Coffee for Smartphone Users. Is It Enough to Awaken Us?
January 20, 2014
By Jack Walsh

It’s been reported in the news that the Starbuck’s payment app saves usernames, passwords and location data in plain text right on consumer’s smartphones. Any devious person with a little know-how can get access to this information and use it to get one caffeine fix after another ad infinitum.

Of course this is not good news. But it is more than that.  This should be a wake-up call – not just for those of us who like to pay for coffee with our smartphones.

The threat landscape for mobile apps is growing.

This is not the first set of shocking news about mobile app insecurity.  In the summer of 2013 there was a report detailing serious and surprising privacy-related issues in the top 100 free and top 100 paid iOS and Android apps.  More recently – within the last few weeks in fact – there was a report on 40 banking apps belonging to some of the top financial institutions in the world detailing perhaps even more serious concerns, given the nature of the apps.  From these studies it is clear that the problem with mobile apps is likely more pervasive than one might expect or realize.

Mobile app issues are so concerning because so many of us use phones and tablets to buy more than coffee.  We are banking and paying bills.  We are investing for retirement and transferring more money into our children’s collegiate cafeteria spending accounts.  And because so many of us use the same account credentials across apps, it may also impact the more pleasure or entertainment-related activities for which we use our smartphones.

Until apps are routinely tested throughout their lifecycle by independent, third-party mobile app testing labs equipped with the proper mix of tools and experience, such as ICSA Labs, we all have to take steps to protect ourselves.

Basic but effective advice for mobile app users to better protect themselves includes locking the device and setting a PIN or password. Configure remote wipe as a myriad of studies indicate smartphones and tablets are commonly lost or stolen.  One set of statistics indicate 113 mobile devices or tablets go missing each minute on average in the U.S.  

Once you have taken these simple security measures, ensure that you are not sharing account credentials across apps. 

Unless we stop sharing usernames and passwords from one mobile app to the next, don’t be surprised when someone siphons money out of our bank account with the same credentials we use to put films into our online movie-streaming queue, or purchase a cup a coffee.


Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

This question is for testing whether you are a human visitor to prevent automated spam submissions.
Enter the characters shown in the image.