I don't know whether my expected behavior is correct.
I would say it *is* correct. Consider the case where your phone is in someone else's hands, and a call comes in that is of a sensitive nature. Would you want them answering that call and pretending to be you?
Until the process of authorizing is complete, whoever has the phone - even you - is considered *not* the valid owner of the phone. The phone can't tell it's really you - Joe Bloggs could pick up your phone, type in a random pin, and click Forgot PIN? The fact that it is the Forgot PIN mechanism *doesn't* mean it's *definitely* the rightful owner using it. That's exactly the kind of trick a hacker would try - looking for loopholes in / during the validation mechanisms.
-- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
