Skip to main content

iOS 6 bug lets institutional users bypass ‘Don’t Allow Changes’ account restriction, install unapproved apps (Update: fixed)

Update (Feb 21st): This has been fixed according to a reader. The iTunes and App Stores use HTML on the backend so Apple can “push” updates via backend code changes:

As of this morning, the bug is gone! No update required! Looks
like the somehow they pushed the update! I can no longer change the
account in the App Store or iTunes store! This reminds me when I was
beta testing 6.0 and Apple changed the behavior of downloading updates
not requiring a password (they also allowed free apps with no password
for a short while). That didn’t need an update to change either.
They seem to have ways of fixing App Store behavior without needing to
update iOS. I’m still running 6.1 on my devices, haven’t gone to
6.1.2 yet.

Would be nice for an official answer from Apple, but so far, it’s
working correctly! Also, I see redeem and send gift are grayed out
also, at the bottom of the App Store. Same for iTunes Store.

For those unaware, iOS 6 received some beefed up Restriction settings when it was released that allowed users to select “Don’t Allow Changes” for an entire account linked to an iOS device. This option was particularly useful for schools and organizations that wanted to limit a device to a specific account and keep students and others from installing apps not approved by the institution. Without the restriction, students or employees could easily change the iTunes account linked to the iOS device. Unfortunately, as noticed by one frustrated 9to5Mac reader, it seems there are several backdoor methods of bypassing the setting…

While users can no longer change the account in the Settings.app after enabling the “Don’t allow changes” setting, as highlighted in the video above, they can still change accounts directly in the App Store and iTunes apps. For teachers and organizations trying to prevent users from installing unapproved content, the bug is clearly an oversight on Apple’s part.

Apple confirmed to our source that the problem is a bug that needs to be fixed. However, Apple didn’t confirm when a fix for the “Don’t allow changes” bug would arrive. Apple’s temporary solution is to turn off the “Installing Apps” option within Restrictions. Unfortunately, as noted in the video above, that prevents organizations from pushing apps and allowing users to update apps.

9to5Mac reached out to Apple and will update if we hear back.

A number of other bugs have popped up in recent weeks, including the “Continuous Loop” Exchange bug and a passcode vulnerability both related to iOS 6.1 bugs. Apple confirmed fixes for these issues are in the works, and a 6.1.2 software update is expected as early as next week. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Jordan Kahn Jordan Kahn

Jordan writes about all things Apple as Senior Editor of 9to5Mac, & contributes to 9to5Google, 9to5Toys, & Electrek.co. He also co-authors 9to5Mac’s Logic Pros series.