Latest News: Technology |  Celebrity |  Movies |  Apple |  Cars |  Business |  Sports |  TV Shows |  Geek

Trending

Filed under: News

 

Starbucks 'Chose Convenience Over Security' In Leaving iOS App Vulnerable

Jan 16 2014, 4:36pm CST | by

10 Updates
Starbucks 'Chose Convenience Over Security' In Leaving iOS App Vulnerable
Photo Credit: Forbes
 
 

Comments

Full Story

Starbucks 'Chose Convenience Over Security' In Leaving iOS App Vulnerable

Is it better for mobile apps to be easy-to-use, or secure? It’s a question that app developers constantly grapple with in the face of a competitive landscape, and it can sometimes take a data breach like Snapchat’s to push them in the latter direction.  Earlier this week security researcher Daniel Wood disclosed his findings on how Starbucks was storing data about users of its iOS app in plain text and locally on a device, making passwords and even geolocation data about users vulnerable to theft if the wrong kind of hacker got hold of their iPhone.

Starbucks has said it knows about the app’s vulnerability and that the possibility of it being exploited is “very far fetched.” It says that none of the app’s 10 million users have come forward to claim their data has been misused as a result.

Still, the company is now working on updating its app with “extra layers of protection.” Researcher Wood had approached Starbucks in December about the vulnerability and posted his findings publicly when he didn’t get a response from the chain’s technical teams.

This isn’t the first time a company has been called out for storing its customer data in plain text. The Federal Trade Commission fined social game developer RockYou $250,000 in the spring of 2012 after finding it had stored 32 million email addresses and passwords in plain text. At around the same time, the Microsoft Store India  was shown to be storing passwords in plain text when it was breached by a team of Chinese Hackers, while a year earlier the notorious LulzSec attack on Sony Pictures found more than 1 million customers passwords was being stored in plain text, vulnerable to being stolen and used by spammers.

Habitually storing user data in this way boils down to a question of convenience over security, says Tony Anscombe, head of free products at security software firm AVG Technologies. Most iOS apps don’t store uses data locally on the iPhone as Starbucks did, or they’ll use Apple’s password management system for iOS7, Keychain. It means users have to enter a login and password each time they use an app. “It’s less convenient, but much more secure,” Anscombe wrote in a blog post today.

“Starbucks has done the opposite, storing user data on the user’s device itself and in plain text,” he added. “This means that anyone with access to the phone and the relative know-how can freely access the data stored by the Starbucks app without even having to unlock the device.”

Wood’s disclosure forces app developers to question the larger issue of prioritizing ease of use over privacy and security. In this case, Starbucks had decided on behalf of the consumer that it would “prefer convenience over privacy,” Anscombe added. “While we understand the company’s desire to have more users enjoying their app, it should not be at the cost of securing personal data.”

Source: Forbes

 

iPad Air Giveaway. Win a free iPad Air.

You Might Also Like

Updates


Sponsored Update

Update: 10

4 Firms In Iskandar Malaysia Get Facilitation Fund Totalling RM16.2 Million

Source: Malaysia Today

(Bernama) – Four companies have received the facilitation fund amounting to RM16.2 million from TERAJU@Iskandar Malaysia in an information sharing programme on business opportunities and assistance for the sm ...
Source: Malaysia Today   Full article at: Malaysia Today 6 days ago, 7:42am CDT
 


Advertisement


Update: 9

Selangor’s Watergate about to explode

Source: Malaysia Today

Anwar brought Wan Azmi to meet Khalid to try to resolve this matter. Anwar supports the RM2.5 billion claim but Khalid is stubbornly sticking to the figure of R ...
Source: Malaysia Today   Full article at: Malaysia Today Jul 23 2014, 4:12am CDT
 

More From the Web

Update: 8

GLCs told to provide RM7 billion to develop Bumiputera firms

Source: Malaysia Today

(The Malaysian Insider) – Putrajaya has directed government-linked companies (GLC) to generate RM7 billion in business opportunities for Bumiputera firms this year, Prime Minister Prime Mini ...
Source: Malaysia Today   Full article at: Malaysia Today Jul 17 2014, 2:05am CDT
 

Update: 7

Rafizi shows proof of Putrajaya’s hand in contentious carpet-trader loan

Source: Malaysia Today

Eileen Ng, The Malaysian Insider PKR lawmaker Rafizi Ramli today revealed documents to prove Putrajaya interfered in the RM32 million Bank Rakyat loan to ‎controversial businessman Deepak Jaikishan. Ra ...
Source: Malaysia Today   Full article at: Malaysia Today Jul 16 2014, 2:16am CDT
 

Update: 6

PAS MP claims Bank Rakyat loaned carpet-trader RM215m, interest free

Source: Malaysia Today

(Malay Mail Online) – Controversial businessman Deepak Jaikishan (pic) was given a whopping RM215 million interest-free loan from state-owned Bank Rakyat, a PAS lawmaker alleged today, despite Putrajaya’s ...
Source: Malaysia Today   Full article at: Malaysia Today Jul 14 2014, 5:52am CDT
 

Update: 5

MRCB, Nusa Gapurna and PKNS settle suit over RM3 billion PJ Sentral project

Source: Malaysia Today

(The Malaysian Insider) – Malaysian Resources Corp Bhd (MRCB), Nusa Gapurna Development Sdn Bhd (NGD) and PKNS Holdings Sdn Bhd have reached an out-of-court settlement over the ownership of the... ...
Source: Malaysia Today   Full article at: Malaysia Today Jun 21 2014, 2:53am CDT
 

Update: 4

Story behind Syed Mokhtar’s ‘RM2.25 billion tax-exempt’ Bernas deal revealed, says PKR MP

Source: Malaysia Today

(The Malaysian Insider) – An innocuous written reply in Parliament has provided a peek into the cosy relationship between the Najib administration and Malaysia’s best-known businessman, Tan Sri Syed Mokhtar... READ MORE ...
Source: Malaysia Today   Full article at: Malaysia Today Jun 15 2014, 12:56pm CDT
 

Update: 3

Constitutional monarchy still murky concept

Source: Malaysia Today

After the RM4.5 billion land sale, the Sultan of Johor secured a 15% stake in MOL Access Portal (MOL) for RM396 million and took a 20% stake in Be ...
Source: Malaysia Today   Full article at: Malaysia Today Jun 14 2014, 12:37am CDT
 

Update: 2

Sultan of Johor’s RM4.5 bil backlash?

Source: Malaysia Today

Has Sultan Ibrahim of Johor’s succession of big money deals over the last six months caused the tide of public opinion to turn against Johor’s royal palace? KiniBiz examines the.. ...
Source: Malaysia Today   Full article at: Malaysia Today Jun 11 2014, 8:49am CDT
 

Update: 1

Putrajaya denies carpet dealer given interest-free loan

Source: Malaysia Today

Eileen Ng, The Malaysian Insider Putrajaya today refuted allegations that Bank Rakyat had allowed carpet dealer Deepak Jaikishan to repay a RM32 million loan without interest following intervention from a... READ M ...
Source: Malaysia Today   Full article at: Malaysia Today Jun 11 2014, 5:44am CDT
 

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Sharknado 2: The Second One Premieres Tonight
Sharknado 2: The Second One Premieres Tonight
Sharknado 2's about to strike Manhattan, New York City. Find out how to survive SyFy's latest monster movie.
 
 
Jadeveon Clowney Aces Jim Washburn's Drill
Jadeveon Clowney Aces Jim Washburn's Drill
Houston Texans rookie linebacker Jadeveon Clowney is just the second player to ace defensive line coach Jim Washburn's drill for evaluating pass rushers.
 
 
Master of Craft Game Review
Master of Craft Game Review
A brand new role-playing game (RPG), Master of Craft (MoC) is fully rendered in 3D. Avid fans and lovers of RPGs enjoy its unique economy where they are allowed to craft and produce their own armors and weapons. Moreover, players can also operate their market and experience to be a merchant and run their own town. The objective of the game is to build a large empire of buildings and focuses solely on crafting armors and weapons.
 
 
Liam Neeson and Natasha Richardson&#039;s Final Moments
Liam Neeson and Natasha Richardson's Final Moments
Liam Neeson's opening up about the couple's final moments before taking Natasha Richardson off life support.
 
 
 

About the Geek Mind

The “geek mind” is concerned with more than just the latest iPhone rumors, or which company will win the gaming console wars. I4U is concerned with more than just the latest photo shoot or other celebrity gossip.

The “geek mind” is concerned with life, in all its different forms and facets. The geek mind wants to know about societal and financial issues, both abroad and at home. If a Fortune 500 decides to raise their minimum wage, or any high priority news, the geek mind wants to know. The geek mind wants to know the top teams in the National Football League, or who’s likely to win the NBA Finals this coming year. The geek mind wants to know who the hottest new models are, or whether the newest blockbuster movie is worth seeing. The geek mind wants to know. The geek mind wants—needs—knowledge.

Read more about The Geek Mind.