TechHive: Hold the foam: Starbucks releases iOS app update in response to security reports

TechHive
TechHive helps you find your tech sweet spot. We guide you to products you'll love and show you how to get the most out of them. 
Economist GMAT Tutor.

The results you want. The flexibility you need. Claim your 7-day free trial today.
From our sponsors
thumbnail Hold the foam: Starbucks releases iOS app update in response to security reports
Jan 17th 2014, 13:45, by Marco Tabini

Hot beverage powerhouse Starbucks has released an updated version of its iOS app in response to reported security issues that could cause the disclosure of sensitive customer information.

The vulnerabilities, first reported on a security mailing list by researcher Daniel Wood, affected the the company's popular app, which allows users to participate in the company's loyalty program, as well as purchase and use in-store credit. As it turns out, the app saved several bits of personal customer information—including, it seems, their credit card numbers—in a clear-text file that is stored, unencrypted, on the device.

This is not quite as bad as it sounds; under normal circumstances, iOS's sandboxing prevents the information from leaking outside of the app's own storage, which means that it is reasonably secure as long as it stays on the user's device. Backing up the phone to iTunes without encryption, however, would potentially leave the plain-text information up for grabs to anyone who has access to your computer. And, if your device happens to be jailbroken, the operating system's sandboxing won't be quite as secure.

For these reasons, it's considered good practice to encrypt all the sensitive information that an app generates—in fact, iOS even provides several easy-to-use programming interfaces that make implementing this level of protection easy for developers. That's probably the reason why Starbucks, after initially downplaying the significance of the problems reported by Wood, decided to backtrack, issuing a press release on Thursday and quickly moving to release an updated version of its app.

To read this article in full or to leave a comment, please click here

You are receiving this email because you subscribed to this feed at blogtrottr.com.

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions
Previous
Next Post »