Latest in App

Image credit:

Starbucks app stores log-in credentials, location info in plain text

Zach Honig
01.15.14
503 Shares
Share
Tweet
Share
Save

If you're concerned about someone getting their hands on your personal data, you'll want to read on -- this latest method's an unlikely culprit. The Starbucks mobile-payment app is reportedly saving user data, including email addresses, passwords and even your GPS location in plain text. Theoretically, anyone with access to your phone (and a computer) can download your private data with less than an hour or work. Company executives confirmed the flaw to Computerworld, admitting that they're aware of the issue.

Daniel Wood, a security researcher, first came upon the unencrypted information last year. He downloaded and re-tested an updated version the app, which Starbucks claims now includes "adequate security measures," only to find that the same information is still easily accessible. A log file also includes GPS coordinates that are captured every time you search for a nearby Starbucks store. Of course, the global caffeinator's mobile application isn't free of other weaknesses, too -- payments are processed by scanning an on-screen barcode, which can be reproduced and used to drain your account by anyone close enough to photograph your phone.