Trending

Filed under: News

 

Starbucks 'Chose Convenience Over Security' In Leaving iOS App Vulnerable

Jan 16 2014, 4:36pm CST | by

Starbucks 'Chose Convenience Over Security' In Leaving iOS App Vulnerable
Photo Credit: Forbes
 
 
 

Is it better for mobile apps to be easy-to-use, or secure? It’s a question that app developers constantly grapple with in the face of a competitive landscape, and it can sometimes take a data breach like Snapchat’s to push them in the latter direction.  Earlier this week security researcher Daniel Wood disclosed his findings on how Starbucks was storing data about users of its iOS app in plain text and locally on a device, making passwords and even geolocation data about users vulnerable to theft if the wrong kind of hacker got hold of their iPhone.

Starbucks has said it knows about the app’s vulnerability and that the possibility of it being exploited is “very far fetched.” It says that none of the app’s 10 million users have come forward to claim their data has been misused as a result.

Still, the company is now working on updating its app with “extra layers of protection.” Researcher Wood had approached Starbucks in December about the vulnerability and posted his findings publicly when he didn’t get a response from the chain’s technical teams.

This isn’t the first time a company has been called out for storing its customer data in plain text. The Federal Trade Commission fined social game developer RockYou $250,000 in the spring of 2012 after finding it had stored 32 million email addresses and passwords in plain text. At around the same time, the Microsoft Store India  was shown to be storing passwords in plain text when it was breached by a team of Chinese Hackers, while a year earlier the notorious LulzSec attack on Sony Pictures found more than 1 million customers passwords was being stored in plain text, vulnerable to being stolen and used by spammers.

Habitually storing user data in this way boils down to a question of convenience over security, says Tony Anscombe, head of free products at security software firm AVG Technologies. Most iOS apps don’t store uses data locally on the iPhone as Starbucks did, or they’ll use Apple’s password management system for iOS7, Keychain. It means users have to enter a login and password each time they use an app. “It’s less convenient, but much more secure,” Anscombe wrote in a blog post today.

“Starbucks has done the opposite, storing user data on the user’s device itself and in plain text,” he added. “This means that anyone with access to the phone and the relative know-how can freely access the data stored by the Starbucks app without even having to unlock the device.”

Wood’s disclosure forces app developers to question the larger issue of prioritizing ease of use over privacy and security. In this case, Starbucks had decided on behalf of the consumer that it would “prefer convenience over privacy,” Anscombe added. “While we understand the company’s desire to have more users enjoying their app, it should not be at the cost of securing personal data.”

Source: Forbes

You Might Also Like

Updates

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Hilary Duff Tweets About Love After Coachella
Hilary Duff Tweets About Love After Coachella
She was spotted there with her ex
 
 
“We Don’t Have Plans of Quitting Yet,” AC/DC Rock Group Says
“We Don’t Have Plans of Quitting Yet,” AC/DC Rock Group Says
AC/DC Rock Group dismisses claims that it is on the verge to retirement. Rumors started spreading as one of their band-members is suffering from health complications.
 
 
Lindsay Lohan reality show gets cancelled, no one told her yet
Lindsay Lohan reality show gets cancelled, no one told her yet
Oprah has reportedly told execs the show won't return
 
 
iPhone 6 case reveals a relocation of the phone’s power button
iPhone 6 case reveals a relocation of the phone’s power button
Photo leaks of the iPhone 6’s case suggest that there will be both a modification and repositioning of the power button.
 
 
 

The Hottest Photos of Victoria's Secret Fashion Show 2013

 

Viral Stories the Web