The weak protections for customer data in Starbucks' mobile-payment app is a "wakeup call" for consumers who should never assume the apps they use in their smartphones are secure.
Starbucks acknowledged this week that its app stores usernames, email addresses, and passwords in clear text. As a result, anyone could see the information by connecting the phone to a PC.
Choose ease over security
Starbucks chose not to encrypt the data and store it on its servers in order to make the app easier to use. Taking the additional security measures would have meant having the user logon each time they used the app. By storing the data in clear text on the phone, users only had to login once, until they added more money to their account.
"The recent news that the Starbucks mobile app is not adequately protecting usernames and passwords should be a wakeup call for us—both as mobile consumers and employees," said Jack Walsh, mobility program manager at software testing and certification firm ICSA Labs. "No one should assume that their company's mobile apps are safe and properly secure sensitive employee or customer data."
To read this article in full or to leave a comment, please click here
ConversionConversion EmoticonEmoticon