TechHive: Starbucks app teaches users to check security, experts say

TechHive helps you find your tech sweet spot. We guide you to products you'll love and show you how to get the most out of them. 
Economist GMAT Tutor.

The results you want. The flexibility you need. Claim your 7-day free trial today.
From our sponsors
thumbnail Starbucks app teaches users to check security, experts say
Jan 18th 2014, 14:40, by Antone Gonsalves, CSO

The weak protections for customer data in Starbucks' mobile-payment app is a "wakeup call" for consumers who should never assume the apps they use in their smartphones are secure.

Starbucks acknowledged this week that its app stores usernames, email addresses, and passwords in clear text. As a result, anyone could see the information by connecting the phone to a PC.

Choose ease over security

Starbucks chose not to encrypt the data and store it on its servers in order to make the app easier to use. Taking the additional security measures would have meant having the user logon each time they used the app. By storing the data in clear text on the phone, users only had to login once, until they added more money to their account.

"The recent news that the Starbucks mobile app is not adequately protecting usernames and passwords should be a wakeup call for us—both as mobile consumers and employees," said Jack Walsh, mobility program manager at software testing and certification firm ICSA Labs. "No one should assume that their company's mobile apps are safe and properly secure sensitive employee or customer data."

To read this article in full or to leave a comment, please click here

You are receiving this email because you subscribed to this feed at

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions
Next Post »