starbucksappStarbucks has admitted that its mobile payment app for iPhone does not encrypt user passwords and location data, instead storing it in a clear text format, according to a report from Computerworld.

The credentials were stored in such a way that anyone with access to the phone can see the passwords and usernames by connecting the phone to a PC. No jailbreaking of the phone is necessary. And that clear text also displays an extensive list of geolocation tracking points (latitude, longitude), a treasure trove of security and privacy gems for anyone who steals the phone.

The vulnerability was first discovered by security researcher Daniel Wood, who published his findings online for the security community after repeatedly not having success when attempting to contact Starbucks.

The coffee company tells Computerworld that it has "security measures in place now related to that". However, Wood tells The Verge that anything Starbucks does on its end "would not matter" because the vulnerability lies within the app itself.

Potential criminals would still need to physically have the phone to attain any user information, and the only information available would be user names, passwords and location data, but users of the app who had the "auto replenish" feature on would enable criminals to continually add money to the app to make Starbucks purchases.

Update: Starbucks has issued a statement acknowledging the issue and promising an expedited updated for the company's iOS app.

We’d like to be clear: there is no indication that any customer has been impacted by this or that any information has been compromised. Regardless, we take these types of concerns seriously and have added several safeguards to protect the information you share with us. To protect the integrity of these added measures, we are unable to share technical details but can assure you that they sufficiently address the concerns raised in the research report.

Out of an abundance of caution, we are also working to accelerate the deployment of an update for the app that will add extra layers of protection. We expect this update to be ready soon and will share our progress here. While we are working on the update, we would like to emphasize that your information is protected and that you should continue to feel confident about the integrity of our iOS app.

Top Rated Comments

Chupa Chupa Avatar
100 months ago
Glad I don't have a Starbucks app in my country. Good luck cleaning that up, Starbucks.
Why because you hate convenience and free drinks and discounts?

With all the insecurity in computer systems these days (Target, Neimans) the Starbucks app is really only a distraction. Someone would have to have physical access to your phone or backup file to get the UID and PW. And even then you are talking about credit for coffees. What's the downside here - $20.

----------

Do hipsters still hang out at Starbucks? I thought it would be regular Joe Schmuck-people.
No, the Joe Schmuck people hang out on MR and spend their day generalizing and being snarky and condescending about people they don't even know.;)
Score: 7 Votes (Like | Disagree)
alent1234 Avatar
100 months ago
The coffee is so bad, there is always a line of people waiting to buy it
Score: 6 Votes (Like | Disagree)
flash84x Avatar
100 months ago
Really? It's not that hard to use the keychain which is built into iOS. Every competent iOS developer knows this.
Score: 6 Votes (Like | Disagree)
Chupa Chupa Avatar
100 months ago
Personally, I hate going anywhere where asking for "a cup of coffee" produces a blank look...
That's a lot of places though. I mean "cup of coffee" is quite ambiguous & generic. Unless you are at a sit down restaurant or cafe, most coffee shops have multiple sizes.



Average Joe Schmuck was a bad word from my side early in the morning, it's called Jane/John Doe. Or "Svenssons" as we say here in Sweden. The regular average person.

Which was my impression of Starbucks when I was over there. Extremely bad coffe to a slightly premium price for the average consumer that doesn't care.
Yes, "Jane/Jone Doe" has quite a different connotation than "Joe Schumuck." The former is accepted slang for the average person. The latter, of course, is, meant to be offensive; from the yiddish translation, a "d!ck."

Coffee, like people, comes in all different tastes and strengths. Yes, Starbucks has some awful blends, but they have some tasty ones too. I can say the same about the offerings of lots of restaurants. Can't you?

But, honestly the big draw to Starbucks coffee over other coffee shops is not that it's a gourmet delicacy. People buy the drip because its extra caffeinated. If you need your morning caffeine bump that's the place to go. Also Starbucks has a variety of espresso drinks that most shops don't have or are not convenient. Finally, it's a comfortable (usually) place to meet for a casual cup. People like to jab Starbucks the same way they jab Apple. Sometimes its deserved, but most times its just petty, baseless & spiteful.
Score: 4 Votes (Like | Disagree)
Elijen Avatar
100 months ago
Terrible coffee, terrible app. What did you expect?
Score: 3 Votes (Like | Disagree)
pnoyblazed Avatar
100 months ago
does that mean this app will finally get iOS7 support?
Score: 3 Votes (Like | Disagree)

Top Stories

calculatorapp

iOS 11 Bug: Typing 1+2+3 Quickly in the Calculator App Won't Get You 6

Tuesday October 24, 2017 2:03 pm PDT by
A bug in the built-in Calculator app in iOS 11 is getting some major attention this week, despite the fact that it's been around since iOS 11 was in beta testing. At issue is a calculator animation that causes some symbols to be ignored when calculations are entered in rapid succession. You can try it for yourself: Type 1+2+3 and then the equals sign into the Calculator app quickly. Due to...
gradiente iphone white

Brazilian Electronics Company Revives Long-Running iPhone Trademark Dispute

Tuesday May 19, 2020 1:06 pm PDT by
Apple has been involved in a long-running iPhone trademark dispute in Brazil, which was revived today by IGB Electronica, a Brazilian consumer electronics company that originally registered the "iPhone" name in 2000. IGB Electronica fought a multi-year battle with Apple in an attempt to get exclusive rights to the "iPhone" trademark, but ultimately lost, and now the case has been brought to...
original iphone

Phil Schiller Says iPhone Was 'Earth-Shattering' Ten Years Ago and Remains 'Unmatched' Today

Monday January 9, 2017 7:15 am PST by
To commemorate the tenth anniversary of the iPhone, Apple marketing chief Phil Schiller sat down with tech journalist Steven Levy for a wide-ranging interview about the smartphone's past, present, and future. The report first reflects upon the iPhone's lack of support for third-party apps in its first year. The argument inside Apple was split between whether the iPhone should be a closed...
iphone 12 colors 2021

iPhone 12 Colors: Deciding on The Right Color

Thursday November 5, 2020 8:35 am PST by
The iPhone 12 and iPhone 12 Pro arrived last October in a range of color options, with entirely new hues available on both devices, as well as some popular classics. The 12 and 12 Pro have different color choices, so if you have your heart set on a particular shade, you might not be able to get your preferred model in that color. iPhone 12 mini and iPhone 12 The iPhone 12 mini and iPhone 12...
iPhone 13 Dummy Thumbnail 2

Full iPhone 13 Feature Breakdown: Everything Rumors Say We Can Expect

Tuesday August 31, 2021 7:50 am PDT by
With the launch of Apple's iPhone 13 lineup believed to be just a few weeks away, we have compiled all of the coherent rumors from our coverage over the past year to build a full picture of the features and upgrades coming to the company's new smartphones. For clarity, only explicit improvements, upgrades, and new features compared to the iPhone 12 lineup are listed. It is worth noting that...
omg lightning cable comparison

Security Researcher Develops Lightning Cable With Hidden Chip to Steal Passwords

Thursday September 2, 2021 6:59 am PDT by
A normal-looking Lightning cable that can used to steal data like passwords and send it to a hacker has been developed, Vice reports. The "OMG Cable" compared to Apple's Lightning to USB cable. The "OMG Cable" works exactly like a normal Lightning to USB cable and can log keystrokes from connected Mac keyboards, iPads, and iPhones, and then send this data to a bad actor who could be over a...
macbook air deals

Deals: Amazon Drops Price of 256GB M1 MacBook Air to New Low of $849.99 ($149 Off)

Friday August 27, 2021 6:16 am PDT by
Amazon today introduced new low prices on the M1 MacBook Air for both 256GB and 512GB storage options. To start, you can get the 256GB model for $849.99, down from an original price of $999.00. Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. Only Silver and Gold are...
maxresdefault

New MacBook Pro Models Coming at WWDC, Suggests Leaker

Monday May 24, 2021 1:27 pm PDT by
New MacBook Pro models are coming at WWDC, according to leaker Jon Prosser who has a mixed track record when it comes to predicting Apple's plans. Subscribe to the MacRumors YouTube channel for more videos. Prosser provided no additional information, but there are new 14 and 16-inch MacBook Pro models in the works. The new MacBook Pros will feature the most radical redesign to the MacBook Pro ...
M1X MBP Feature

Leaker: Upcoming MacBook Pro to See Price Hike Over Current Model, Equal Performance Across 14 and 16-Inch Sizes

Tuesday August 24, 2021 5:28 am PDT by
The upcoming 14-inch MacBook Pro is set to be more expensive than the current 13-inch MacBook Pro and both the 14 and 16-inch models will offer the same performance, according to the leaker known as "Dylandkt." The leaker shared the information on Twitter, explaining that both of the upcoming MacBook Pro models, expected to come in 14 and 16-inch sizes, will feature the same performance due...
iPhone 13 Dummy Thumbnail 2

Kuo: iPhone 13 to Feature LEO Satellite Communications to Make Calls and Texts Without Cellular Coverage

Sunday August 29, 2021 7:39 am PDT by
The iPhone 13 will feature low earth orbit (LEO) satellite communication connectivity to allow users to make calls and send messages in areas without 4G or 5G coverage, according to the reliable analyst Ming-Chi Kuo. In a note to investors, seen by MacRumors, Kuo explained that the iPhone 13 lineup will feature hardware that is able to connect to LEO satellites. If enabled with the relevant...