Friday, January 17, 2014, 04:28 am PT (07:28 am ET)
Following security controversy, Starbucks patches iOS app with new 'safeguards'Starbucks on Friday quickly responded to criticism after it was discovered that its iOS payment app does not encrypt users' login information, with a new update that promises additional "safeguards" for customers.
It's unclear whether Starbucks version 2.6.2 completely addresses the security issues that gained attention this week. But the coffee chain's CIO did promise on Thursday that an update coming "soon" would ensure that usernames and passwords were no longer stored as plain text.
The release notes for Friday's update simply state that the latest version includes "additional performance enhancements and safeguards."
Starbucks has been under attack since security researcher Daniel Wood publicly disclosed the vulnerability, which requires an attacker to have physical access to the device. Wood reportedly contacted Starbucks to report the flaw last November, and said he opted to go public after the company failed to fix the issue.
The app relies on a log file from Twitter-owned crash reporting analytics firm named Crashlytics. That log file can reportedly be retrieved from a user's handset if someone gains physical access to the iPhone, even if it is secured with a PIN lock, and the file is said to contain unencrypted versions of the customer's username, email address and password.
On Topic: App Store
- Adobe's Photoshop Mix for iPad gets extensibility, panoramic file support, more in update
- ESPN updates SportsCenter for iOS with new football features, Secret adds interactive questions
- Smash hit 'BioShock' comes to iPhone, iPad with iOS-specific controls
- Instagram's new Hyperlapse app simplifies timelapses, Square's Cash 2.0 allows transfers to all via text message
- Google bolsters iOS productivity suite with Slides, updates to Docs and Sheets