Clearing Android Market’s Data From Settings Removes PIN Protection [Security]
Google recently introduced PIN protection for Android Market. Its objective, of course, is to ensure kids don’t accidentally buy apps with your credit card credentials stored on your phone. Today, we came across a very simple, straightforward method to basically bypass this protection. Check it out after the break.
The discovery comes from user hebl over on Reddit who notes that he is able bypass Android Market’s PIN protection on his own Desire HD.
The method is simple: press the menu button from the home screen to go into Settings > Applications > Manage Applications > All > Market and tap Clear data. This clears all data saved by Android Market, which includes PIN protection. If you go back to Android Market now, you will be able to buy apps without entering a PIN code.
We’ve tested this on our own device – a Samsung Galaxy S II on Android 2.3 Gingerbread – and can confirm that the issue is present.
With PIN protection.
PIN protection was originally introduced with Market 3.1.3 to keep kids away from purchasing paid apps from the Market. Clearing data to get rid of PIN protection is an easy bypassing technique.
Without PIN protection (right) after clearing data (left).
Unless your kid is one of those techie-types or knows how to search for things on Google, this won’t be a problem. But still, we expect Google to fix this issue in a future update to Market by saving the PIN code information separately from Market’s own files.
The latest version of Android Market is 3.4.4. If you haven’t received the update yet, you can download its APK and manually install it.
There is no temporary solution for this at the moment. So your best bet is to just discipline your kids if they buy apps without your consent.