starbucks

Starbucks has confirmed a finding by security researcher Daniel Wood that both username and password in its iOS app are stored in plain text.

It’s not the big deal some are making it out to be – to make use of it, someone would need physical access to your unlocked iPhone, in which case you likely have bigger things to worry about than someone being able to order tall skinny lattes on your dime. Additionally, as Engadget observes, a far easier hack by someone with access to your phone would simply be to take a photo of the on-screen barcode used to authorise payments.

All the same, it is pretty poor design on the part of a payment app from a major company, and it’s surprising that Starbucks apparently has no plans to fix it with an updated app.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy's favorite gear