UPDATE: ON JANUARY 16, 2014, THE SAME DAY THAT I PUBLISHED THIS BLOG, STARBUCKS ISSUED A SECURITY UPDATE TO ITS MOBILE APP TO CURE SOME OF THE DEFICIENCIES THAT I IDENTIFIED BELOW.
Before I begin my diatribe about security and privacy risks, I’ll confess: I am an avid Starbucks consumer. I really like its bold coffee; I meet people for social and business meetings in its cafes; I read and type there.
And I always pay for my coffee with my gold Starbucks card. (Why not? I earn points towards a free drink after every 15 purchases.)
I’ve always marvelled when other customers pay by allowing a Starbucks employee to scan their telephones. I never understood their reasoning, other than the “cool” factor.
First of all, it’s no more convenient to swipe a phone than to swipe a credit card.
Second, if “cool” and status are one’s goals, the gold card sends that message to anyone in sight, doesn’t it?
But most significantly, why would you want another person to scan the screen of your phone, using her employer’s scanning device? It’s one thing to use your phone to scan other objects (by using a bar-code scanning app or taking a photo, for example). But the converse seems foolhardy and risky: letting a 3rd party’s device view your own phone.
Somehow, that always seemed unwise to me. Not from a technological viewpoint, but merely common sense. Exposing your phone is exposing your private life. What is the Starbucks scanning machine reading? Just your credit information? Or your emails?
Certainly, you’ve told Starbucks your geolocation data merely by paying at a given store. (But you do that when you pay any merchant with a credit card, at Starbucks or anywhere else, since you are obviously at the physical brick-and-mortar store when you use your card.)
Now, let’s step aside from the illogic of using the Starbucks mobile app.
It contains a security flaw that puts you in harm’s way.
Most banking and payment apps that require the user to enter her username/password each time the app is used. Not so with the Starbucks app.
It’s so easy to use the app. Maybe that’s the temptation for customers to use it.
Once the app has been installed on a phone, it can be used whenever it’s opened, without the need to type a password. This is accomplished because the password is stored on the phone.
The password not stored in the app! It’s stored on the phone itself. And not only is it embedded in your phone’s file system: it’s not even encrypted. The password is visible in a clear text file that the app (and anyone else) can access.
The text file is readily available to anyone who gains access to your phone. The phone’s PIN does not even have to be entered or hacked, in order to read the text file that contains your Starbucks password.
Why does this matter?
Once your password is in the hands of a malevolent person, your cash balance in your Starbucks account can be stolen.
But that’s rarely a significant amount of money, usually only US $25 or less.
However, if you’ve set your app to reload your card automatically, the hacker can reload your account with larger sums of money, and then withdraw that additonal cash as well.
Worse still, most of us are sloppy with our password protection. Most of us use only 1 or 2 passwords for all of our accounts – for banking, for email, for Google/Youtube, for access to so many aspects of our digital lives.
So here’s the worst case scenario (and not far-fetched):
1. Your Starbucks password is hacked (easily).
2. Your Starbucks account is drained (easily).
3. Your credit card reloads your Starbucks account, and that is drained.
4. Your geolocation data becomes known.
5. The credit card you use to load your Starbucks account becomes known.
6. Mobile bank apps on your phone indicate the banks that you use.
7. If you use the same password for those banks that you use for your Starbucks account, it becomes easy to hack into your bank accounts and withdraw and borrow money.
8. If your Starbucks password is also used for your cloud-based email (Gmail, Yahoo, etc), then your business and personal conversations can be misappropriated.
9. If your Starbucks password is also used for your social media sites…….anything can happen.
1. Don’t store your passwords on your phone.
2. Don’t pay for coffee with a mobile app.