starbucksappStarbucks has admitted that its mobile payment app for iPhone does not encrypt user passwords and location data, instead storing it in a clear text format, according to a report from Computerworld.

The credentials were stored in such a way that anyone with access to the phone can see the passwords and usernames by connecting the phone to a PC. No jailbreaking of the phone is necessary. And that clear text also displays an extensive list of geolocation tracking points (latitude, longitude), a treasure trove of security and privacy gems for anyone who steals the phone.

The vulnerability was first discovered by security researcher Daniel Wood, who published his findings online for the security community after repeatedly not having success when attempting to contact Starbucks.

The coffee company tells Computerworld that it has "security measures in place now related to that". However, Wood tells The Verge that anything Starbucks does on its end "would not matter" because the vulnerability lies within the app itself.

Potential criminals would still need to physically have the phone to attain any user information, and the only information available would be user names, passwords and location data, but users of the app who had the "auto replenish" feature on would enable criminals to continually add money to the app to make Starbucks purchases.

Update: Starbucks has issued a statement acknowledging the issue and promising an expedited updated for the company's iOS app.

We’d like to be clear: there is no indication that any customer has been impacted by this or that any information has been compromised. Regardless, we take these types of concerns seriously and have added several safeguards to protect the information you share with us. To protect the integrity of these added measures, we are unable to share technical details but can assure you that they sufficiently address the concerns raised in the research report.

Out of an abundance of caution, we are also working to accelerate the deployment of an update for the app that will add extra layers of protection. We expect this update to be ready soon and will share our progress here. While we are working on the update, we would like to emphasize that your information is protected and that you should continue to feel confident about the integrity of our iOS app.

Top Rated Comments

Chupa Chupa Avatar
132 months ago
Glad I don't have a Starbucks app in my country. Good luck cleaning that up, Starbucks.
Why because you hate convenience and free drinks and discounts?

With all the insecurity in computer systems these days (Target, Neimans) the Starbucks app is really only a distraction. Someone would have to have physical access to your phone or backup file to get the UID and PW. And even then you are talking about credit for coffees. What's the downside here - $20.

----------

Do hipsters still hang out at Starbucks? I thought it would be regular Joe Schmuck-people.
No, the Joe Schmuck people hang out on MR and spend their day generalizing and being snarky and condescending about people they don't even know.;)
Score: 7 Votes (Like | Disagree)
alent1234 Avatar
132 months ago
The coffee is so bad, there is always a line of people waiting to buy it
Score: 6 Votes (Like | Disagree)
flash84x Avatar
132 months ago
Really? It's not that hard to use the keychain which is built into iOS. Every competent iOS developer knows this.
Score: 6 Votes (Like | Disagree)
Chupa Chupa Avatar
132 months ago
Personally, I hate going anywhere where asking for "a cup of coffee" produces a blank look...
That's a lot of places though. I mean "cup of coffee" is quite ambiguous & generic. Unless you are at a sit down restaurant or cafe, most coffee shops have multiple sizes.



Average Joe Schmuck was a bad word from my side early in the morning, it's called Jane/John Doe. Or "Svenssons" as we say here in Sweden. The regular average person.

Which was my impression of Starbucks when I was over there. Extremely bad coffe to a slightly premium price for the average consumer that doesn't care.
Yes, "Jane/Jone Doe" has quite a different connotation than "Joe Schumuck." The former is accepted slang for the average person. The latter, of course, is, meant to be offensive; from the yiddish translation, a "d!ck."

Coffee, like people, comes in all different tastes and strengths. Yes, Starbucks has some awful blends, but they have some tasty ones too. I can say the same about the offerings of lots of restaurants. Can't you?

But, honestly the big draw to Starbucks coffee over other coffee shops is not that it's a gourmet delicacy. People buy the drip because its extra caffeinated. If you need your morning caffeine bump that's the place to go. Also Starbucks has a variety of espresso drinks that most shops don't have or are not convenient. Finally, it's a comfortable (usually) place to meet for a casual cup. People like to jab Starbucks the same way they jab Apple. Sometimes its deserved, but most times its just petty, baseless & spiteful.
Score: 4 Votes (Like | Disagree)
Elijen Avatar
132 months ago
Terrible coffee, terrible app. What did you expect?
Score: 3 Votes (Like | Disagree)
pnoyblazed Avatar
132 months ago
does that mean this app will finally get iOS7 support?
Score: 3 Votes (Like | Disagree)

Popular Stories

Beyond iPhone 13 Better Blue Face ID Single Camera Hole

Six Reasons to Wait for Next Year's iPhone 17

Thursday February 22, 2024 4:20 am PST by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models concurrently, which is why we sometimes get rumored feature leaks so far ahead of launch. The iPhone 17 series is no different, and already we have some idea of what to expect from Apple's 2025 smartphone lineup. If you plan to skip...
General Apps Messages

iOS 17.4 to Add This 'Groundbreaking' New Messaging Feature

Friday February 23, 2024 5:05 am PST by
With iOS 17.4, set to arrive in March 2024, Apple is bringing a new cryptographic security feature to iMessage called PQ3. This "groundbreaking" and "state-of-the-art" protocol provides "extensive defenses against even highly sophisticated quantum attacks," according to Apple. Let's break down what that means. Apple's iMessage service already supports end-to-end encryption, but security...
iPhone Notch

Apple Explored These Notch and Dynamic Island Designs for iPhones

Friday February 23, 2024 2:05 pm PST by
With the iPhone 14 Pro models in 2022, Apple introduced the Dynamic Island, which can morph and expand to display system alerts, sports scores, and a variety of other information. The feature makes the space surrounding the front camera and Face ID sensors useful compared to the notch on older iPhone models. Apple explored a variety of ideas for the iPhone's notch area over the years before...
New Macs iPads iOS 17 4

What to Expect at Potential Apple Event in March: iPads, Macs, and More

Friday February 23, 2024 8:35 am PST by
Apple often holds its first media event of the year in March, so the company could be just weeks away from announcing new products. Below, we have outlined what to expect from a potential Apple Event this March. Past Apple Events in March Apple has held five events in March since 2015:Monday, March 9, 2015 Monday, March 21, 2016 Tuesday, March 27, 2018 Monday, March 25, 2019 Tuesday,...
iOS 17

iOS 17.4 Coming Soon With These New Features for Your iPhone

Monday February 26, 2024 6:08 am PST by
In a press release last month, Apple confirmed that iOS 17.4 will be released in March, and the update includes several new features and changes for the iPhone. Key new features in iOS 17.4 include major App Store changes in the EU, Apple Podcasts transcripts, and an iMessage security upgrade. The update also adds new emoji and includes preparations for the launch of next-generation CarPlay...
iOS 17

When Will Apple Release iOS 17.4 for iPhones?

Friday February 23, 2024 11:56 am PST by
Apple has been beta testing iOS 17.4 for nearly a month now. Below, we explain when the update is likely to be released to all users. In its press release announcing major App Store changes in the EU, which were implemented in response to new regulations under the EU's Digital Markets Act, Apple confirmed that iOS 17.4 will be released at some point in March:Developers can learn about these...