The internet has recently been awash with terrifying stories about how thieves were able to access all the deepest, darkest secrets you keep on your iPhone just by knowing your PIN.
By simply knowing your login PIN (and getting your hands on your iPhone), it’s possible for anyone to change your Apple ID, lock you out of all other Apple devices, and even gain unwanted access to your bank accounts and social networks .
Worryingly, experts have now discovered that the same is true for Android devices, which are equally at risk of such data theft.
Android PIN theft
On an Android device, users can navigate to Google > Manage your Google account > Security > Password in the System Settings app. From there, they can click “Forgot Password” and use an option to use the phone’s screen lock code to change their Google account password.
Google’s software developers have made this possible because your phone is considered your property and when you are logged in, you are assumed to be the user.
While useful in those cases where you forget your password, it doesn’t take into account thieves who know or can figure out your PIN.
9To5Google (opens in new tab) explained that this is most common among iPhone users, presumably because they have a higher resale value compared to the initial cost, allowing thieves to make some extra cash.
Either way, the problem is no less severe with Android users who, like iPhone users, can access and leak all of their otherwise unprotected data.
Even secure data is at risk, assuming your passwords are stored in a password manager that can be accessed during an attack.
While it is possible to prevent passwords from being changed via PIN while Advanced Security is enabled, this is unrealistic for many users as it requires a few physical security keys and some technical knowledge.
Customers around the world are urging Google and Apple to consider this option more carefully, but in the meantime, they can protect their data by limiting the types of apps that can be accessed through the phone’s sign-in method, and by carefully thinking about how they manage their passwords.