Wednesday, April 25, 2012

The useless PIN code "security" in Google Play Store


Now if you are in the same situation as me and have equipped your kids with Android devices then Google Play Store (a.k.a. Market) provides some "User Controls" options. You can setup content filtering and protect the settings with a PIN code. You can also choose that the PIN code must be used to be able to purchase apps. Very useful because after all it is your credit card that is tied to Google Checkout because they are kids and kids do not have credit cards, at least not where I live.

To be able to change the settings you've setup you need to push "Unlock settings"...


... and enter the PIN code that only you know.


All good so far. This is secure, right? In December last year I started to wonder just what would happen if I cleared the data for Market (it wasn't renamed to Google Play back then) and I gave it a try. Well what happened is that on the next start of Market it started up fresh as expected but what I did not expect was that also the "User Controls" options, including the PIN code, was reset.

So I decided to try to report this bug to Google and found that someone allready had done so and I added my comments to the bug report and starred the issue.

Now 4 and a half month later with several new versions of Market and later renamed to Google Play Store the bug is still present. I just tried with Google Play Store 3.5.16 and all you need to do is push a button...


...and all the protection is gone.


And no, this does not require a rooted device.

If you, like me, think that this bug needs to be fixed then "star" this issue in order to bring Googles attention to it: http://code.google.com/p/android/issues/detail?id=20702

26 comments:

  1. Believe it or not but Google has actually finally fixed this problem and replaced the pin code "security" with a new protection system that requires the password for your google account in order to do purchases.

    My only question is: What took you so long? (18+ months)

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
    Replies
    1. Yes fixed. However my kids (10 & 7) need to know their passwords to sign in, there's no point having this same password to make purchases on my card !!! That defeats the object ?? The extra pin code was perfect - without this bug of course. My own soloution is to take my card off their tablets as I cannot leave it "open" like this !

      Delete
    2. I recommend creating a separate Google-account that you use for buying apps and for which you are the one who knows the password. You can setup multiple Google accounts on Android devices so the kids can still have their own primary accounts and then add this special account and you can also set it up so that it does not sync anything at all. You also setup the same account on your device so if they would figure out the password and starts buying apps then you would get the purchase confirmation mails and find out what is happening.

      This way you can even buy the apps they want using the web-site version of Google Play and choose to which device you want to install the app that you buy and it will be pushed to their phones/tablets.

      Delete
  3. I can't find my Pin Code anywhere. I have the purchase password but that isn't just numbers and the Pin requires only numbers. I've tried to find help without success so I can change the content filtering. All I'd like to do is send Google play store a message asking for their help with this but the only option i find is to call. Can someone help?

    ReplyDelete
  4. all i need is to add"share" tab to my facebook account on my android becausei dont have it there so if anyone has an idea how to do it i wiill be thankful .

    ReplyDelete
  5. Changed phone and got a replacement. Don't remember setting up a pin. Now I can't open the store, emails, or maps.
    How can I reset. I cleared data and even setup a new pin Inumber Gmail account. Please advise.

    ReplyDelete
  6. Click here to look at this article about Highster mobile monitoring application.

    ReplyDelete
  7. Google Play Store se actualiza a la versión 5.6.8, descarga e instala el APK aquí. Tras el Google I/O, Google se ha propuesto seguir actualizándose.
    downloadshareitapp.com - shareit app for android

    ReplyDelete
  8. Corporate houses are among the most vulnerable sites to a variety of threats that can cause loss of business, information and reputation. The demand for corporate service providers has increased in the past decade.guarantor loans

    ReplyDelete
  9. However quick forward to current day and the move has moved to combat area zones like Iraq and Afghanistan. However psychological militant assaults are expanding in numerous other worldwide goals Fast Guard Service LLC

    ReplyDelete
  10. Hey. Neat post. There is a problem with your site in firefox, and you may want to check this… The browser is the market chief and a large component of other folks will omit your excellent writing because of this problem. Change Play Store Country

    ReplyDelete
  11. Albuquerque is a hazardous city and each monitor needs a successful strategy to call for help if necessary. Supervision is essential for the customer and the individual protect.hubstaff review

    ReplyDelete
  12. Be that as it may, it ought to be noticed that Google themselves have perceived that their factual technique has now reached a stopping point of consistent losses and it is far-fetched that, as the innovation as of now stands, the standard of translation will have the capacity to enhance considerably, and that goes not only for Serbian and English, but rather for all dialect blends.text to speech recorder

    ReplyDelete
  13. From the first move of the playing you have to attempt to push the cherry together with the Hazelnut that stuck with a column to the centre line with a gap. This particular motion can let you take them down easily to the floor. This time do not make a further move until it's possible to locate the path to push down it. Candy Crush

    ReplyDelete
  14. Google Pay is not secure. I lost IDR 1,150,000 because my 7 year old son playing Mobile Legends using my HP. There is no PIN to be input. No security at all.
    I remove the payment now because Google said there is no fraud and refuse to give back my money. I also uninstalled Mobile Legends from my HP and will close Visa Credit Card soon.
    What kind of financial transaction that do not require PIN at all? There is no security at all. You don’t need virus to empty your bank account via Google Pay. Anyone with your HP can do that
    Be Careful Google Pay Is Not Secure! (https://agusnizami.com/2018/12/12/be-careful-google-pay-is-not-secure/)

    ReplyDelete
  15. When you look for a camera, you can without much of a stretch end up with either undeniably more or far short of what you require. look at the website

    ReplyDelete
  16. additionally checking if your software works with various report arranges just as email is an essential advance before buying the item. free online voice generator

    ReplyDelete
  17. A significant number of these alleged robbers are experts and expertise to play out their activity without leaving any indications. In any case, with a home surveillance camera framework set up, there is video given which encourages law implementation to distinguish the criminal and ideally get a personality and a capture and, ideally, get back any of your assets that may have been stolen all the while.
    building intercom system upgrade

    ReplyDelete
  18. Install a surveillance camera or observation camera outside in your patio to avert against robbery or theft. Additionally extraordinary for when the youngsters are playing outside and you need to watch out.
    Best Security Place

    ReplyDelete
  19. Thank you very much for the sharing! COOL.. Buy Google 5 star Reviews,

    ReplyDelete
  20. Wow! Such an amazing and helpful post this is. I really really love it. It's so good and so awesome. I am just amazed. I hope that you continue to do your work like this in the future also security camera installation

    ReplyDelete
  21. The VTech CS5119 is normal for an essential cordless telephone. It has standard highlights like handset area, handset-to-handset radio, a 50-passage telephone directory index, calm mode and a minimized plan. This mode my review here

    ReplyDelete
  22. There are essentially three bits of gear you'll be working with: the cameras, collector/DVR and the screen. on this website here

    ReplyDelete
  23. Hello I am so delighted I located your blog, I really located you by mistake, while I was watching on google for something else, Anyways I am here now and could just like to say thank for a tremendous post and a all round entertaining website. Please do keep up the great work. Serious Security Melbourne

    ReplyDelete
  24. I would like to thank you for this excellent read!! I definitely loved every little bit of it. I am wondering going through the large security system you explained. It's surely very useful and educative contribution. I have you bookmarked your site to check out the new stuff you post.
    cctv installation miami

    ReplyDelete