iOS 6 bug lets institutional users bypass ‘Don’t Allow Changes’ account restriction, install unapproved apps (Update: fixed)
Update (Feb 21st): This has been fixed according to a reader. The iTunes and App Stores use HTML on the backend so Apple can “push” updates via backend code changes:
As of this morning, the bug is gone! No update required! Looks
like the somehow they pushed the update! I can no longer change the
account in the App Store or iTunes store! This reminds me when I was
beta testing 6.0 and Apple changed the behavior of downloading updates
not requiring a password (they also allowed free apps with no password
for a short while). That didn’t need an update to change either.
They seem to have ways of fixing App Store behavior without needing to
update iOS. I’m still running 6.1 on my devices, haven’t gone to
Would be nice for an official answer from Apple, but so far, it’s
working correctly! Also, I see redeem and send gift are grayed out
also, at the bottom of the App Store. Same for iTunes Store.
For those unaware, iOS 6 received some beefed up Restriction settings when it was released that allowed users to select “Don’t Allow Changes” for an entire account linked to an iOS device. This option was particularly useful for schools and organizations that wanted to limit a device to a specific account and keep students and others from installing apps not approved by the institution. Without the restriction, students or employees could easily change the iTunes account linked to the iOS device. Unfortunately, as noticed by one frustrated 9to5Mac reader, it seems there are several backdoor methods of bypassing the setting…