The App Store over the years has won customer trust for secure apps since each app goes through an approval process. However, in the recent past there have been many cases where users’ data has been compromised due to the app developers server being hacked or not using enough security measures.

It was recently revealed that the popular Starbucks app for iOS stores user names, email address and passwords in clear text. This valuable information could easily be accessed by connecting your smartphone with the app installed to a computer. While this is not the same as recent Snapchat security breach that happened last week. It does raise some concerns over app developers commitment to keep their users’ data secure.

Starbucks spokeswoman in a statement to PCMag said, “While we are aware of this report, there is no known impact to our customers,”. Customers who often buy from Starbucks enjoy the connivence of customising their order and paying online through the application.

According to a report, Starbucks mobile app is the most used mobile payment application in the U.S. While it does provide ease of use, customers have repeatedly complained about the app not remembering passwords and often losing all information of gift cards.

Apple has set a number of guidelines for app developer to follow to have their apps approved for sale on the App Store. The recent security breaches and inadequate measures for protecting users data may soon become a huge concern for Apple.

In coming months it won’t be surprising for Apple to start rejecting applications that don’t comply with strict security measures for apps that store sensitive user information. It will be interesting to see if Apple improves its guidelines for developers to develop more secure apps for its audience.

Starbucks

by Starbucks Coffee Company

• Rating

• Premiere

  2009-09-23

• Genre

  Food & Drink

•   FREE QR code
• Platform

  iOS (iPhone)

• Version

  3.2.4 ⋅ 23 MB

• Additional

  Info ⋅ Gallery

Snapchat a social networking app popular for sharing photos with friends that self-destruct after a few seconds has had a security breach. The servers of Snapchat were hacked that has resulted in usernames and mobile numbers of over 4.6 million users being exposed and possibly available on the internet.

According to reports, Gibson Security on August 27, 2013 had pointed out flaws in Snapchat’s “Find Friends” feature. The exploits were recently made public and as a result hackers were able to access information from Snapchat servers.

Find Friends is an optional service that asks Snapchatters to enter their phone number so that their friends can find their username. This means that if you enter your phone number into Find Friends, someone who has your phone number in his or her address book can find your username.

Snapchat has posted a blog post acknowledging the security breach and explained how the hackers got the information:

… it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames. On New Years Eve, an attacker released a database of partially redacted phone numbers and usernames. No other information, including Snaps, was leaked or accessed in these attacks.

This security breach is clearly a result of Snapchat not working quick enough to patch the security holes in time. The flaws had been exposed 4 months ago however, the company failed to take action which has now resulted in 4.6 million unhappy users.

The developers are now working on an updated version of the app that will allow users to opt-out of Find Friends feature and will be “improving rate limiting and other restrictions” to avoid such attacks.

Snapchat was recently approached by Facebook for acquisition for about $3 billion however, the company refused the offer. The social networking app to share photos and short video clips is popular among teenagers. Sharing photos without leaving any tracks behind has proved to a successful strategy behind Snapchat’s user base.

Gibson Security has put up a website “GS Lookup – Snapchat” to allow users to check if their details were stolen by entering their username on the website. The site notes that only specific areas of America were included. It also suggests some steps you could take in case your details were stolen.

This is not the first time such a security breach has happened in a social networking application. Recently even Skype was targeted by hackers during the holiday season.

AT&T has finally reached out to their iPad 3G customers affected by the security breach discovered on June 7th. After days of silence formulating a response (and probably being brow beaten by Steve Jobs), the American telecom giant sent an email to explain their side of the story. In a message dated June 13th, Senior Vice President, Public Policy and Chief Privacy Officer Dorothy Attwood described the company’s views on the data leak. It provides an interesting perspective on how AT&T views the incident and how they view their own responsibilities.

The email describes the incident as occurring when:

. . . unauthorized computer “hackers” maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the e-mail address you used to register your iPad for 3G service.

It’s interesting to note just how much is packed into that one sentence. First, AT&T is denying all responsibility for the incident. Granted, they didn’t ask to be hacked or invite the situation to occur. On the other hand, how does a large, multinational corporation that handles the data of millions (if not billions) of people every day get exploited by a simple hack? And by all accounts this was a simple, simple hack. The hackers, a group calling themselves Goatse Security, noticed certain URLs used by an AT&T online application followed a guessable pattern by transmitting information in plain text. Using the pattern they discerned, they were able to hack the application. This is the type of stuff they teach you to avoid in a first year computer science class. While AT&T may have been a victim of an attack, they certainly didn’t do anything to secure themselves from it happening. If you leave your front door unlocked, you haven’t done your part to keep the thieves out.

The second take-away is how AT&T is painting itself as the hapless victim. After all, AT&T just wanted to make your experience better by pre-populating your e-mail address on that nasty old log-in form. Aren’t we great? No matter how much AT&T tries to portray itself otherwise, this is just another embarrassing incident in a long line of them. It is amazing at this point that a company like Apple continues to put up with this act from their telecom partner. It is hard to believe that Steve Jobs is so loyal to them that he’s willing to sheath his somewhat legendary temper for them. Perhaps some day we’ll point back to this incident as the beginning of the end of AT&T exclusivity. Until then, American iPhone users are stuck at the mercy of a telecommunications company more interesting in looking like a victim to save face than one willing to take responsibility for the actions.

What do you think about AT&T’s response? Did their apology take sufficient responsibility for the data breach? Is this the end of AT&T exclusivity? Leave us your thoughts below.

Poll Question

Cast your vote.

The FBI has launched an investigation into the AT&T security breach first reported in Valleywag earlier this week. According to a report in the Wall Street Journal, the Federal Bureau of Investigation in the United States has begun to look into the circumstances surrounding the breach that left hundreds of thousands of iPad 3G owners exposed to potential attack. While web site hacks and data breaches have gone unnoticed and not investigated in the past, the inclusion of high profile governmental authorities and celebrities has almost insured an investigation in this instance. Those caught in the net of the security breach have included ABC News personality Diane Sawyer, several high ranking American military officials, and even White House Chief of Staff Rahm Emanuel. Such a star-studded cast should insure a lengthy and thorough look at the matter.

While the loss of e-mail addresses doesn’t present much in the way of exposure to the effected individuals, the more troublesome leak is that of the ICC ID, or SIM address, of the iPads in question. The SIM address is, in a lot of ways, similar to the ESN used on cell phones. Individuals with malicious intent and the ESN of a cell phone can clone an existing unit and intercept calls and information intended for the legal recipient. Although no one has confirmed or denied a similar situation could exist with the SIM address, it has to be a worry in the minds of both the iPad owners and the FBI unit investigating the matter. If sensitive material is being carried on exposed iPads it is open to attack if the SIM address could be used in this manner.

At the end of the day though, this story is ultimately about the increasingly strained relationship between AT&T and Apple. Is Steve Jobs so loyal to the company that gave Apple’s iPhone its first break that he’s willing to ignore these problems indefinitely? It’s mind boggling to believe someone like Jobs, who’s main focus seems to be on bringing order and control to things, could abide forever while AT&T continues with its poor service, increased pricing on data plans, and now security breach of confidential information. Will this be the issue Apple points to as finally driving them into the arms of Verizon, Sprint, and T-Mobile in the United States? The end of carrier exclusivity in other parts of the world has been a boon for iPhone sales. When will that boon finally come to America? May be it’s only an FBI investigation away.

Does the AT&T security breach further shake your faith in the carrier? Are you a current AT&T customer that’s thought about leaving the company? Have you left? Where you one of the 114,000 affected by the security breach? Leave us your thoughts in the comments.