Wednesday, April 25, 2012

The useless PIN code "security" in Google Play Store


Now if you are in the same situation as me and have equipped your kids with Android devices then Google Play Store (a.k.a. Market) provides some "User Controls" options. You can setup content filtering and protect the settings with a PIN code. You can also choose that the PIN code must be used to be able to purchase apps. Very useful because after all it is your credit card that is tied to Google Checkout because they are kids and kids do not have credit cards, at least not where I live.

To be able to change the settings you've setup you need to push "Unlock settings"...


... and enter the PIN code that only you know.


All good so far. This is secure, right? In December last year I started to wonder just what would happen if I cleared the data for Market (it wasn't renamed to Google Play back then) and I gave it a try. Well what happened is that on the next start of Market it started up fresh as expected but what I did not expect was that also the "User Controls" options, including the PIN code, was reset.

So I decided to try to report this bug to Google and found that someone allready had done so and I added my comments to the bug report and starred the issue.

Now 4 and a half month later with several new versions of Market and later renamed to Google Play Store the bug is still present. I just tried with Google Play Store 3.5.16 and all you need to do is push a button...


...and all the protection is gone.


And no, this does not require a rooted device.

If you, like me, think that this bug needs to be fixed then "star" this issue in order to bring Googles attention to it: http://code.google.com/p/android/issues/detail?id=20702

9 comments:

  1. Believe it or not but Google has actually finally fixed this problem and replaced the pin code "security" with a new protection system that requires the password for your google account in order to do purchases.

    My only question is: What took you so long? (18+ months)

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
    Replies
    1. Yes fixed. However my kids (10 & 7) need to know their passwords to sign in, there's no point having this same password to make purchases on my card !!! That defeats the object ?? The extra pin code was perfect - without this bug of course. My own soloution is to take my card off their tablets as I cannot leave it "open" like this !

      Delete
    2. I recommend creating a separate Google-account that you use for buying apps and for which you are the one who knows the password. You can setup multiple Google accounts on Android devices so the kids can still have their own primary accounts and then add this special account and you can also set it up so that it does not sync anything at all. You also setup the same account on your device so if they would figure out the password and starts buying apps then you would get the purchase confirmation mails and find out what is happening.

      This way you can even buy the apps they want using the web-site version of Google Play and choose to which device you want to install the app that you buy and it will be pushed to their phones/tablets.

      Delete
  3. I can't find my Pin Code anywhere. I have the purchase password but that isn't just numbers and the Pin requires only numbers. I've tried to find help without success so I can change the content filtering. All I'd like to do is send Google play store a message asking for their help with this but the only option i find is to call. Can someone help?

    ReplyDelete
  4. all i need is to add"share" tab to my facebook account on my android becausei dont have it there so if anyone has an idea how to do it i wiill be thankful .

    ReplyDelete
  5. Changed phone and got a replacement. Don't remember setting up a pin. Now I can't open the store, emails, or maps.
    How can I reset. I cleared data and even setup a new pin Inumber Gmail account. Please advise.

    ReplyDelete
  6. Click here to look at this article about Highster mobile monitoring application.

    ReplyDelete
  7. Google Play Store se actualiza a la versión 5.6.8, descarga e instala el APK aquí. Tras el Google I/O, Google se ha propuesto seguir actualizándose.
    downloadshareitapp.com - shareit app for android

    ReplyDelete