Security bug? - Android Software/Hacking General [Developers Only]

I had to reset my Google password this morning as there was some logins to Gmail that I didn't do. After changing my password from my computer I went to make the change in Android but couldn't find a means to.
I went to Google via the phones browser and was asked to login to Google which somehow fixed the problem.
It seems the browser has write access to the system password, which to me seems like a huge security risk. Can anyone else verify this?
Sent from my T-Mobile G2 using XDA App

Related

[Q] gmail keeps asking for password help!

Please help! A while ago, i was synchronizing my gmail when wp7 asked me to ipdate and reinput my password. But each time i type in the right password, it says that the password is incorrect! Tried deleteting the account on my phone and putting it back again, still the same. On the browser and also on the desktop, i can log on normally using the same password. Please help
That sounds really strange. I've never had any issues with my gmail accounts.
It sounds like a typo, but since you've tried it several times that may not be the case.
Are you sure you didn't mistype the email address instead of the password?
I know that with the software keyboard, I sometimes hit the key next to the one I want to hit. But I'm sure you already tried typing the password slowly and looking at each letter as you type it.
Yes i'm 100% sure i got them all correct. Tried changing and rechanging the password but still nothing. Also, i tried on my wife's iphone, and it worked perfectly. On the wp7, nothing
Is your Server listed as m.google.com?
Also, did you make sure to check "Server requires encrypted (SSL) connection?
Yes and yes, m.google.com and SSL is checked. Even tried turning my phone off but still nothing
Are you actually using a @gmail.com account, or a corporate account through Google?
i'm using a .gmail.com account. it was working before, but now, nada.
Sounds like a bug.
I heard of someone who experienced something similar. They were able to solve it by connecting to a WiFi network and then setting up their gmail account.
I'm not sure why that solved it for them, but maybe it could help you too.
And it just did. I was connected to 3G when it happened. Connected to my home wifi and it finally accepted my password. Again, i connected to 3G just to confirm it and well ut works now. Thanks for all the help guys. Will drop the wp7 guys an email about this
I just ran into the same issue.
I had changed my gmail password via web interface. then the phone asked for the new password but wouldn't accept it.
I ended up deleting the account on the phone, changing the password at gmail (again) to something different, then readded the account to the phone. In that time period though, I logged onto wifi in order to sync faster.
Would have been nice to have seen this thread earlier...
Gmail on Android persistence challenge credentials bug fix
I found this to be a bug with Gmail account log in failures on Andriod when using 2-step verification. It persistently challenges you for credentials although you have successfully logged into your Google account on another machine via a web browser.
This is the fix I found:
Step 1:
Log into your gmail account on another machine using a web browser.
Go to account settings > 2-step verification > authorising sites > application specific password
Step 2:
generate a password called gmail -android but do not click done.
Step 3:
go to device enter your gmail - andriod application specific password and you will get challenged a further 2-3 times enter the same password (you may have to also enter the CAPTCHA (a security image with distorted letters)).
Step 4:
When you are no longer challenged, try to sync with gmail if you do not get a sign-in error on your device then this has worked and be sure to click done in your your google account settings via your browser on the other machine you used.
Hope this helps to those of you who are suffering from this infuriating Google 2-step verification bug.
Hyp3rzz
I had countless issues with my Gmail account on WM6.x - same as you describe. Would not accept my credentials.
The steps described above solved it for me (having to reset using that captcha thing) but it would keep on re-occuring. Not seen it so far in WP7 though. *touch wood*

[Q] Lost my Nexus S

I'm kinda in a daze from losing my Nexus S last night. The hangover is probably contributing to said daze. I don't have one of those security apps installed. I must have forgotten to restore it when I flashed a new ROM. My inner child is on my inner floor bawling his eyes out at the moment.
Anyway, my question is, what can I do to ensure minimal loss of my privacy. I have already changed all my passwords. Does this automatically unsync my account on the phone? I mean, will the phone ask whoever has it to re-enter the new password? What else am I forgetting? What else can I do?
Would appreciate it if "You should have"s are avoided. Thanks!
I know for sure that if you have changed your Google/Gmail Password, that the phone will prompt for a new one. As far as 'unsyncing' I do not know. I didn't check to see if my contacts/emails/calendar etc were removed when I changed the password and the phone prompted for a new one.
I will change my password again, see what happens and let you know.
*****EDIT*****
I changed my password for my phone, I got a notification about a sign in error, that prompted for a password. The dialing functions still worked as normal, any emails that you had cached were also visibile as well as the calendar. I rebooted without updating the password and could still call out as normal, but when I tried to access the Gmail app, it tried to sync the inbox, but prompted for a password right away.
I don't have any apps installed with other sensitive information, but I would imagine those would function as normal.
Hope this helps.
You could try lookout mobile security "plan b" will help find it.
Sent from my Nexus S using XDA Premium App
Hmm sorry to hear that dude, i would probably be bawling on the floor too!
Although... i probably will install one of those security apps now...
Thanks for your help, guys.
Even if you don't change password but someone change sim card,android will require reenter password for sync
Sent from my Nexus S using XDA App
I don't know if Plan B would work seeing as how his Google Account is tied to the market account. Because he changed his password and the phone lost connection with the Google account, I don't believe remote installs will work, but I could be wrong.
SphericalPuma said:
I don't know if Plan B would work seeing as how his Google Account is tied to the market account. Because he changed his password and the phone lost connection with the Google account, I don't believe remote installs will work, but I could be wrong.
Click to expand...
Click to collapse
Yes, I was wondering the same thing. I picked up a new Nexus S(not SAMOLED unfortunately) and synced it up and everything. Finally got to a PC and looked up my Market Account. It listed both phones under devices and I could go all the way to installing it on both phones. It located my current phone.
Unfortunately, I blocked my SIM card prematurely(did not know about Plan B), so, I can't send out the locate SMS. But, I figure whoever has it has probably removed the SIM card, or does not know how to charge it if the battery is dead or is using a SIM on it without a data connection. So, no data connection means no app on the phone. I haven't received an email from Plan B for the lost phone.
Why is the phone is still linked to my market account? I can see that the carrier has been changed which means a new SIM.
For now I'm just satisfying myself by installing inane and useless apps on the phone. HAHA! I hope it works and the app installation is going through. I've pretty much lost hope of finding it.

[Q] Changed Password, now can't get email on phone

Title says it. I cannot find a way to enter the new password on the phone. It just indicates errors synching, but does not offer to enter a new password, and I cannot find how to change it.
Any suggestions?
If its the gmail account password then your phone should automatically tell you that It can't log in to sync your contacts and what not then ask you for the new password..
Sent from my SGH-I897 using XDA Premium App
It is the GMAIL password, and it is not doing that.
I am getting a message "synch is currently experiencing proglems, and will be bak shortly". Now, maybe that is in fact the case. bit it is quite coincidental that it started immediately after I changed my password online.
....
In fact, I just went in and changed it back to the old password, and it synched fine, so it seems my phone is not operating like you indicate it should.
[EDIT]
You must login to the market. It then asks for the new password, and you are good to go. Cannot do it via GMAIL. Interesting...
[EDIT2]
By the way, it turns out that on that ASUS Tablet, you must do it through GMAIL, not MARKET. Exactly backwords. Go figure...
Lol that's funny. Its been a while sice I messed with it so I couldn't remember
Sent from my SGH-I897 using XDA Premium App
go to settings accounts and sync. remove your account and add it again with the correct password
mrevankyle said:
go to settings accounts and sync. remove your account and add it again with the correct password
Click to expand...
Click to collapse
That requires a factory reset after...
mrevankyle said:
go to settings accounts and sync. remove your account and add it again with the correct password
Click to expand...
Click to collapse
I had tried that. It will not let you because of all the things linked to the account on it. To do that you need to do a factory reset.

[Q] Gmail 5.0 Exchange looping into security updates

I have been using the Gmail Exchange Account for a few days happily (Android L stock). But now I constantly get the option to update my security which is basically encrypting my phone. But after the restart this message comes up again with only option to update again. In the meantime no mail is synced. I have already removed and re-installed my echange account numerous times but not helping. Alternative app Mail Wise is giving the same problem. With Touchdown everything is working but I don't like the battery usage and most import the seperate password entry when entering the app. Did anybody else experience this security update loop?
Maybe I have solved the problem myself. What seemed to happen is that my companies security policy demands a certain type of password. Since I already had installed an exchange account before my password on my phone was already compliant. Therefore I did not need to change anything on my security after I setup my Exchange account on my phone. So what I did is disable password lock on my phone, setup my exchange account and entered a compliant password.
1979Sentinel said:
I have been using the Gmail Exchange Account for a few days happily (Android L stock). But now I constantly get the option to update my security which is basically encrypting my phone. But after the restart this message comes up again with only option to update again. In the meantime no mail is synced. I have already removed and re-installed my echange account numerous times but not helping. Alternative app Mail Wise is giving the same problem. With Touchdown everything is working but I don't like the battery usage and most import the seperate password entry when entering the app. Did anybody else experience this security update loop?
Click to expand...
Click to collapse
Every two or three days same problem returns. Gmail tells me to do a security update. After a lot of trying I get it working again but if this returns constantly it is quite frustrating. Anybody else with same experiences?
Solution given
Somebody on another site pointed me to the solution which can be found at:
https://code.google.com/p/android/issues/detail?id=79342#c18
As it seems a pin/password is required for startup as well, not only for unlocking the device.

Paypal App

I can not login to my paypal account using the app from the play store? it goes to login then goes straight back to login page. Ive disabled my password auto fill app and disconnected my vpn but still no joy. Anyone else having this issue? Im on latest stock international firmware, not rooted either.
AngeredNumber said:
I can not login to my paypal account using the app from the play store? it goes to login then goes straight back to login page. Ive disabled my password auto fill app and disconnected my vpn but still no joy. Anyone else having this issue? Im on latest stock international firmware, not rooted either.
Click to expand...
Click to collapse
I have the same issue, I read that it has something to do with the password and the app not detecting symbols on the password. So if you have that, that might be it. I haven't tried it yet.
nachomaster said:
I have the same issue, I read that it has something to do with the password and the app not detecting symbols on the password. So if you have that, that might be it. I haven't tried it yet.
Click to expand...
Click to collapse
It's very strange, I got it working by using the reset password option in the app and it logged in. Thanks for the reply.

Categories

Resources