Play Store vulnerability.
I recently was thinking about something, I decided to test it out.
On the Play Store app, you can choose to add a pin number, and make this pin be required to make purchases.
This is a good idea, as we don't want anyone charging our credit cards or carrier bills if our device gets lost/stolen.
However, there is a flaw in this. The aforementioned pin number is stored locally on the device, whilst the credit card info is connected to your google account, and obviously your carrier billing options are stored online.
All someone has to do to be able to make purchases on a supposed secure play store is go to Settings>Applications>All>Google Play Store and click clear data. No more pin.
Originally Posted by trter10
its also stored in plain text! /data/data/com.android.vending/shared_prefs/finsky.xml
The fix to this would obviously be that google have the pin be connected to your google account, instead of stored locally on the device.
Reported to Google. PLEASE STAR THE ISSUE! Will help it get to the people that can fix the problem!
^^^^^^^^^^^^^^^^^^^^^^^^^^Click banner for my Twitter
<---- I now have a PayPal donate link right over there <----
If you don't wan't to straight up donate via PayPal, these Amazon.com virtual giftcards are always appreciated