As security continues to be a major issue in the Android ecosystem, a bit of related news have just surfaced. It seems like the Google Play Store PIN has a security hole, allowing unwanted users to bypass the security PIN and purchasing content with your credit card.
We have seen similar issues with Google Wallet in the past. The security PIN is saved in your smartphone, granting access to your information locally. This means that any user who finds/steals your device can go ahead and just clear the app’s data under settings. Such action would also delete the PIN, and let the bad boys in.
A good idea would be to have such PIN access codes saved on Google’s servers, instead of locally. This would mean that one would need an internet connection in order to purchase any content. But one already needs a data connection for accessing and purchasing content, anyways. So this would not really create any issues.
Regardless, we assume most thieves are not exactly following all the Android news, and know about this issue. But one can never be too careful. Make sure you take other security measures if you are one to be a bit careless with your device. A lock screen password would probably be the most convenient.
We sure hope that Google provides a fix for this loophole, though. For now, just be a bit extra careful.
[Via: Brief Mobile]
I don;t even use the pin-locker (mainly because I do not have a credit card set-up with my account xD)
But even if I did, the unlock screen pin would do well and if it was stolen -> remote wipe stuff :P
A good idea would’ve been not to post it all over on how to get around it, now that would have been a thought.
you have to understand that things dont get fixed if nobody knows of the problem.
Yeah, I am very worried about someone stealing my phone then buying apps for me…
Android Market/Google Play uses a security pin? I never knew. My credit card is stored with them and I always make purchases, but it never asks me for a pin. How do I activate the pin?
Nevermind, figured it out. Go into Google Play, then settings, then “set or change PIN” and also click “Use Pin for purchases.”
Awesome-just found it-thanks!
Simple solution.
Put a passcode on your unlock screen n be done with it.
Google Wallet was already ruin for numerous people because clumsy people are paranoid someone going to use it when/if they lose yhere phone.
Easy solution for that too. DONT LOSE YOUR PHONE…
Ill be pissy if i cant buy stuff from the app store because security conscience put a pw on the market but not thier unlock screens….
cant edit my post but let me add
STOP LOSING YOUR FREAKUNG PHONES PEOPLE…..
Ya because people go about their day looking for a way to lose their phone.
Nobody I know woke up and made it their mission to lose their phone.
Things happen, but then again not everyone is as perfect a human being as you are.
I’ve Never lost my cell phone.
I’ve never lost my wallet.
Never lost my keys either………….
Why should I have to be punished for other peoples inattnetivnesss?
Like I said. Put a passcode on your lockscreen. Then this way if your one of those people that don’t know how to keep track of their belongings, you don’t have to worry about people spending your money.
Next thing you know people are gonna start crying thatif they lose thier phone, someones going to look at their memory card and see all their pictures, songs movies etc. The security is awefull……….
i think the Google Play/Market PIN is to prevent you from accidentally buying apps. a simple clear cache/data removes the PIN anyway.
A good app is Smart App Protector. There’s a free version. You can lock apps. So you have to put in a Pin/Passowrd/Pattern to unlock the app and use it. So for those like me who like’s lockscreen options, this is a good alternative.
Visidon Applock is the same thing except it uses the front facing camera. So you can have both. If they figure out the password, they still need your face. =.P
Just make sure you don’t have “password for *app-locking app*” because it will cause a loop. To fix the loop if you make it, open one of the apps and just remove the app-locking app.
Smart App Protecter FREE
https://play.google.com/store/apps/details?id=com.sp.protector.free&feature=search_result#?t=W251bGwsMSwxLDEsImNvbS5zcC5wcm90ZWN0b3IuZnJlZSJd
Visidon AppLock
https://play.google.com/store/apps/details?id=visidon.AppLock&feature=search_result#?t=W251bGwsMSwxLDEsInZpc2lkb24uQXBwTG9jayJd
I had Smart App Protector and while it’s great for the stupid hackers, you can easily uninstall the app from the Mark…i mean Play Store.
“This would mean that one would need an internet connection in order to purchase any content.”
You need an internet connection anyway…
Android does not and I repeart does not have a security problem. Its all made up.
So all those DroidDream attacks were just.. dreams?
If you clear data for the app wouldn’t it clear the card data too then? Or am I reading this wrong?
card data is stored on google’s wallet servers.
A good idea would be to have such PIN access codes saved on Google’s servers, instead of locally.