Latest in App

Image credit:

Starbucks app stores log-in credentials, location info in plain text

Zach Honig
January 15, 2014
52 Shares
Share
Tweet
Share

Sponsored Links

If you're concerned about someone getting their hands on your personal data, you'll want to read on -- this latest method's an unlikely culprit. The Starbucks mobile-payment app is reportedly saving user data, including email addresses, passwords and even your GPS location in plain text. Theoretically, anyone with access to your phone (and a computer) can download your private data with less than an hour or work. Company executives confirmed the flaw to Computerworld, admitting that they're aware of the issue.

Daniel Wood, a security researcher, first came upon the unencrypted information last year. He downloaded and re-tested an updated version the app, which Starbucks claims now includes "adequate security measures," only to find that the same information is still easily accessible. A log file also includes GPS coordinates that are captured every time you search for a nearby Starbucks store. Of course, the global caffeinator's mobile application isn't free of other weaknesses, too -- payments are processed by scanning an on-screen barcode, which can be reproduced and used to drain your account by anyone close enough to photograph your phone.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
52 Shares
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
'Xbox Series S' console revealed by controller packaging

'Xbox Series S' console revealed by controller packaging

View
Space Force official logo and motto unveiled

Space Force official logo and motto unveiled

View
Watch AI-controlled virtual fighters take on an Air Force pilot on August 18th

Watch AI-controlled virtual fighters take on an Air Force pilot on August 18th

View
Hyundai is turning Ioniq into its own EV sub-brand

Hyundai is turning Ioniq into its own EV sub-brand

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr