mpls, MN
Attention MacRumors Staff:

This article has two updates on it. Here's a request: PLEASE provide a Date- and Time-Stamp on your article updates.

It is useful to know, for instance, how much time elapsed between when the App update to 2.6.2 was "pulled" and when it re-appeared.

Thank you!
Some of the editors do, some don't.
 

CBJammin103

macrumors regular
Jun 6, 2007
233
56
Louisiana, United States
Wait. How is it even possible that a development team that would store passwords in plaintext get hired in the first place, much less by a huge company like Starbucks? This blows my mind as a web developer. :confused:

Here we are talking about agencies and black hats breaking into computers with hardware backdoors / secret zero day exploits / man-on-the-side attacks and there are still people storing passwords in plaintext on the device. Which means that they were probably storing them in plaintext on their servers too.
 

kdarling

macrumors P6
Wait. How is it even possible that a development team that would store passwords in plaintext get hired in the first place, much less by a huge company like Starbucks? This blows my mind as a web developer. :confused:
In this case, the data was being stored as part of an optional Crashlytics clear text crash log file used for debugging.

This is why I dislike ever using someone else's add-on tools. Only trust code you write yourself, or at least vet all the output of the third party tools you're using.
 

LostSoul80

macrumors 68020
Jan 25, 2009
2,133
6
So most likely from the moment the app took usernames and passwords it has stored them in plain text. And now once it became public knowledge it only takes a week or less for an update?

Kind of a dick move for Starbucks to only care about our security once they get caught. Typical, probably. But still dick.
Yeah, they'd better remove the added security soon to comply with pdgill from Macrumors complaining about them implementing a security feature.

:eek:
 

HiRez

macrumors 603
Jan 6, 2004
5,805
1,702
Western US
add it to passbook with your favorite locations and forget it except to recharge your card. what is so clunky?
I just set it to auto-reload after it gets below a certain amount (which you can set), so I pretty much always use Passbook and never touch the app. Only time I need to use the app is when I want to check how many rewards I have, and when they are expiring (don't wait too long or they go away).

The app is kind of crappy to mediocre (not the worst I've seen but could be a lot better). But the system of using your phone to pay for coffee at Starbucks works great, I never pay cash there anymore (bring change for tips though). Not really sure why NFC is needed, scanning the phone is super easy.
 

HMI

macrumors 6502a
May 23, 2012
505
0
So, no zeros or ones were harmed in the production of this release?