This seems to be a pretty common problem these days. An organization or company stores our data in some way that can easily be hacked or as in this case, in the open. According to this ComputerWorld article, Starbucks has apparently made the choice to save a person’s passwords directly on the mobile device to allow for quicker purchases that allows for convenience when purchasing items. However, if the phone is then connected to a PC, the data can then be found in clear text form. I guess all in all it’s not that big of deal, that should only allow a thief to purchase all the ridiculous amounts of caffeine fixes they want, unless you’re one of those people that uses the same username and password for everything (I was unclear when I read the article if the credit card information is easily found). I do think it rises some questions,
Why does a company think it’s a good idea to store data that allows quick purchasing in an easy to get to place? I think companies need to be a little more aware of what they doing in.
Are there other companies that allow “one-click” or quick purchases, storing financial and other user information in easy to access places. It is a great convenience to make fast purchases but at what cost to our security.
4 Responses to Starbucks mobile app security