As promised, Starbucks has released an update for its iOS app, which the company says “adds extra layers of protection.”
Problems with the Starbucks app came to light after a Computerworld report claimed the app stores passwords in plain text on the device.
This would allow a person to access your Starbucks account credentials by connecting your phone to a computer and accessing a specific log file on the device.
Though someone with malicious intent would have to get hold of your physical device to access the account details, the practice of storing passwords in plain text instead of encrypted is risky.
Starbucks chief information officer Curt Garner addressed concerns with the company’s iOS app in a press release yesterday, and had confirmed that the company was working on fix that’ll extra layers of protection.
The update was rolled out earlier today. The company has updated the press release with the following note:
As promised, we have released an updated version of Starbucks Mobile App for iOS which adds extra layers of protection. We encourage customers to download the update as an additional safeguard measure.
If the app hasn’t been automatically updated, you can download the update via the Updates tab in the App Store app or use this iTunes link.
Note: According to the App Store, the latest version of the Starbucks app is still v2.6.1 (released on May 2, 2013), but if you look at the version history it does reveal that v2.6.2 (released on January 17, 2014) to fix the vulnerability was indeed released. It’s not clear if the update was overridden or withdrawn. Let me know if you’re able to download v2.6.2.