Google Play Store pins can now be extracted from a device using a script

October 9, 2012
26 22 28 2

Play Store
The Google Play Store has had an exciting year. It hit the 25 billion download mark and celebrated with a very popular $.25 app sale. Their revenue was up 137% in the first seven months of this year. Android fans couldn’t be happier with the success of the Play Store and it remains among the top two most popular App Stores. That doesn’t make it perfect, though.

For awhile now, there has been a known Play Store exploit. When you create a PIN number, it is actually stored locally on your device. In other words, you can find the PIN in a file on your device’s memory. This means if you go into into settings and wipe Play Store’s data, the PIN gets deleted. That means anyone can access your Play Store stuff without the PIN.

Based on that, a developer was able to find where the PIN was actually stored. As it turns out, it is actually stored as a plain text file right on your device. Using that info, an application is able to find the file that contains the PIN, pull it, and display it. This is a very ambiguous application because it can both very helpful and very dangerous. It all depends on who is using it.

Why hasn’t the Play Store fixed this vulnerability?

The short answer is that they are working on it. XDA member Zanderman112 has reported the problem directly to Google. So there should be a fix sometime in the future. Just waiting on Google.

Despite the nature of the hack, it really isn’t too big of a deal. Attackers can only get to your Play Store goodies if they actually have your phone. So if you don’t lose your phone or leave it where shady types can get to it then you should be safe. Additionally, setting multiple security measures like a PIN for your lock screen will help as well.

Some of the most helpful software can also be some of the most dangerous software to use. If you ever forget your PIN for your Play Store, this exploit is an excellent way to get it back without requiring a factory reset on your device. On the other hand, it leaves it wide open to attackers. To check out the PIN pulling app, click on the source link. Are you concerned about the exploit? Let us know what you think.

Comments

  • MasterMuffin

    I don’t even use pin protection :)

  • paxmos

    What is this PIN…Never knew about it!!!