We recently published our appWatchdog findings for popular retail mobile apps including:
- Amazon Mobile [iPhone & Android]
- Best Buy [iPhone & Android]
- ebay [iPhone & Android]
- Overstock.com [iPhone & Android]
- Starbucks Card Mobile [iPhone]
- Starbucks Cards Manager UNOFFICIAL (evanthedev) [Android]
Most of the apps stored the user name unencrypted and typically other data such as your name, address and recent searches. However, consumers should review each application’s detailed findings to determine if they have concerns with the stored data.
Credit card vulnerability
Far more concerning, though, is the data stored by the UNOFFICAL Starbucks Cards Manager by evanthedev. We found this app insecurely stored:
- Full 16-digit credit card numbers
- Credit card’s three digit security code and expiration date
- Full name and address of card holder
This is a very serious issue and we strongly caution consumers in their use of this mobile app.
Help share our findings
Our next round of testing will focus on the security of mobile email applications.
Improvements to appWatchdog service
To better communicate our findings, we’ve changed the following:
- Areas tested are scored with PASS, WARN or FAIL
- Added Analysts Notes section for each app reviewed which include specifics on the data the analyst uncovered
- Created an Overview page to better describe our process, findings and goals
- Added additional answers to our FAQ
- You can now filter the apps reviewed by platform or name (in the future we’ll add category filtering)