Over at XDA forums a vulnerability in Googles Play store application has been exposed by user Zanderman112 that means anyone could use your phone or tablet to purchase applications, even if you have the app set to use pin protection to prevent unauthorised purchases.
The Play store app allows you to set a pin code for security so that, when someone goes to purchase an app, they have to know the code you chose in order to complete the transaction.
If you have purchased apps before then this is of course a very useful feature to have as it means that no one but you can run up a bill by purchasing apps.
Except that, it turns out, they can.
As Zanderman112 points out "All someone has to do to be able to make purchases on a supposed secure play store is go to Settings>Applications>All>Google Play Store and click clear data. No more pin".
And surprisingly it really is that simple, try it yourself and see. What will happen after clearing the data is that you will get the notice about Play Store and the first time screen asking you to click the button to accept the terms and conditions.
When you do that the Play store app will automatically recognise the account your device is logged into and all your apps will show up in the Play store with no purchase restrictions, meaning anyone with access to your phone or tablet can easily purchase applications as if they are you.
Zanderman112 provides an easy solution to the problem for Google, if they choose to implement it "The fix to this would obviously be that google have the pin be connected to your google account, instead of stored locally on the device". The question is will they?
In the mean time a temporary but effective solution is to lock your Android device with a pin code. For some that may get a bit tedious having to type in a code but unlike the Play store app code the system lock code is not so easy to bypass and will provide a much more effective form of security against the purchase of apps by others than relying on Play stores pin.