A similar email is being sent to ordinary users of Gmail. This one refers to a restriction commencing July 15, 2019.
SMS+ Backup.pdf

I had the same experience as @MarkMessinger. Very worried that we'll lose THE best SMS backup app around.

Same - July 15 will stop working if "_unable to meet the deadline to comply with our updated data policy requirements_"

I have also received this email

Same email.

Hi,

Although you don’t need to do anything, we wanted to let you know that the following apps may no longer be able to access some data in your Google Account, including your Gmail content. If these apps are unable to meet the deadline to comply with our updated data policy requirements, they'll lose access to your Account starting July 15th, 2019.

SMS Backup+
We are making this change as part of ongoing efforts to make sure your data is protected and private.

You can always view, manage and remove apps you’ve given access to your account by visiting your Google Account.

Thanks,
The Google Accounts team

It seems that the app must pass a verification process to continue accessing GMail accounts the way it does.

The Google API scopes to create and read GMail messages (used by SMS Backup+ to backup and restore SMS messages) are now restricted scopes, and apps that use them need to be audited by Google to verify that they comply with the OAuth security policies and to verify that they do not make an ilegitimate use of that APIs.

And for the app to be verified, the developer must apply for that verification. There are limit dates for that too. The too-late deadline is July 15th, when the app will loose access to that APIs if nothing is done.

About restricted API scopes:
https://developers.google.com/terms/api-services-user-data-policy#additional-requirements-for-specific-api-scopes

About the verification process:
https://support.google.com/cloud/answer/9110914#restricted-scopes

We need the developer urgently.

Please, do not clutter this thread by repeating the same information a hundred times. We all have received the same message today, Jun 25th, so there is no need to post it more than once nor repeating ”me too” once and again.

Let's try to get a solution, not to make a whinning cry of this.

It's worth pointing out that, while it will be a bit obnoxious, you don't need to use the default OAuth-based mechanism to back up your texts. As stated in the docs here you can configure the app to use plain old vanilla IMAP.

It's worth pointing out that, while it will be a bit obnoxious, you don't need to use the default OAuth-based mechanism to back up your texts. As stated in the docs here you can configure the app to use plain old vanilla IMAP.

We can keep backing up to gmail, just through IMAP? Would it still track the same SMS label that we've applied to the texts?

I think using GMail IMAP is subject to the same restrictions that require the aforementioned verification process.

Asides, using another IMAP server is a no go for me. This app is not only a backup utility, it also allows to search for specific SMSs using GMail and search for calls you issued using Google Calendar. It's not just a backup, it's much more when combined with a Google account.

The fact is that I think the app already complies with the OAuth security requirements claimed by the Google verification process. So we only need the developer to apply the app for that verification process. I have just emailed him asking for his help. I hope he has a bit of time and interest in keeping his awesome creature alive.

@jberkel send help

It's worth pointing out that, while it will be a bit obnoxious, you don't need to use the default OAuth-based mechanism to back up your texts. As stated in the docs here you can configure the app to use plain old vanilla IMAP.

Yes, we can fallback to vanilla IMAP. And no, Gmail won't let it happen.
According to experience from K-9 mail, Gmail will do its best to prevent you access IMAP even with "less secure apps ON" or "2-factor-authentication OFF". (See https://github.com/k9mail/k-9/issues/655)

Hello everyone. I'm sorry about this situation, SMS Backup+ will no longer have access to Gmail, mainly because it's not an email reading app.

I applied for an exception but it was declined, as expected. Vanilla IMAP might work, but for how long I wonder. And it's very tricky to set up for a casual user. Unfortunately the Android platform is getting more and more closed.

I'm not sure what to do at this point, either remove the app from the store or release a new version which removes the automatic account setup, since that is broken / will be broken soon.

Off topic: I took the opportunity to hit Donate in the app, thanks for years of great software @jberkel & the other committers.

Is it possible to use some kind of personal developer key (assuming such a thing exists)?

I was able to whitelist the app in my Google Apps domain. Do you think that will eventually stop working as well?

Oh no! This is an unwelcomed shock to me.
Thank you @jberkel for your wonderful app. Like so many others, I am not happy about Google's decision. SMS Backup+ has proved invaluable to me over many years.
Please, please provide an alternative prior to 15 July 2019 if possible.
Ho hum. Google (along with Apple and Microsoft) are controlling too much (IMHO).
Please let us know if you are able to provide another app which Google deem acceptable. Thank you.

@jberkel Great work on the app. It has served us all so well for so long. Keep up the great work!!

Thanks @jberkel for the help decluttering my communication. Donation done.

Forgive my ignorance, but what will happen to my backup of messages already on my google account?

What will happen to my backup of messages already on my google account?

Probably nothing. They're uploaded and currently indistinguishable (from Google's perspective) from regular email messages, save for the unique label if you used it.

^That is greatly relieving. Thank you.

So does that mean, that the app cannot save sms back to gmail anymore? Or just restore them from there?

Im perfectly fine, if the app can just copy them to gmail, that is why i use this application, not for restore.

You will have to go to advance setting SMS Backup+ then go into customize imap and set the imap.gmail.com:993 and use you email as user ID and your password. Make sure the authinication is set to clear text and security is tls.

After that go to a PC and login to gmail, in the right hand corner click the cog then setting then goto the tab "forward and pop/imap". Under the imap access change it to enable.

Now go to you gmail account settings on the left side click security. Scroll down to less secure settings and turn it on.

Now you should be able to continue to use the app. It is just not as secure.

Google will probably not close this method down anytime soon to many developers and admins you this method for logs

I'm not sure what to do at this point, either remove the app from the store or release a new version which removes the automatic account setup, since that is broken / will be broken soon.

Personally, I'm happy to keep using this app via IMAP(with gmail or any other IMAP service), so I hope you don't remove it :)

Silly question perhaps but could you fork something open like Thunderbird and add in the and backup feature as a feature of that?

I also have made a donation. Thanks very much. It was a great service while it lasted.

Oh, that's so sad. It was the best SMS backup app. Will there be any option to backup to somewhere else, if Gmail doesn't work?

but could you fork something open like Thunderbird and add in the and backup feature as a feature of that?

Was thinking the same thing! Happy to contribute to the effort as well.

Many thanks @jberkel and anyone else that has helped for years of really great service.

For wich reason your application was denied, @jberkel?
Was that finally, or are there any thing d for could change or provide to them to keep the app working?

I described situation to https://news.ycombinator.com/item?id=20282361
Please upvote it and/or comment.

There is a high chance we might get it higher to google echelons this way and get the exemption.

@jberkel Sorry to hear what's happening. Let not Google's policies discourage you.
Your app is needed, and whether sync is done to gmail or other services is kind of secondary.

May I suggest that the first course of action would be the possibility to do a "full export" to other imap/services. Or is it already somehow implemented ?

Thanks

Hello everyone. I'm sorry about this situation, SMS Backup+ will no longer have access to Gmail, mainly because it's not an email reading app.

I applied for an exception but it was declined, as expected. Vanilla IMAP might work, but for how long I wonder. And it's very tricky to set up for a casual user. Unfortunately the Android platform is getting more and more closed.

I'm not sure what to do at this point, either remove the app from the store or release a new version which removes the automatic account setup, since that is broken / will be broken soon.

@jberkel thanks for updating us all.

Just to clarify, would the change also impact the syncing of the call log to Google Calendar, or does the verification requirement not affect this functionality? If the latter, I'd appreciate the app remaining in the Play Store even in abbreviated form as both my wife and I rely on the Google Calendar call logs.

This is the second app that I use which has lost the gmail connectivity. I assumed the previous app developer (Gnotes) had chosen not to go through the hoops but now I wonder. A real shame. I have donated too in the hope that there can be an alternative solution.

Hello everyone. I'm sorry about this situation, SMS Backup+ will no longer have access to Gmail, mainly because it's not an email reading app.

I applied for an exception but it was declined, as expected. Vanilla IMAP might work, but for how long I wonder. And it's very tricky to set up for a casual user. Unfortunately the Android platform is getting more and more closed.

I'm not sure what to do at this point, either remove the app from the store or release a new version which removes the automatic account setup, since that is broken / will be broken soon.

First of all, thanks a lot for your efforts.

Please, do not remove any features by now. Some of us use your app not only for backup purposes, but also for search and logging purposes. Searching SMS messages in GMail and looking for calls in the Google Calendar are great additional features that your app provides. And as long as I understand, Google should not ban your access to GMail using pure IMAP protocol, neither the access to the Google Calendar API, only the GMail API should be restricted.

A question for you, @jberkel: Could the Google Calendar entries be managed using pure IMAP protocol? Are they, currently? If so, by setting "Less secure apps" access in our Google accounts, we could get rid of the entire Google API and the automatic account setup.

By the way, could you please provide a Google email address where I can politely address a good reason not to ban SMS Backup+ access to the GMail API? Better provide it in private, to avoid cluttering them with complaints from ranting people.

@malversan - unfortunately, the IMAP protocol is purely for syncing emails, so it wouldn't be possible to sync calendar entries using that :(

(For more info: https://support.office.com/en-us/article/sync-basics-what-you-can-and-cannot-sync-5537d587-4930-4ac2-b044-3568509b1294)

@malversan - unfortunately, the IMAP protocol is purely for syncing emails, so it wouldn't be possible to sync calendar entries using that :(
(For more info: https://support.office.com/en-us/article/sync-basics-what-you-can-and-cannot-sync-5537d587-4930-4ac2-b044-3568509b1294)

@jamgregory, as long as I can see that link only refers to Outlook client syncronization, so it does not answer the question I asked.

I have discovered that Google Calendar also supports being managed using the CalDAV protocol, but unfortunately I am afraid it does not allow to get rid of the OAuth credentials setup.
https://developers.google.com/calendar/caldav/v2/guide

Some apps already use it:
http://www.ubuntubuzz.com/2017/07/how-to-setup-thunderbird-for-google-calendar-caldav-read-write-access.html

But I cannot foresee the impact that using CalDAV protocol would have in the app usability and workload.

Just throwing out an idea here. If the app were to include some very basic functionality that allowed you to browse the previously backed up SMS/call records in your Gmail account, would that perhaps qualify the app for the exception as an "email reading app"?

Just throwing out an idea here. If the app were to include some very basic functionality that allowed you to browse the previously backed up SMS/call records in your Gmail account, would that perhaps qualify the app for the exception as an "email reading app"?

That is a pretty good idea. Maybe making statistics with the inbound/outbound call times and SMS messages sent/received.

Altough I suppose that the developer would better accept solutions that do not imply a heavy workload. Anybody here could implement something like that? All in all, the app is open source so the sources are public.

I have just posted an issue in the Google issue tracker, under the GMail API category, exposing why restricting too much the access to the Google APIs for security reasons can paradoxically lead to the Google accounts being less and less secure. I also sent the same message to "[email protected]".

https://issuetracker.google.com/issues/136079176

Of course I use the SMS Backup+ app as an example to defend the argument, so maybe it could lead to someone reconsidering the ban of this app from the GMail API. I do not expect great results from that "political" via, but it is worth trying.

Anyone who cares about this product, make your voice heard HERE: https://issuetracker.google.com/issues/136079176

Thanks, @malversan, for getting the ball rolling. If we can do any more to salvage this amazing app, let us know!!!

Hi,

Like everyone else, I'm enormously grateful for the many years of hard work
you've put into such an excellent App, though I'm infinitely aggravated at
Google since this is the second of my top two utilities they've killed, or
announced they're killing on the Android operating system in the last 30
days! Both of the Apps I use many times HOURLY and both have either
increased my productivity multi-fold, or saved me countless times, as is
the case of your App, either legally, or from a he-said, she-said debate,
or from just having a chronological history of my life since 90% of my
communication is via text messaging. In the very least your App has enabled
me to reconstruct events via the timeline inherent in text messages, which
up until now were safely protected in Gmail, which I also backup
frequently. I've been self-employed as a computer consultant for 30 years
and the ability to go back YEARS and pull up often valuable information has
been priceless and has prevented several liability issues because I had in
time-stamped digital format, saved by SMSBackup+, a record of what someone
said. So for Google to kill your App by fixing something that "ain't"
broken and CONSTANTLY dinking with products that work just fine as is, is
REALLY about to drive me over the edge, or more specifically, away from
technology altogether! (this is by no means the first time they've killed a
great product, with Picasa being one that to this DAY I've never been able
to find an equal to). That's a big statement coming from someone who has
made a ton of money over 30 years in this industry. But the industry
continues to be so fragmented, and in such a perpetual state of change,
often just for the sake of change, that I'm rethinking whether I want to
continue investing a rapidly increasing portion of my time RE-DOING
something that was working just fine as it was. It's funny that 25 years
ago I figured that the time would come when my services would no longer be
needed because computers would be so easy to operate and EVERYONE would
know how to use them. In fact, it's gotten WORSE! The average user still
can't format a letter in MS Word, or use even 2% of the potential a
computer has, yet they keep buying new ones because they're forced to by
the industry.

Like the others, I've used your App since you introduced it, and as far as
I know, there IS no equal. So where does that leave us users (not pointing
at you of course)? We're all going to end up investing vast amounts of time
trying to create a poor-at-best workaround for what is currently a flawless
system. I could ramble on forever about how aggravated I am at the first
program Google just killed, which I hardly go 10 minutes without using, and
now they've hit my second of two priceless Apps, SMSBackup+, and NEITHER
have a solution as far as I know. How many years has it been since they
killed Picasa and again, there's STILL no viable alternative. Throw in the
Google+ fiasco, which I knew from day one was a loser, NEVER used, though
the attempt was made to force me to use it, and it makes me wonder who's
driving the boat at Google?

OK, complaining over. But I do have one hopefully simple question. Like I
read someone else say, ALL I need from SMSBackup+ is to BACKUP to Gmail, so
I can do searches and of course HAVE a backup. I will NEVER need to restore
from Gmail, so will your App still be able to do a one-way backup to Gmail,
or is that part of what's being killed?

Thanks again for all you've done for how many ever years since you wrote
your MOST excellent App. It has again been priceless to me and I HOPE that
the backup function will NOT go away. If it does, I'm still grateful to
you, but even more aggravated with Google. With all of my spare time after
finding workarounds for the loss of my most key apps day after day, I plan
to write them a letter expressing my dissatisfaction with their fixing
things that aren't broken. There are risks with EVERYTHING online that are
NEVER going away, so to try and fix what they consider a risk, I have to
wonder how many times has that hole been breached that makes it worth them
investing their time and money to fix it, plus crippling thousands, if not
millions of the people that actually USE the software they're killing?

On a personal level though, sincerely, thank you and continued success,
Jay...

On Tue, Jun 25, 2019 at 6:25 PM Jan Berkel notifications@github.com wrote:

Hello everyone. I'm sorry about this situation, SMS Backup+ will no longer
have access to Gmail, mainly because it's not an email reading app.

I applied for an exception but it was declined, as expected. Vanilla IMAP
might work, but for how long I wonder. And it's very tricky to set up for a
casual user. Unfortunately the Android platform is getting more and more
closed.

I'm not sure what to do at this point, either remove the app from the
store or release a new version which removes the automatic account setup,
since that is broken / will be broken soon.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/jberkel/sms-backup-plus/issues/959?email_source=notifications&email_token=AJMQPABOOZL4RNNAJTTY4NTP4KLMVA5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYRYUCI#issuecomment-505645577,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AJMQPADK7GHBL544Y2NTT4TP4KLMVANCNFSM4HYI7LTQ
.

Anyone who cares about this product, make your voice heard HERE: https://issuetracker.google.com/issues/136079176

What the heck...? That was NOT the intended strategy, @arnaldop. What I subtly tried to do was to present the indiscriminated API restrictions as a potential threat for Google by forcing users to abandon cautions and good security practices. And by putting the SMS Backup+ case as an example maybe they would rethink about shutting down its access to the GMail API.

But it seems the subtlety is not an extended skill around here. Now you have converted that issue report in a joke, with tenths of messages saying they love this app, thus completely revealing the intention. Even worse, now it clearly appears as a coordinated plot, something that was not. That issue report is not an issue report anymore, it has become the complaint of a bunch of spammers about the problems of a third-party app that Google does not care about. So the tracker administrators will probably delete the entire post without reading past the third irrelevant message of the tenths you have written. You all ruined the attempt to convince Google of something THEY care about.

Understand this: Nobody at Google cares a damn about you liking or needing this app. That was definitely NOT the idea. You can only convince someone with issues that concern HIM, NOT YOU.

By the way, @JKS258, I can only congratulate you for completely ruining any possibility of Google gaining sympathy for this app. Do you know the meaning of politics, diplomacy, or even intelligence? What is all that shit you wrote there about Picasa and spaceships? In which universe do you believe that it is a good strategy to attack frontally the one you want to obtain something from? That is not a shitty forum for you to rant, it is the Google official products issue tracker, and the idea was to gain Google sympathy and confidence on the security of SMS Backup+. Now your rants and not-so-subtile threats against Google have assured that nobody will take seriously any argument in that report. Worse than that, you exposed all that unrelated and inappropiate comments talking as if you were the developer of the app, so you have also assured 100% that Google will never listen to him either. Congratulations, heartly.

Definitely I must learn to avoid trusting in people´s intelligence.

First many thanks for an app used for many many years.

Is it possible for the app to upload to "another" imap server to record sms and call log?. Could caldav be used with say NextCloud for calendar content?

I hope there is a rethink over this decision.

Honestly any political strategy that is transparently stated on a public forum (which Googlers will probably find pretty quickly, given that [a] they work on, you know, search and [b] you included a link directly to this project) probably isn't going to work anyways. I've always been under the impression that part of any effective political strategy is to keep your cards close to your chest. At this point, you might as well just keep telling them directly that they're being [SILLY COWS] for refusing to allow this app.

@malversan ignoring the potential validity of your argument, the hostility is unnecessary.

@jpellman, finding this forum does not invalidate anything, I expected it to happen and my argument would still be completely valid. What invalidates the entire thing it is to convert that issue report in a spamming circus about a problem that Google just does not care at all.

You have to understand that any attempt goes through talking about things they care, not about what you care.

(And of course insulting them never helps to attract their favorable attention, that should be evident for everyone)

@weaversam8, the hostility comes from the fact that I vainly spent a certain amount of time to carefully write that report to accomplish the goal, thinking that I was surrounded by intelligent adults who knew how to do things right. Believe me I do not care about you understanding it or not. If you don't know what an issue tracker is (and all who posted there clearly don't), you simply should not have posted anything there. Period.

In fact there is still people posting love cards in the issue tracker right now. I bet my head that most of them have not even read the report I wrote and simply don´t care what it is about. They just think that´s Twitter. To be honest, I can only think they are stupid and can´t distinguish where and when to do each thing.

To all on this thread, please be aware that every message is sent to all 35 active participants as well as all 172 watchers. I believe we've all made it clear that the issue exists and many have said their piece.
@jberkel may choose to lock the thread if the hostile communications continue.

For the sake of keeping items on task, please refrain from adding anything additional unless it's precisely related to resolving the issue; either code suggestions or documentation (from Google or other affected applications) indicating a workaround.

Long time SMS Backup+ user. Admittedly I haven't reviewed this app's source but I don't suspect writing call logs to the Calendar will be affected. I believe this app uses the Android calendar provider to write directly to the user's selected calendar on their Android device, rather than calling out to the Google API (https://www.googleapis.com/auth/calendar). Even if it did call the Google API, per Google's OATH API Verification FAQ[1] the restricted scopes are only GMail related (https://www.googleapis.com/auth/gmail*).

Suggest the following way forward, in parallel:

1. Author documents meeting Limited Use criteria (see Google FAQ) and applies for a "restricted scope app verification". Author requests waiver of the security assessment ($15K+) or convinces a third-party assessor to complete the assessment without charge.
   EDIT: This may be an issue. One app type not permitted to restricted scopes are those that "store or backup data other than email messages in Gmail."

1. We start working on a branch that guides users through setting up GMail backups with IMAP. This will require manually generating an "App Password" [2] (avoids 2FA issues). Looks like Google treats labels as folders over IMAP [3] so that should still be possible.

Thoughts?

[1] https://support.google.com/cloud/answer/9110914#restricted-scopes
[2] https://support.google.com/accounts/answer/185833?hl=en
[3] https://developers.google.com/gmail/imap/imap-extensions

I think your second point is the only direction at this moment. The solution can be to separate the Calendar API access (which is not going to be banned) from the GMail API access, and then use the IMAP protocol to access GMail, as you say. That would require some development work to change a bit how the app works internally, but hopefully not a lot.

The first way you expose is missing the point that the security verification (I´m afraid) has not been denied for technical security concerns, but because it is not clear for Google what has to do with the user emails an app that is not an email app. By reading their verification process requirements, I think they have not bothered in analyzing the app security (the app already complied with XOAuth2 security, and I think we all know that it doesn´t resend any data to any obscure external storage). They simply have looked what the app is for, and then denied the use of the API restricted scope for that purpose. That light and insufficient evaluation is Google´s standard and automated way of doing things. An exceptional treatment should be required to get the app unbanned from the GMail API (and that was I was trying to get).

P.S.: I could be wrong, but I think that $15K+ security assesment is only required by Google for server infrastructures that make use of the Google APIs. An Android app is a simple client application running in an environment already secured by Google (Android), so that shouldn't apply in this case. Otherwise any developer making apps that use any sensitive Google API should be able to afford that expensive audit, and that´s clearly irrealistic.

Maybe pinging the Googlers who actually have enough interest to star this project will help the ticket @malversan opened gain traction. That seems a reasonable strategy to me.

Hey @kcc, @sio4, @kevincox, @smike, @kynan :

Suggest the following way forward, in parallel:

1. Author documents meeting Limited Use criteria (see Google FAQ) and applies for a "restricted scope app verification". Author requests waiver of the security assessment ($15K+) or convinces a third-party assessor to complete the assessment without charge.
   EDIT: This may be an issue. One app type not permitted to restricted scopes are those that "store or backup data other than email messages in Gmail."

I think a good case for this is to emphasize the fact that there's a very blurry line between SMS and email, insofar that it's possible to send emails that get delivered as SMS [1], among other similarities.

However, I doubt greatly that Google will relent on the judgement, as @jberkel relayed earlier: I applied for an exception but it was declined, as expected. There is no appeal process, from what I've seen.

1. We start working on a branch that guides users through setting up GMail backups with IMAP. This will require manually generating an "App Password" [2] (avoids 2FA issues). Looks like Google treats labels as folders over IMAP [3] so that should still be possible.

I utilize mutt for email, connected via IMAP to my account, and it works exactly as @tvh2k described.
Labels are folders, the App Password allows for connection aside from 2FA.
The largest issue I see is the actual documentation of this process, as with all things Google, if they don't want you doing it, you're probably going to have a hard time finding it.

For the sake of completeness: here's the general guide for creating an app password for IMAP which I've used successfully in the past [2]:

1. Log into Gmail
2. Click on your photo in the top right corner
3. Click on the button “My Account“
4. In the left menu bar click on “Sign into Google“
5. Under “Password & sign-in method” (first block on the right side) click on “App passwords“
6. You are required to login again
7. From the drop down list “Select App” select the option “Mail“
8. From the drop down list “Select Device” select the option “Other (Custom name)“
9. Enter a name for the service, for example “SMSBackup+“
10. Click the button “Generate“
11. The application specific password is generated, write it down in a safe place as it will only be displayed once

Of course, this doesn't solve the calendar issue, but presumably something similar can be done for CalDav.

[1] https://www.digitaltrends.com/mobile/how-to-send-a-text-from-your-email-account/
[2] http://nidkil.me/2018/01/18/setting-up-mutt-to-send-mail-using-gmail-with-2fa-set/

Hi all,

I followed the instructions above switched to IMAP. It appears that both SMS and Call logs are being backed up without any issues. And the calls are finding their way to the calendar too.

I raise venture capital for startups and early stage businesses. I've made my donation through the google store, but it appears that this could use some funding (1) to get over this hurdle, (2) prevent it from happening again, and finally (3) spread the word about this application. If you're on this forum, you know how bloody useful this app is.

I use it for sales teams as a visual representation of their in-out bound activities. Its better than any CRM activity report and it's fully automated.

@jberkel, in many respects I'm happy to try to pull something together, but I'm unclear who has control/direction with respect to the application.

Wayne

Any chance backup could be an export to mbox or csv or mht or some other file on local storage?

Then we could
a) move to another (safe) location,
b) email to gmail where at least the content of emails is searchable, or
c) investigate an occasional manual import to gmail perhaps through tbird if that were possible ...

I wonder if an option might be to (immediately) email any SMS (sent or received) to self, specifying an identifying Subject field that could be used to filter to a label and remove from inbox. The date/time of the email will then be close to the date/time of the SMS.

The user will of course have to setup their own gmail account and follow instructions to create the filter themselves.

The body could contain the labeled date, time, sender, recipient, and text message, and maybe they can be added individually to the email as fields named X-SMSBackupPlus-TimeStamp, X-SMSBackupPlus-Recipient, etc.

This way we are using smtp instead of the forbidden API. Not sure how this limits calendar integration (I never used it) maybe gmail will process an ICS attachment?

Maybe someone could pull strings and get the media onto this issue.? I
think media awareness may open doors. There are so many people unhappy with this situation I think media exposure may add weight to reversing the decision. Plus someone may come up with a solution if this issue is more widely known?
Wish I had the resources to do so.
Just my $0.02's worth.

On Thu, 27 Jun. 2019, 18:01 trattman, notifications@github.com wrote:

Hi all,

I followed the instructions above switched to IMAP. It appears that both
SMS and Call logs are being backed up without any issues. And the calls are
finding their way to the calendar too.

I raise venture capital for startups and early stage businesses. I've made
my donation through the google store, but it appears that this could use
some funding (1) to get over this hurdle, (2) prevent it from happening
again, and finally (3) spread the word about this application. If you're on
this forum, you know how bloody useful this app is.

I use it for sales teams as a visual representation of their in-out bound
activities. Its better than any CRM activity report and it's fully
automated.

@jberkel https://github.com/jberkel, in many respects I'm happy to try
to pull something together, but I'm unclear who has control/direction with
respect to the application.

Wayne

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/jberkel/sms-backup-plus/issues/959?email_source=notifications&email_token=AD6OXVXVA7TQUGTKDVJHXWLP4RXWJA5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYWJLKA#issuecomment-506238376,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AD6OXVRWTTXG2UAQOM73RKDP4RXWJANCNFSM4HYI7LTQ
.

I wonder if an option might be to (immediately) email any SMS (sent or received) to self.

I'm afraid that to send automatic emails from your Google account the GMail API is required too. There are no rely SMTP servers out there anymore, you must use the sender's one.

Another app sadly can't link names to calls (or events noting calls) after the last Android restriction. I was happy sms still did. They have a huge bug report upvote.
I wonder if it were a paid app that Google lost money by not supporting would matter (too late now), but yea, add mail functions to get it to qualify, or add as a plug in / buddy app to another mail app that can access Google?

If not, I will be switching to imap. I have a non Google imap account so even if they restrict imap, I'm good. (But Imap is open protocol, so if the restrict it, it's to all imap apps? Someone mentioned kmail losing access)

It seems Google has find a way determining whether a connection is suspicious or not.

Although I never encountered it, there are many reports that K-9 mail is temporary restricted on IMAP access even with app specified password assigned.

It also occurred when I trying to access IMAP from other programs under development.

Ars Technica sharing the news:
https://arstechnica.com/gadgets/2019/06/gmails-api-lockdown-will-kill-some-third-party-app-access-starting-july-15/

I have just posted an issue in the Google issue tracker, under the GMail API category, exposing why restricting too much the access to the Google APIs for security reasons can paradoxically lead to the Google accounts being less and less secure. I also sent the same message to "[email protected]".

https://issuetracker.google.com/issues/136079176

Of course I use the SMS Backup+ app as an example to defend the argument, so maybe it could lead to someone reconsidering the ban of this app from the GMail API. I do not expect great results from that "political" via, but it is worth trying.

Amazing issue @malversan. Starred and commented confirming your main security concern, and offering a way to address it (considering to implement a slightly more open scope of exempted "email applications").

This situation is another example of Google over-reacting and trying to improve security/privacy but actually causing more harm than good to many Android users. But I don't expect they will change their decision regarding this app despite well argued reasons. So I think we have to look at alternatives. I would expect that changing to IMAP access will work for now. But is there any way to determine if Google will block some IMAP access on the 15th July as well? If they do then perhaps the way forward is to utilise Google Drive instead of Gmail? Before anyone mentions it I know that the Gmail search function is excellent and this is not a direct solution but at least this would allow the storage of the SMS and call log data (perhaps in a spreadsheet) which would be easier to examine. Just a thought.

perhaps the way forward is to utilise Google Drive instead of Gmail.

In my opinion it has no sense to go that way for two reasons:

• There are already lots of apps that backup SMS messages and call logs in many destinations, even Google Drive. The gold feature here is to make it in searchable emails and an organizable calendar in the cloud, that's the key feature that nobody else has and makes this app unique.

• On top of that, the Google Drive API will be also made a restricted scope by Google in 2020, so any apps creating documents there for non clear purposes will suffer the same shutdown we're facing with the GMail API.

Malversan - As I said in my comment this is not a perfect solution. Whilst the Gmail API may be restricted I can't see how the Gdrive API can be restricted otherwise how will any app be able to read or write anything to the cloud? If it is restricted in the same way then we may as well give up with Google storage all together. Apart from your attempt to get Google to change their stance, which is not going to happen, what solution are you proposing?

@jberkel ...is there anything mentioned here (by many techie savvy people) that can assist you please? If not, what can we do for you please? Clearly we DO NOT want SMS Backup+ to end on 15 July 2019.
I wish I had the power and resources to reverse this decision. But, alas, I don't.

I can't see how the Gdrive API can be restricted.

Easy. Any app that Google considers that has not file storing as its main purpose will be banned from it.

What you say can also be applied to the GMail API, and you can see the results. I wouldn't rely in making Google Drive a casual storage for app data, as it will follow the same path next year.

what solution are you proposing?

As best solution, I propose making Google Calendar the only Google backup storage for this app (yes, also for SMS messages). We could loose some search functionality, but backup/restore features and reviewing items in the cloud will still be available. And Google Calendar is not going to be restricted, or at least it's not in Google's current plans.

The problem is that this is not currently implemented in the app for SMS messages, so it would require some development work.

Any thoughts about the issue, @jberkel?

what solution are you proposing?

As best solution, I propose making Google Calendar the only Google backup storage for this app (yes, also for SMS messages). We could loose some search functionality, but backup/restore features and reviewing items in the cloud will still be available. And Google Calendar is not going to be restricted, or at least it's not in Google's current plans.

The problem is that this is not currently implemented in the app for SMS messages, so it would require some development work.

I strongly disagree with this direction. The whole purpose of this app (in my opinion) is to have searchable text archives of the messages and to provide restore capability.

Calls placed on a calendar make sense because they are a time-based event; The call was X minutes long and was to/from X contact(s). There's no duration associated with a text message; it is an instantaneous event.

Messages on a calendar event would need the content of the message, who it was from, Group SMS/MMS will need to associate multiple people.
As mentioned, there's no duration associated with it; so what does a default conversation of 10 texts in 30 minutes look like on a calendar? 10 one minute events stacked on top of each other?

If all messages were moved to Calendar and presumably archived there, searching and archiving of messages becomes significantly harder, as one would need to parse .ical/etc format, which is significant overhead beyond plain text emails, where headers are easy (in comparison) to parse out.

Again, I disagree with moving everything to calendar-only format.

Unless the issues with sorting access to GMail can be resolved (which IMAP+App Passwords may quite possibly do), then I strongly recommend storing things as an archive in GDrive. (Akin to how SMS Backup and Restore currently functions)

I've had a quick look at the internal working and possible alternatives. I don't know what Google's restrictions are, but would changing the scope from https://mail.google.com/ to https://www.googleapis.com/auth/gmail.insert and https://www.googleapis.com/auth/gmail.readonly as shown on https://developers.google.com/gmail/api/auth/scopes be enough to pass verification? Possibly even as a 2 stage one - allow users to approve insert access for backup and approve readonly access for restore?

(There may be other scopes required, but the principle would apply)

Ah, even insert, without the ability to read, is considered restricted. Eh? https://support.google.com/cloud/answer/9110914#restricted-scopes

gmail.send and gmail.labels aren't restricted, which might be enough for backup?

@tomswartz07, I'm perfectly aware that some search capability would be lost with my Calendar solution, but I think you lost the point. We are not here talking about what we need or what we want, but about what can be done. This is not a thread to post feature requests, it's a desperate discussion about the few possibilities of surviving this app has if its functionality does not change.

Apart from that, your solution is perfectly compatible with mine. Both messages and calls can be saved to Calendars and Drive documents, the same way it currently saves call logs to Calendar and GMail.

Let me point you anyway that I neither see any out-of-the-box search capabilities in Drive documents. It's even less user-friendly than Calendar, altough you code an specific app to read the specific SMS-sheet format. Calendar already has that, your solution does not.

On top of that, there are already a ton of apps that can save your SMS messages in a Google Drive sheet. You even mentioned one of them. So excuse me if I can't understand why you're asking for something that you already have.

As a definite reason, I'm completely reluctant to spend efforts in making a Google Drive solution because it's also going to be restricted next year, so in a very small time we will be complaining again for the same reason we are here today. Google wants to boost their fast-growing GCP Firebase cloud platform, so any app that uses Google Drive documents as a database is presumably going to be banned from its API. It's a matter of business, not about what you desire (or me, or the entire universe of users).

@craignicol Thanks for doing some deep dives in the code.
I look forward to hearing what the project maintainer, @jberkel, has to say.
Perhaps this method has already been tested when going through the review process.

As per my previous message, I hope that the app can be modified to work in a way that it has in the past, without the need for convoluted and more-obvious-misuses of Google's services, such as storing hundreds of text messages in calendar events.

@malversan I appreciate your willingness to help work towards a viable solution, but I please ask that you tone down the aggressive language. Disagreement with your suggestions is not a personal attack, and should not be treated or responded to as such.
There are technical hurdles to be undertaken for any change necessary to make the app work in the future, and should be discussed as presented.
As I mentioned before, @jberkel or one of the other maintainers may choose to lock the thread if the hostile communications continue.

@tomswartz07 the obvious disadvantage of my suggestion is that it doesn't allow restore. For many users here who just want backup, it would be fine, but for the users who want to restore messages, they may need an alternative solution. I don't know how large these respective camps are. I personally have not used the restore function (GMail search is perfect for me use cases).

@tomswartz07, maybe you feel my talk unusual because I'm not from your country, but I'm tired of defending technical arguments in front of all-over-the-world companies and no one has ever pointed me as doing it in unpolite ways.

So I'm afraid it's you who may be taking a well reasoned disagreement as a personal attack. If you want to see aggressive language where there isn't any... well, that's your problem, not mine. But I would just ask you to please don't deviate the thread topic with non-technical appreciations, if you really don't want it to be closed.

@malversan: This will be my final word on this matter.
If GitHub had a private message function, I'd express these concerns on the side, privately. Unfortunately, no such feature exists.
If you had a git repository with a single commit in it, I'd be able to get your email address from a commit message and address it to you privately, but again; none such commits have been made.

As it stands, however, this is the second time that I've had to ask you to tone down the aggressive language, in addition to several other users on the thread commenting about your behavior.

I will stand aside here to assist the contributors as work is done towards a solution, but at the end of the day, no solution can be made without changes to the code or explicit approval from Google.

@tomswartz07, please stop what you are doing. You are not helping anyone by reacting as if you were attacked personally by any reasoned disagreement with your technical proposal. Enough.

• On top of that, the Google Drive API will be also made a restricted scope by Google in 2020, so any apps creating documents there for non clear purposes will suffer the same shutdown we're facing with the GMail API.

This is not true from what I see. You can use use drive.file limiting access to files the app creates or you specifically give access to. Which is all SMS Backup+ would need. Drive searches the contents of the files so I don't see a problem with it. If what's below works you would not have to give the user access to the folder and could just use drive.appfolder

Anyone know why if any reason this would not work?
SMS Backup+ => Drive + Apps Script => Gmail. This removes the read access to gmail since SMS can be restored from a sheet, json or XML file(s).
or
SMS Backup+ => Drive + Gmail (gmail.insert)
Again this does the same. So now all that would be needed is gmail.labels and gmail.insert and only insert needs to be approved.

Basing it on @jberkel 's comment.

mainly because it's not an email reading app.

@malversan Thanks for your uninformed assumptions on countless subjects.
First, I can assure you that from your OWN "rantings" and use of profanity
in a professional forum that you don't want to get into an "intelligence"
contest with me, and I have neither the time nor desire to prove it, as
it's irrelevant. Most everyone knows that people who make sweeping
assumptions about an individual whom they do not know, and sweeping
assumptions about what anyone, in this case Google, may or may not respond
to, as if they were a Google official themselves, and further, that attack
people on a personal level with no basis to do so, are the ones widely
known to lack both the intelligence and foresight to understand there are
many forms of leverage. You have zero evidence of my intelligence, my
knowledge of how political systems work or my knowledge or use of
diplomacy, all of which are vast, thank you very much. I've been in
business 30 years and have negotiated billion dollar projects with the
Chairmen of billion dollar companies, so please don't lecture me on how to
present that to which I'm entitled to present in any manner I wish, just as
you are, even in your MOST mature and uninformed way.

First, I make ALL of my opinions, beliefs, objections, complaints and
accusations if they are warranted, "frontally" as you call it, since I
don't play any games, nor do I "attack" anyone from the back like a coward.
Most "intelligent," as you call it, business people of strong character
know that straightforward, direct, even blunt communication is the only way
to effectively deal with any subject. This approach, whether the recipient
likes WHAT'S being said or not, builds trust, because of the WAY in which
it's said- even between adversaries (which Google is not)- because you
haven't personally attacked them, proven your lack of appropriate
vocabulary by using profanity, and they don't have to wonder if your're up
to something or working some sort of "political" agenda.

Experienced business people directly lay out their position and their
requests right out on the table without exaggeration, made-up facts, or
unnecessary emotion. If the other party operates the same way, as most
professionals do, then you remove the need to focus on anything but the
subject at hand, instead of having to watch your back. Everything is in
black and white, all guesswork is removed and your chances of an amicable
solution are far greater.

Not that I owe you any explanation, I'll offer one as a humanitarian
gesture that it may educate you in an area where you are clearly weak. My
mention of ClipperSync and Picasa was building a case that now includes
SMSBackup+, suggesting that Google's focus was on trying to compete in
every market where another company is reaping huge profits, even if the
company had so much market share (such as Facebook) there is no hope Google
would ever catch up. If you're interested in FACTUAL information, you can
verify what a strong example Picasa is to use as an example of several
points I was making in my post by Googling it. There are MILLIONS of people
that have complained, and are still complaining about Google's removal of
such a fantastic program and switching to a platform like Google+ that was
doomed from the start to try and compete with Facebook, and contrary to
their claims when it was introduced, it wasn't even CLOSE to having the
same functionality as Picasa. Even Google Photos pales to most every other
photo management program out there, since it can ONLY be sorted by date,
making finding one photo out of, in my case, 10's of thousands of other
photos, impossible. These were examples trying to remind Google that ALL
businesses are in business to serve their customers FIRST, and those that
do that best reap the highest rewards. I was hoping to get their attention
that if they don't serve and listen to their customers first, they'll
ALWAYS be playing catch-up with other startups that come along that DO
understand that concept.

Since you also don't understand sarcastic, INTENTIONALLY exaggerated
analogies, that also support one of my primary points, which was that no
business can be GREAT at everything, so they should focus on being the best
in the areas where they ARE great, and Google IS great at many things. So
my sarcastic exaggerated (maybe?) example, suggesting that they likely have
someone in a cubical somewhere working on how to build "spaceships," you
know, like the ones like Elon Musk makes, whose name I clearly stated
(eliminating your implication that I threw in some random, out-of-context
example) who's making billions of dollars in MANY industries, which if
Google's corporate ego is in fact out of control, like so many of the mega
corporations out there right now (Amazon, etc.), they very well may be
thinking they need to get in that business too.

As for me knowing to whom I was writing and who would be reading what I
wrote, I was PERFECTLY aware of both the purpose of this forum and the
audience, since I WANT them to read it.

Next, a little friendly enlightenment for you. Google, along with every
other global corporation out there, HAS no "sympathy" for any individual or
group. The ONLY way to appeal to any large corporation is from the
standpoint of them losing business over the decisions they are making,
since losing business means losing money, and making money is their ONLY
concern. So let's not be naive in that area. If you still believe that,
maybe you should send them a cake, or tickets to a ball game (this is
called "sarcasm," again to make a point about your ridiculous comments).

As for my "threat" as you call it, it wasn't INTENDED to be subtle and it
wasn't a threat. It was sending Google the message that there are LOTS of
options, with thousands more coming, of ways for their customers to get
things done, and if they don't re-focus themselves on their existing
customer base, they very well may lose part of that base. You see my
friend, "customers" are what keep companies in business and keep them
making money (again, their only goal). So my "threat" as you call it was
alerting Google to the fact that they do not own the computing universe,
and might want to pay more attention to those that are, or were, happy with
their service. In another context, this would be called "voting with your
wallet." (look it up).

Your statement "Now your rants and not-so-subtile threats against Google
have assured that NOBODY will take that issue seriously," implies that you
have some inside track on how Google operates, thinks or makes decisions,
so let's put that statement in the absurd, unfounded category.

Also add to the absurd, unfounded category your statement, "you exposed all
that unrelated and inappropiate comments talking as if you were the
developer of the apped category your statement," (another tip for you,
Google has a spell-checker built-in that you might consider using, but
that's up to you) since it's completely unfounded, and based on my
explanation above WAS related to the point I was trying to make to Google.
Where you got that I was talking as if I were the developer of the App I
don't know. Only a therapist could untangle that.

Yet another entry in the aforementioned category is your statement, "you
have assured 100% that Google will never listen to him either." 100%?
Really? Are you 100% sure you or I either one will still be alive in 10
minutes? The only thing on earth for which we can be 100% sure is death
itself (look that up too). If you want to talk percentages, I'm 99% sure
that the ONLY person Google is likely to listen to IS @JBERKEL, since he or
she is the ONLY person (I assume) in this group that has DIRECT access to
Google, and can debate and defend the safety of their code when connecting
to Gmail.

In closing, thank you for congratulating me on my well-intended, blunt and
to-the-point, appropriately worded post directly to Google, with excellent
examples of why Google should reconsider ALL of the actions they are taking
that are grossly disrupting the workflows of their giant customer base. I
hope it will get their attention, and if it does, there's no need to thank
me again; it was my pleasure, as was writing this post to help someone
that's clearly in need of education in general, but most especially in the
areas of communication and negotiation.

By the way, there's no need to waste your time (that you obviously have
plenty of) with another profanity-filled "rant" against me to try and prove
your superiority to everyone. How about if I just let you BE superior, in
your own mind, and call it even, since this is going to be my LAST and ONLY
response to someone so far out of the loop that an intelligent debate is
impossible. So write away if you like, but rest assured it will be into the
abyss.

Enjoy your day...

>

This is not true from what I see. You can use use drive.file limiting access to files the app creates or you specifically give access to. Which is all SMS Backup+ would need. Drive searches the contents of the files so I don't see a problem with it.

I´m glad to say that I've checked you´re partially right on that.

First I only read the scopes being restricted in @craignicol link:
https://support.google.com/cloud/answer/9110914#restricted-scopes
But now I've checked that there are separated API scopes for app own files, and those are not planned to be restricted:
https://developers.google.com/drive/api/v3/about-auth

I've also checked the search capability to find SMS messages and calls. It is possible, but there are some serious caveats.

First: As I said previously, forget about spreadsheets. You can find where is a spreadsheet that contains a certain text, but that only gets you to the file, not to the line where the text appears. The GDrive search is unuseful to find a specific item inside a spreadsheet full of them.

So to be searched the SMS messages and calls should be stored INDIVIDUALLY inside plain text or XML files. No problem for backup or restore via API, but when it comes to listing or searching items... there´s a limit in the number of files you can list inside a directory in the Drive UI. The limit is reasonably high enough for an usual file listing, but insufficient when it comes to the thousands of files we´re talking about. So a hashing organization is required, something like one directory for each year, then one subdirectory for each month, and then one sub-subdirectory for each day.

Second: In the Drive UI, if you want to find text just inside a specific directory (the app-created directory) you must do it by using the search dropdown control on the right and then specifying the ubication to search in. Somewhat tricky.

But now comes the worst part. This inside-directory searches can only be done in the desktop web version of GDrive. I´ve searched in the Drive app and I can´t found such option. Using the mobile or tablet, if you search for a text it finds the occurrences IN ALL YOUR DRIVE. That´s fatal if you have other files or app directories, as it´s the usual case.

Finally, I don´t get what you say about linking that documents to GMail. Can it be done automatically with a Google Drive App Script? The API "drive.scripts" is going to be restricted anyway. And the "gmail.insert" and "gmail.readonly" scopes are already restricted. Asking Google to manipulate data in a generic container is a no go.

@tomswartz07 and @Jasonfhaught...thank you for providing step-by-step details for how to create an app password for IMAP. I'm sure other non-techie people like me appreciate this. From reading the forum, I'm clearly out of my techie depths here, so your detail is appreciated. :)
Thank you also @JKS258 and @malversan for providing knowledge. I'm attempting to wrap my brain around what you say and am trying to learn.
I just hope, at the end of the day, that the magnificent @jberkel and SMS Backup+ wins this Google war. It never occurred to me that I could grieve the loss of an app, but in the case of SMS Backup+ it appears this will be so :( .

@JKS258, it is clear you are a spammer wherever you post. I must admit it is really admirable the amount of time you spend in posting endless rants and whines that nobody is going to read (neither me, you can be sure). Let´s see if this truth makes its path into your brain: nobody here cares about you, your life, your job, or how you believe you are, so it is a nonsense that you persist with all that tantrums just because you need a public to talk about yourself.

Any skills are demonstrated by exposing the right knowledge in the right manner and in the right direction. And I am sorry to note it, but it is enough to read the first lines of any of your perorations to clearly see that you do not master any of that three qualities, so you are completely unuseful and irrelevant in this issue. Please, hold your tongue and let the technical people discuss serenely, instead of trying to undermine any serious argumentation.

The only funny thing about this is that you really think you are facing a giant corporation with bravenery and intelligence. No, boy, you were just ranting to a helpdesk assistant individual who will just delete your monumental, excessive and unrelated complaint without even reading it (like all us). And here you are simply bothering, not contributing in any way. So please...

P.S.: Before @tomswartz07 comes for me again, yes, that really was an aggresive response. I am here just trying to help teaming with the skilled people, not trying to be nice for the general audience. And I am pretty intolerant with the lack of intelligence, specially when coming from some peasant spammer, so if you want to deal with that vermin it is all yours.

Thank you @tomswartz07 for attempting to reel in the aggressive attacks of
a single member of this group we all know by now. I've made exactly ONE
post (I "think") in this group regarding the potential loss of one of the
two most used Apps in my arsenal, yet this lunatic refers to me as a
"spammer" among other things, and chooses me to attack me one day, and
someone else the next, with his aggressive demeanor, profanity and personal
attacks against anyone that doesn't meet his self-proclaimed standards of
how they should express themselves. He makes endless, baseless remarks,
again all personal, against virtually anyone, when his name is never even
mentioned in the post. He's like a digital schoolyard bully with nothing
better to do but stare at his screen all day waiting on someone to make a
comment that he doesn't agree with, or in a manner that he doesn't agree
with, where he then pounces on them with ignorant, and again baseless
statements for no discernible reason except to pick a fight with not just
someone, like myself, but anyone. I wish your many polite, calm,
professional requests could be even understood by this individual for whom
I frankly feel sorry, but I'm afraid people like that see everything as a
personal attack, even being asked to behave in a professional manner. He is
demonstrating the perfect profile of a classic narcissist, a condition for
which there is no cure, and who's only objective in dealing with anyone,
anywhere in life is to "win," no matter how trivial the victory. Since he's
clearly not going to stop this behavior due to his psychosis, as evidenced
by his attempt at a reply to my one and only reply to his aggressive
attacks, where he couldn't help but take a cheap shot at you at the end,
where like everyone else, you weren't even involved. Can @jberkel not block
or ban him from the group for his relentless behavior in a public forum? I
certainly hope so. Like most everyone else has expressed, I feel enormous
gratitude to @jberkel for the work he has done for the last nine years in
creating one of the most useful Apps on the Android platform, and would
like to see a solution to this problem, but it's hard to discuss solutions
with a predator in the midst. I for one would like to request @jberkel ban
him from the group so we can move on to the business at hand vs. this
mamby-pamby mindless banter this person is clearly unwilling to cease.
Thanks again though, for your attempt to restore some professionalism to
the group Tom. Best regards...

>

I'm glad this is actively being discussed. Besides the IMAP approach, are there any other options in keeping this functionality? It's crazy Google is doing this...

Will the function of entering calls as appointments in the calendar after 15 July still work?

@jberkel:
Regarding switching to a more specific scope (or scopes): I think you'd be able to use https://www.googleapis.com/auth/gmail.insert https://www.googleapis.com/auth/gmail.readonly https://www.googleapis.com/auth/gmail.labels instead of https://mail.google.com/, but only if you switch to using Gmail API, and not IMAP+XOAUTH2 like you do now. I'm still not sure if that would get you approved, but it would definitely be better to use more limited scopes.

Another (IMHO better) option would be to move to Sheets API. If you put all SMSs in a sheet, and use the https://www.googleapis.com/auth/drive.file scope (Per-file access to files created or opened by the app) you wouldn't need Gmail access at all (except for restoring old backups in Gmail, and maybe you'd be able to negotiate that with Google, or migrate all users' old backups to a sheet before the deadline). Users who want SMSs in their Gmail can then enable notifications for their SMS sheet, or use Apps Script for more complex stuff.

G Suite (formerly known as Google Apps) admins can simply whitelist the app for their users, so they wouldn't be affected, but I assume most of your users are @gmail.com users.

As for the other workaround suggested here: I wouldn't suggest telling users to use a username+password for IMAP login, as it's (obviously) less secure, and a hassle to set up. I'm personally in favour of Google's app verification program, because before that, users just had to blindly trust apps, and sadly not all of them are as trustworthy as this one. It isn't perfect, but it would make an attack harder. I only wish the move would have been easier for long-standing OAuth apps.

Thanks for creating this great app - sorry to see this is creating a headache for you!

@eesheesh, please read the messages above. The ”gmail.insert” and ”gmail.readonly” API calls are also going to be restricted. And storing in GDrive is already being discussed.

It will be hard to advance if technical proposals are done ignoring everything that has already been discussed.

Thanks @malversan, I missed a part of the discussion because of GitHub's discussion folding. :) Just to add my 2c about the things discussed:

1. Regarding searchability in Sheets - I would personally prefer a single sheet with all SMSs in it (one per row). If that's the case, I think the common use case would be to open the SMS sheet and search there, not search across all of Drive, but maybe that doesn't apply to everyone. Also, searching in Gmail gives you sheets that match the search terms, but then you'd have to search again after clicking it (like after searching in Drive, as you've noted in your comment).
2. Regarding availability of other apps - I haven't tried any other apps, but the one I saw linked here isn't open source, and I'd prefer an open source app (and I assume this is important for many others).

I think the common use case would be to open the SMS sheet and search there.

I personally doubt it. A Google sheet does not give you a report of occurrences to select the right one. It simply lets you jump from the first occurrence to the next, and then to the next, and then to the next... Not very useful when searching for common words in thousands of messages.

And worse than that, sheets do not allow to make compound searches at all, they only allow to search one exact string contained in one only cell. So for example, if you want to search in which message the contact ”Bob” talked about an ”invoice”, you cannot do that in a sheet, you will not get any results searching for 'Bob invoice'. But Drive search can handle that trivially.

In that point is where Google searches excel. They let you mix in the search the content, the sender, the receiver and the date. You can search for example '(”Bob” or ”Mark”) and ”2017” and (”invoice” or ”bill”) and (”overdue” or ”unpayed”)'. It is impossible not to find what you search, you just need to barely remember two or three words.

One of the key greatnesses of storing SMS messages in GMail is the ability to perform that kind of searches to find virtually anything in a sea of messages. I would suggest not to loose that unvaluable feature. In my opinion it's a point that makes this app stand out far over others.

Sorry I'm about to leave for vacation so I don't have time to mess with it but is it possible to configure SMS Backup+ to backup to a different non-Gmail IMAP server then configure Gmail to import them automatically from there? It sounds a little hokey but it seems unlikely to me that Gmail will stop allowing users to import messages from another email account.

Yes, you can. But you won't be able to restore until you leave those mails on the configured server. You also won't be able to delete threats from Gmail since it's usually a one-way sync.

ALTERNATIVE SOLUTION TO GMAIL

I haven't read this entire thread so perhaps this is redundant.

I was using a specific gmail account for only SMS Backup+ but recently punted due to gmail blocking SMS Backup+ on 7/15/19.

I switched over to using a "[yourusername]@outlook.com" email address successfully.

Here's the necessary info for android SMS Backup+:

• Turn off the gmail access using the switch.
• Go to Advanced Settings -> Custom IMAP Server.
• For the imap server enter (without quotes): "smtp-mail.outlook.com"
• Email address enter (without quotes or brackets): "[yourusername]@outlook.com"
• Enter your password associated with "[yourusername]@outlook.com"
• For Security, select STARTTLS.
• Return to the appropriate backup settings for SMS, MMS, and Call Log and make sure they are all setup and enabled to your liking.
• Press the Backup button to commence a backup to "[yourusername]@outlook.com".
• If you have a lot of messages, it may stop in the middle of the backup. Just press the Backup button again and the backup process will resume. I've encountered the same when using gmail.
• When backing up Call logs, it may give an error message the first attempt. Just ignore it and press the Backup button again and it will successfully backup.

I've been using the above for almost a week without a glitch.

I should mention although Backup works great, I have not tried a Restore.

I'm not an App expert, but my experience so far with Google OAuth is that, for those who seriously want to keep using the App, they can - they just have to hit the "Advanced..." link when Google complains about the access and tell it to go ahead. As I said, not an expert, this process only works for me when connecting to my own personal Google-related stuff with personal Apps I've been developing, and there doesn't seem to be a downside (yet).

ALTERNATIVE SOLUTION TO GMAIL

I haven't read this entire thread so perhaps this is redundant.

I was using gmail but recently punted due to gmail blocking SMS Backup+ on 7/15/19.

I switched over to using a "[yourusername]@outlook.com" email address successfully.

Here's the necessary info for android SMS Backup+:

• Turn off the gmail access using the switch.
• Go to Advanced Settings -> Custom IMAP Server.
• For the imap server enter (without quotes): "smtp-mail.outlook.com"
• Email address enter (without quotes or brackets): "[yourusername]@outlook.com"
• Enter your password associated with "[yourusername]@outlook.com"
• For Security, select STARTTLS.

Thank you so very much @kokishin1
Your solution worked but with modifications (for my setup)
I had to enable POP in Outlook because I want Gmail to pick up my SMS messages.

Could SMSBackup+ email any SMS (sent or received) to self using SMTP. It will act as a mail client (via any authenticated smtp server e.g. yahoo, user has to enter the details, "[email protected]" is irrelevant) or send directly to the gmail smtp server itself. The user will need to configure filters in Gmail to label the messages and bypass the inbox.

There is no need mailing to self and go through all spam/filter rules again. IMAP can put into your inbox DIRECTLY and it's what SMSbackup+ already had (unless Google want to put additional limitations).

I think that, if feasible and without a ton of work, the dev should try to use Google APIs for backing up. I personally hardly use the calendar functionality, mostly just search for SMS, but I'm aware that alot of people do use the Calendar functionality. Maybe the dev could even build unapproaved APKs via a third-party channel until it gets to a stage that Google is okay with.

In any case, I'm prepared to use IMAP regardless, even if I have to use another e-mail provider other than Gmail.

@ner00 this issue was opened because the developer actually _can't_ use the Google APIs. Access has been turned off.

Maybe the dev could even build unapproved APKs

This isn't an issue with Google Play approving the application, this is about being unable to authorize with Gmail through the normal OAuth flow for these specific scopes. Building and self-hosting APKs would not fix the problem.

I'm prepared to use IMAP regardless, even if I have to use another e-mail provider other than Gmail

You don't need to use another email provider, you just need to configure Gmail correctly (see previous instructions in this thread.)

Asides to @weaversam8 said, the Calendar part is not the problem.

@weaversam8 My bad, I misunderstood the scope of the enforcement.
I don't have to use another e-mail provider (yet), but I also don't have to downgrade my account's security either. I much rather have a secondary disposable account and pull the backups through POP3.

@malversan Yeah, I got it. At this point it will only affect GMail, next year probably Drive, and Calendar probably on Google's todo list anyway.

Has there been any detailed explanation about what was submitted to Google and their exact response? I'm really curious about that exchange. Upon reading the new policy I don't see any way for SMS Backup+ to fit in there, arguably it could fit into example 3:

1. Applications that enhance the email experience for productivity purposes (such as applications for customer relationship management, delayed sending of email, or mail merge)

It doesn't enhance e-mail productivity, but it enhances productivity using e-mail (for that it would have to be allowed to upload the e-mails in the first place). There are all kinds of contradictions in the several interconnected pages of the policy update. It seems that IMAP is the way forward for SMS and call log backup.

Doesn't Imap support Calendar functions?

Or does google not enable that part Google calendar via IMAP.

Now I'm completely confused...

@weaversam8 Is SMS Backup+ going to be able to actually use Gmail, even if properly configured by the user? I ask this because of this:

_What if my app is using IMAP or SMTP? Do I need to submit for verification?_
_Yes, because IMAP and SMTP usage require using https://mail.google.com/, you will need to submit your app for the restricted scope verification. If your usage of IMAP/SMTP is deemed to violate the minimum scope policy within the verification process, you will need to migrate to using the Gmail API by September 15, 2019._

https://support.google.com/cloud/answer/9110914#enterprise-imap-or-smtp

So, if the app isn't following the policy update it has to default to using the API, but then it also doesn't follow the API policy? What am I not undertsanding?

Doesn't Imap support Calendar functions?

Or does google not enable that part Google calendar via IMAP.

The Calendar functionality isn't at stake, it uses the Google Calendar's API which isn't being regulated under the new policy. So far only Gmail and, next year, Google Drive.

Is SMS Backup+ going to be able to actually use Gmail, even if properly configured by the user?

No.

According to your link, using GMail via IMAP will not be allowed from september. The GMail API must be used. SMS Backup+ already complies with that.

But the part of the API that SMS Backup+ uses has become restricted, and in a week SMS Backup+ will not be allowed to use it.

So GMail is a no go, either using the API or IMAP.

The Calendar functionality isn't at stake, it uses the Google Calendar's API which isn't being regulated under the new policy

That is right. But I wonder how much functionality is joined in the app. If an alternate IMAP server account is used, will the app still save the call log to the Calendar in a separate Google account? There is no place in the app to put a second password, it seems it is only IMAP-account-for-everything or Google-account-for-everything, not a mix.

And no, a vanilla IMAP server has no calendar features. I think only Microsoft Exchange servers have extensions for that, but that is not covered by this app.

Doesn't Imap support Calendar functions?
Or does google not enable that part Google calendar via IMAP.

IMAP is specifically (and only) for email messages. https://tools.ietf.org/html/rfc3501
IMAP to calendar is not possible using strict IMAP commands.

The Calendar functionality isn't at stake, it uses the Google Calendar's API which isn't being regulated under the new policy. So far only Gmail and, next year, Google Drive.

It will likely be assumed that Calendar API will also be locked down in a similar fashion in due time.

thanks ner00

that was seeming to be the big complaint from people not wanting IMAP.

So what's the issue? We'll just switch to IMAP....

Will there be a fix to automatically switch to google IMAP? or do we actually need to enable IMAP.
-- Searched the previous posts, and it says click the cog on the upper right on the gmail webpage. Mine was already enabled. Not sure if I did it for thunderbird or not. I didn't really ever use it for gmail.

--either way, since it knows you will be enabling it, it should perhaps do a pop up, switch, and give instructions to enable.... it seems that if google "XOAuth2" is not an option anymore, the update should automatically populate for google IMAP... "Server Address" "Username" "Password" "Security" (Most secure GMAIL allows... and will probably require at least eventually (See september 15 google IMAP issue)

-- I mean, we know if gmail is currently used, we then also know the way google sets up their server names, and folder structure, thus, the change should be a quick and simple Gmail to IMAP migration.

-- Just need a pop-up telling users to enable IMAP on their gmail account. -- perhaps in the pop up, have a button to migrate app settings to IMAP so users know the change is happening vs blindly happening, and keep google's app store and users happy.

Except google will be restricting IMAP starting on September 15? How does it know what app's you're using to access IMAP? its an open protocol. If you are using the encryption it wants, you should be good right?

Doesn't Imap support Calendar functions?
Or does google not enable that part Google calendar via IMAP.

The Calendar functionality isn't at stake, it uses the Google Calendar's API which isn't being regulated under the new policy. So far only Gmail and, next year, Google Drive.

Cool @tomswartz07 I was in the process of searching for that. I knew Thunderbird had it built in. Wasn't sure how it was using it. CalDev? (Via some email servers), or a caldev protocol)
https://support.mozilla.org/en-US/kb/enable-email-invitations-caldav-servers-configured

Perhaps like some will use a 3rd party IMAP server, a 3rd party calendar server will be needed for some. I'm sure there will be some calendar sync program people can use. there are plenty with google's approval, and will probably keep said approval as a strict calendar sync program

or, Even perhaps a google sync with said 3rd party server -- From the google calendar settings page: "From URL" -- "You can add a calendar using the iCal format by its address."

Doesn't Imap support Calendar functions?
Or does google not enable that part Google calendar via IMAP.

IMAP is specifically (and only) for email messages. https://tools.ietf.org/html/rfc3501
IMAP to calendar is not possible using strict IMAP commands.

The Calendar functionality isn't at stake, it uses the Google Calendar's API which isn't being regulated under the new policy. So far only Gmail and, next year, Google Drive.

It will likely be assumed that Calendar API will also be locked down in a similar fashion in due time.

Yeah, that was my whole point in the previous post, the policy will be enforced upon every GMail access point on July 15th, regardless if it is through IMAP/SMTP or API. I guess that as things are it will only be possible to push the backups to a third-party IMAP server (Outlook, Yahoo, etc.), pull them back from GMail using POP3, and additionally update the app to allow for the Calendar API call logging to co-exist with the third-party IMAP service. Not an ideal solution at all, but Google has left little room it seems.

How about changing the backup to Google Drive, rather than Gmail?
Or will that suffer the same permissions issue?

1) There are bunch of App can backup to Google drive, just pick one.
2) You lose the ability to search message by date, by sender, by content or any combinations of above once you backup to Google drive, which is the key feature makes SMSbackup+ different.
3) Google is planned to restrict accessing to Google drive by next year. You (and all Apps that are backing up to Google drive) still facing same issue.

1. There are bunch of App can backup to Google drive, just pick one.
2. You lose the ability to search message by date, by sender, by content or any combinations of above once you backup to Google drive, which is the key feature makes SMSbackup+ different.
3. Google is planned to restrict accessing to Google drive by next year. You (and all Apps that are backing up to Google drive) still facing same issue.

Yep - fair enough

I was able to whitelist the app in my Google Apps domain. Do you think that will eventually stop working as well?
@kketover I was wondering this myself. However maybe even taking it one step forward and forking or creating a new project with the code. Forking and renaming would be ideal (CompanyName SMS Backup +) since I thought I read somewhere that there was some 100 person limit or something but maybe that was something else.

Anyway I would think if it was whitelisted and built from source it should be fine for Suite users.

What about sending emails to Gmail from a different account (smtp of another account of mine non-Gmail)?

What about sending emails to Gmail from a different account (smtp of another account of mine non-Gmail)?

The app cannot interact directly with Gmail in any way if it is not compliant, doesn't matter if it uses mail protocols or API. Sending e-mails from a non-GMail account would require manual creation of labels and filters in GMail to make the backed-up specific messages end up in the right place with the desired flagging. In that case, as already suggested, it would be easier to use the app as is with another e-mail provider through IMAP and then manually setup GMail to do a POP3 fetch from that account (strictly used for SMS Backup+ since it will fetch all e-mail. Not sure about GMail POP3 fetching and selective folders though.

What about sending emails to Gmail from a different account (smtp of another account of mine non-Gmail)?

It's a way of storing messages. But you loose the ability to restore them, and also the ability to search them by exact time.

The app cannot interact directly with Gmail in any way if it is not compliant, doesn't matter if it uses mail protocols or API.

What makes you say that? Creating an app password and having SMS Backup + authenticate with it over IMAP is virtually indistinguishable from a regular mail client reading and writing emails.
I seriously doubt Google will prevent app passwords over IMAP, as that would mean them requiring every mail client out there to implement their OAuth and get reviewed.
I don't understand why everyone is trying to find SMTP or other workarounds. IMAP with app password works just fine on a GMail hosted account.

The app cannot interact directly with Gmail in any way if it is not compliant, doesn't matter if it uses mail protocols or API.

What makes you say that? Creating an app password and having SMS Backup + authenticate with it over IMAP is virtually indistinguishable from a regular mail client reading and writing emails.
I seriously doubt Google will prevent app passwords over IMAP, as that would mean them requiring every mail client out there to implement their OAuth and get reviewed.
I don't understand why everyone is trying to find SMTP or other workarounds. IMAP with app password works just fine on a GMail hosted account.

I'm not denying that, but if your intention is to get your developer access to the Play store and Google APIs revoked, then I guess that not abiding by the newly established policy would be the way to go. Also: https://support.google.com/cloud/answer/7454865

IMAP with app password works just fine on a
GMail hosted account.

... and call log on Calendar too?

IMAP with app password works just fine on a
GMail hosted account.

... and call log on Calendar too?

Calendar API, which SMS Backup+ uses at the moment, maintains its policy and isn't subject to new restrictions at this point. So the Calendar part would work the same as is.

I'm not denying that, but if your intention is to get your developer access to the Play store and Google APIs revoked, then I guess that not abiding by the newly established policy would be the way to go.

There is nothing against play store rules. It could be made a generic app that backs-up to an IMAP server. You can link to instructions that explain how to setup with multiple providers, including GMail.

As for an earlier comment regarding IMAP access stopping working in September, that's only for OAuth authentication. I don't see anything regarding it applying to app passwords (which is controlled through G Suite settings for non @gmail.com accounts).

IMAP with app password works just fine on a
GMail hosted account.

... and call log on Calendar too?

Backup to mail server and backup to calendar are orthogonal features. The backup to calendar can keep using whatever API and authentication it is using.

Yes this requires modifications to the app to separate how the user inputs the authentication informations. But that's minimal changes.

@mhofman Fair enough

If you are correct, SMSbackup+ will survive just as it is, with minor reconfiguration on user side.

The notification from Google didn't said anything about plain authentication. I didn't receive any warning about applications using app-password, either.

Few things to consider:
1) Why this notification comes from "Google Account"?
2) Does anyone receive this notification without an active OAuth authentication?
3) Does anyone receive this notification while using SMSbackup+ downloaded from where other than play store?

As for an earlier comment regarding IMAP access stopping working in September, that's only for OAuth authentication. I don't see anything regarding it applying to app passwords (which is controlled through G Suite settings for non @gmail.com accounts).

I tried the instructions provided upstream by @jasonfhaught (https://github.com/jberkel/sms-backup-plus/issues/959#issuecomment-505680691), but can't work out what is meant by the instruction towards the end which says:

"Now go to you gmail account settings on the left side click security. Scroll down to less secure settings and turn it on."

Can anyone help me understand what's meant by "scroll down to less secure settings and turn it on"?

Thanks.

Not Gmail settings, but Google Account setting (where you change password, set 2FA and update spare mail address).
There is a section named "less secure setting" if you didn't enable 2FA, following instructions there. If you have ENABLED 2FA, you should go for "App specified password" and create one.

I tried the instructions provided upstream by @jasonfhaught (https://github.com/jberkel/sms-backup-plus/issues/959#issuecomment-505680691), but can't work out what is meant by the instruction towards the end which says:

"Now go to you gmail account settings on the left side click security. Scroll down to less secure settings and turn it on."

Can anyone help me understand what's meant by "scroll down to less secure settings and turn it on"?

Thanks.

@DavidPaulNZ, here you have a direct link.

https://myaccount.google.com/lesssecureapps

Today is the D-Day.
Any news?
(It seems "Oauth" is still working...)

I try it today and it worked. Calendar is synching using Oauth methods (free Gmail user here)

I've moved one phone over to IMAP and left one on Auth (same gmail account). Both are still working as of 6pm UK time on 16th.

Mine too is still working on Oauth. Are there instructions for how one would go about migrating to the IMAP method using app passwords? Even if it continues to work for now, eventually I'll have to get a new phone and I'll need to know then.

Still working so far. Just did a manual backup of my sms and it worked. Call log as well (honestly, that's the only part of sms backup + I would really miss ^^).
17th at 19:36 Berlin time

As many users of SMS Backup+ I've received the famous mail from Gmail, and I was waiting for the application to stop working... July 15th has passed, and nothing happened !
Did you do any change to respect Google's rules and thus ensure the software goes on working ? Or did Google postponed the restrictions application ?
Thanks.

I have confirmed that @Jasonfhaught 's IMAP setup works; however, I used an app password instead of entering my own password because I have 2-Step-Verification turned on in my Gmail account. I think this is a more secure method to use on all counts.

To review (and format the steps for better readability here), these are the changes you need to make in your Gmail account and the SMS Backup+ app:

Gmail Account Setup

The following steps assume you are accessing the Gmail account from a desktop browser.

1. Click the Settings cog icon in the top right corner
2. Click "Settings" in the dropdown menu
3. Click the "Forwarding and POP/IMAP" tab below the Settings heading
4. Select "Enable IMAP" for Status in the IMAP access section
5. Click the "Save Changes" button at the bottom of the tab
6. Click your account avatar in the top right corner
7. Click the "Google Account" button
8. Click "Security" in the left navigation
9. Under "Signing in to Google", click "App passwords"
10. Re-enter your Gmail password
11. Click the dropdown menu titled "Select app" and choose "Other (Custom name)"
12. Enter a name for SMS Backup+ (e.g., "sms-backup-plus")
13. Click the "Generate" button.
14. Make note of the 16-character password and click the "DONE" link

SMS Backup+ Setup

1. Press "Advanced settings"
2. Press "Custom IMAP server"
3. Press "Authentication" and select "Plain text"
4. For server address and port, enter imap.gmail.com:993
5. For IMAP account/e-mail address, enter your Gmail e-mail address
6. For IMAP account password, enter the app password created in step 14 of Gmail Account Setup
7. For Security, confirm it is set to TLS

I think this is a more secure method to use on all counts.

Well technically it's less secure than the OAuth flow. If the app password gets somehow compromised, other Google services can be accessed, not just GMail.

I think that the reason @malversan mentioned in the issue he opened on Google's bug tracker, and that since got spammed.

Many thanks @chwaze for providing the simple, detailed instructions
@Jasonfhaught https://github.com/Jasonfhaught apparently came up with
(based on your generous credit to him, which I haven't read) on how to
setup the IMAP workaround to retain the ever-popular SMSBackupPlus App! I
haven't installed it yet, but am confident it will work. Assuming it does,
also thanks to the endless others that worked on this issue, along with the
developer @jberkel , in order that we can all continue to use, what to me
is an invaluable program, one of only two out of well over 400 Apps I have
that I suppose I "could" (might) figure out another way to handle, but
would be hard-pressed to find one as perfect as this one. As I may or may
not have mentioned before, this App, and the ability to search for text
messages from years back have saved me more times than I can count, either
with simple personal debates and on a couple of occasions with legal
issues.

Now if someone will just figure out a workaround for the second invaluable
App I use, ClipperSync (Android), just like SMSBackupPlus, many times per
hour every single day and have since it was first developed years ago!

Kudos again to all...

On Thu, Jul 18, 2019 at 6:45 PM chwaze notifications@github.com wrote:

I have confirmed that @Jasonfhaught https://github.com/Jasonfhaught 's
IMAP setup works; however, I used an app password instead of entering my
own password because I have 2-Step-Verification turned on in my Gmail
account. I think this is a more secure method to use on all counts.

To review (and format the steps for better readability here), these are
the changes you need to make in your Gmail account and the SMS Backup+ app:
Gmail Account Setup

The following steps assume you are accessing the Gmail account from a
desktop browser.

1. Click the Settings cog icon in the top right corner
2. Click "Settings" in the dropdown menu
3. Click the "Forwarding and POP/IMAP" tab below the Settings heading
4. Select "Enable IMAP" for Status in the IMAP access section
5. Click the "Save Changes" button at the bottom of the tab
6. Click your account avatar in the top right corner
7. Click the "Google Account" button
8. Click "Security" in the left navigation
9. Under "Signing in to Google", click "App passwords"
10. Re-enter your Gmail password
11. Click the dropdown menu titled "Select app" and choose "Other
    (Custom name)"
12. Enter a name for SMS Backup+ (e.g., "sms-backup-plus")
13. Click the "Generate" button.
14. Make note of the 16-character password and click the "DONE" link

SMS Backup+ Setup

1. Press "Advanced settings"
2. Press "Custom IMAP server"
3. Press "Authentication" and select "Plain text"
4. For server address and port, enter imap.gmail.com:993
5. For IMAP account/e-mail address, enter your Gmail e-mail address
6. For IMAP account password, enter the app password created in step
   14 of Gmail Account Setup
7. For Security, confirm it is set to TLS

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/jberkel/sms-backup-plus/issues/959?email_source=notifications&email_token=AJMQPAE7TTPRIH774Q62TSDQADXA5A5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2KAXRA#issuecomment-513018820,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AJMQPAGTYMD4SP6OZTEJLBDQADXA5ANCNFSM4HYI7LTQ
.

@mhofman Let me clarify, the app password method is more secure than using your original Gmail password in clear text. I certainly did not mean to imply it is more secure than OAuth.

Many thanks @chwaze for your instruction but I followed the entire process and the app is still inactive. it bakup and restore and nothing else. No sms in gmail. I don't understand why i can't use it anymore. May be can you help me.
Thanks

Are you sure you're set up correctly @chat-rond? (I've just tested a manual backup and it worked.) Have you got the "case" right when defining the target label. At one stage I made the mistake of changing the target label (in Gmail) from "Text" to "TEXT" and the backup stopped working.

Mine is still working as intended. Been using 2 factor for a few years now and the method chwaze documents above works. I'm so glad. Now I can get off of Hangouts and back to Google messages.

@DavidPaulNZ sorry but don't understand where in Gmail.

@DavidPaulNZ- Oh! it's OK! i'm so happy with tis app! thanks a lot

What about new users who need this so-called great app? (I wouldn't know, I haven't had a chance to try it yet.) The ones go to the trouble of downloading it, start the setup process only to find out it's unusable. Shouldn't there be a warning on the Play page, or even temporarily take it down so it can't be downloaded until you get your stuff together? It makes it look bad and get bad reviews. You tell us to quit whining and "cluttering" this thread with the same stuff and go to the FAQs, but new users don't always do that, or even what I'm doing now, going to the boards to find out what's wrong. They'll just assume it's broken. So why is it taking so long? Why didn't you meet the deadline? Who screwed up?

@Facetious1 you might consider that @jberkel is and has been maintaining this free of charge in his free time.

You might also want to read the history of this issue. The maintainer did the best he could to comply with the policy and was rejected by Google. There's nothing else he can do to make this functionality work if it's broken.

@Facetious1 It's a fair point, and it wouldn't hurt to put a brief note or simply paste a URL to this or a more succinct conversation that explains the stuff. Yet, honestly, it wouldn't change much. The app won't work out of the box as expected because Google broke the system and denied the app's exemption, so I'm not sure that trying to explain it away would change much, particularly when a lot of people don't care. Here are a few examples of comments I've seen in the store:

Too complex to use.

Total scam! Asks for Gmail credentials.

You need to allow Gmail access in order to backup, I don't like apps which require permissions which have nothing to do with their functionality.

I'm giving this app a 1 star until they accept Google's new terms!

The people that really need and want an app like this one will come to understand why it doesn't work and how to workaround the biggest limitations. I still agree that the store page should have a disclaimer, even though most will disregard it.

As of this time it appears to still work. I have both the call logs on calendar and the text messages in Google. I have not tried to restore yet.

It's still working for me too, and I haven't changed anything. I wonder what's going on. In any case, I don't want to go the IMAP route if I don't have to.

It also still works for me, and I didn't change anything either.
Please, someone can confirm that something has been changed in the application to comply with Google rules, or that else wise some day the application will stop sending to GMail ?
Thanks.
Regards.

Hi,
new to this site. I it worked for me till the 15th . Now on my phone I get the following, "ERROR Could not get token from system

" Sign in with googlr temporarily disabled for this app

This app has not been verified yet by Google in order to use Google sign in "

I'm not a coder or programmer so totally confused Pleas be patient with me,

Now on my phone I get the following, "ERROR Could not get token from system.

Interestimg. So it seems it still works for the ones who already logged in before July 15th, but Google blocks new logins since then.

For information about what is happening, @airnerd, please read the beginning of this thread.

Mine still works on my pixel 3, but not wife's quit working already on her pixel. Neither of us have changed anything.

I did a factory reset on my phone on July 23rd. I did not restore from a back, re-entered my Gmail credentials in the normal user manner & the app is still working as it always has. Guess I'm a lucky one too.

Darn lol. I tried reinstalling and my bad
Unfortunately I needed to print and mail txt messages for family legal needs and the google restrictions interfered . Bad timing so had to pay for an app to help.
I will use smsbackup+ again with a new install if/when Google cituation sorts out
or app changes to resolve... :)

Ask a simple question, try to find out and the problem and solution, get your email blown up with sarcasm and insinuating comments for days like I didn't read about the problem. For you old users who had it before the deadline and it seems to still be working, congratulations, you're the lucky ones. For the new users who aren't that lucky to know this and continue to download it and don't bother to go to the website, go through the signup process to comment on the boards to find out what's going on, they're just going to blast it on Google Play like @ner0 said. I tried the IMAP metheod, no luck. I was going to try the IMAP process and bypass Google, but I think I'd rather take screenshots now and unsubscribe from these boards. If it's not going to be fixed, then why let people continue to download it?

Ask a simple question, try to find out and the problem and solution, get your email blown up with sarcasm and insinuating comments for days like I didn't read about the problem.

You're certainly not helping the issue, either, bud.
Please keep replies cordial and polite.

For you old users who had it before the deadline and it seems to still be working, congratulations, you're the lucky ones. [....] If it's not going to be fixed, then why let people continue to download it?

The process for removing an app from the app store is not a trivial one, and I'm sure @jberkel would prefer to be more focused on restoring the functionality than removing it completely.
Total removal from the app store would result in the loss of historical app install data, as well as make it unavailable for folks who have previously installed it.

Further to this point, the app is (apparently) still authorized for those users who have made it in before the deadline, regardless if it is a fresh install or not; which is useful information for many of the folks on the thread.

For the new users who aren't that lucky to know this and continue to download it and don't bother to go to the website, go through the signup process to comment on the boards to find out what's going on, they're just going to blast it on Google Play like @ner00 said.

That's the user's prerogative to do so. I agree that it would be useful to have a note on the App Store page that it is currently having some issues, but that's up to @jberkel to do so, as the app listing management is under their control.

I tried the IMAP metheod, no luck. I was going to try the IMAP process and bypass Google, but I think I'd rather take screenshots now and unsubscribe from these boards.

That's fine too. There's a button on GitHub and a link in the emails you receive to "mute" the thread. If you view this issue in the web browser, you may hit 'unsubscribe' from the right hand column.

I really don't get you, @Facetious1. You first come here complaining for something that is Google's fault, not the app's fault. You just want to ban the app because it doesn't work for YOU. And you seem to think that the best strategy is to bother the people that is searching for a solution, instead of refering the issue to Google as some of us did.

Please, read about the real problem in this thread. And stop complaining to the wrong people.

Further to this point, the app is (apparently) still authorized for those users who have made it in before the deadline, regardless if it is a fresh install or not; which is useful information for many of the folks on the thread.

According to at least one user (https://github.com/jberkel/sms-backup-plus/issues/959#issuecomment-515154371), it doesn't seem to be the case for everybody. For me it is working fine still, but I wonder why IMAP wouldn't work. Maybe the issue is not properly configuring the unsecure access.

I think one option could be to create an oauth client id and secret for every install in that particular Gmail users account. Then the app can access that particular user's Gmail using the newly generated client id and secret from that particular user's account.

The process for generating a client id and getting the secret is outlined here - https://medium.com/@pablo127/google-api-authentication-with-oauth-2-on-the-example-of-gmail-a103c897fd98

SMS backup+ can easily scrape a simple web page with or without user interaction and retrieve the client secret. Or the user can be asked to paste the client secret.

Most users will be within the allowed limit of 100 oauth accesses for unverified apps.

Effectively make every user his own developer also!

Do you think this is a good idea?

Your thoughts please? Thanks!

Stop copy-and-paste. How to implement OAuth is NEVER BEEN the problem here.

@pingu8007 What has been copy pasted, and why isn't the comment above yours helpful in any way? Your comment is more confusing because you criticize without giving any context whatsoever.

I've been a long time user of SMS Backup+, but I had to replace my phone just before the deadline, getting the replacement after the deadline. As expected, it didn't work at first. I followed the step-by-step instructions from @chwaze and they are working. Even though I did this after the deadline.

Could people experiencing trouble possibly be entering spaces after each 4-letter block of characters in the app password? Google makes it look like there are four blocks of four letters, each separated by spaces.

I want to confirm the security risk I'm taking. Hopefully someone can clarify. The instructions said to use "plain text". Does that mean that my app password is being sent in the clear? So if I'm on a public Wi-Fi, someone could be snooping my password? And then they can act as me with any Google API, including Google Drive as well as Gmail?

Thanks!
-- Ethan

@ner00 Indeed, I should attach the link to the comment on another issue.

I don't think those client secret things are helpful in this issue because SMSbackup+ already has a working OAuth flow. The problem is those scopes aren't useable anymore.

@FoggyEthan plain text doesn't mean your password be sent without any protection. The communication is encrypted with SSL/TLS, and it's safe enough unless you are encountering MITM attack.

I don't think those client secret things are helpful in this issue because SMSbackup+ already has a working OAuth flow. The problem is those scopes aren't useable anymore.

Is that the case though? Why is that, generally, people who had the app installed before the policy change can still keep using the app as if nothing happened? Could it be because the OAuth secret is still cached? Can that be replicated for new users in the way @mavink alluded to?

I think @pingu8007 is not getting it.

I know that a working oauth is not the point. The point is also not that it is an issue for a developer to ship an oauth client secret with his app or host the client secret on web service.

The point is to get permission from Google to use the client secret more than 100 times (per day?) without hitting Google's rate limits or pay $15k to 75k to get it approved past the rate limits.

So instead of the app being linked to one developer oauth account, the app could ask every user to login into developer.google.com and create a client id and client secret for the install of the app on the user's device. That way the install of the app on the user's device uses the client id and secret of the user's developer account not the the app developer's client id and secret.

@mavink similar to what I had in mind here https://github.com/jberkel/sms-backup-plus/issues/959#issuecomment-505647110

Hi, I lost my phone two days ago, was using this app to back up my SMS. Now I would like to restore my SMS in my new phone but the log in does not work for me anymore (the gmail issue). Any ideas how to restore the saved SMS in my Gmail? Thank you.

Hi, I lost my phone two days ago, was using this app to back up my SMS. Now I would like to restore my SMS in my new phone but the log in does not work for me anymore (the gmail issue). Any ideas how to restore the saved SMS in my Gmail? Thank you.

Can you give the instruction a try?
I just wipe my SMSbackup+ configuration and can confirm the instruction is work, but haven't try it with 2FA off.

Just likes @FoggyEthan said, the App-Specified-Password is styled likes there are space between every 4 digit, but they aren't!
The App-Specified-Password only has 16 digits and doesn't contain space.

If you are not using 2FA, follow the instruction until you go to your account setting. You should enable Less-Secure-Application by then, and use your main password at second section of the instruction.

At second section, be mind that Gmail need your FULL email address as login username (Since GSuite share the same host).
Also don't forget to set Security option to TLS.

Hi, I lost my phone two days ago, was using this app to back up my SMS. Now I would like to restore my SMS in my new phone but the log in does not work for me anymore (the gmail issue). Any ideas how to restore the saved SMS in my Gmail? Thank you.

Can you give the instruction a try?
I just wipe my SMSbackup+ configuration and can confirm the instruction is work, but haven't try it with 2FA off.

Just likes @FoggyEthan said, the App-Specified-Password is styled likes there are space between every 4 digit, but they aren't!
The App-Specified-Password only has 16 digits and doesn't contain space.

If you are not using 2FA, follow the instruction until you go to your account setting. You should enable Less-Secure-Application by then, and use your main password at second section of the instruction.

At second section, be mind that Gmail need your FULL email address as login username (Since GSuite share the same host).
Also don't forget to set Security option to TLS.

It WORKS! Thank you very much for very detailed instructions. H.

unfortunately, this procedure seems to fail on family-link connected accounts.

Okay... so mine is working still as of 8/4
But my husband's no longer is.
I'm so confused on how to enable it.
In my "Google Account > Security > Trusted 3rd party apps" SMS Backup is still listed. His it's not. How can I enable it?
I enabled the less trusted apps, but it still won't allow me to connect. Everytime I try it tells me this is not verified by Google & I need to log in, but I can't login. Then SMS backup says the token can't be established & I need to allow...

"Software update available"

• version: g970USQU2ASG8.....
• Security patch level: June 1, 2019

"The security of your device and been improved"

I'm almost afraid to install the newest security update. This one is the samsung update. Most likely includes some of the google updates, possibly 6 months old, but still. I am not sure if they are implementing this from the device or server side, but I've lost too many features when they have "secured" my phone against ways I've approved, and wanted, the device to be used.

Stopped working 2 days ago. Reinstalled. Enabled IMAP. Received unable to get "token" message. Sign-in via browser also unsuccessful. (Keep getting the "app had been temporarily disabled" message.) Sad state of affairs. Hope something can be resolved soon.

Mine died today. Switched to imap.

Just wanted to sincerely thank chwaze for the app password workaround instructions. I was freaking out. SMS Backup+ is one of my favorite apps. I have tasker run an automated sms backup 3 times a day so that i can always have a means to quickly look up my messages.

I really hope that the app creator will have a renewed interest in updating this app and finding a way to obtain the necessary permissions from google as it truly is one of the best android apps available. I hope everyone will consider donating to the cause as well.

Thanks again.

Stopped working 2 days ago. Reinstalled. Enabled IMAP. Received unable to get "token" message. Sign-in via browser also unsuccessful. (Keep getting the "app had been temporarily disabled" message.) Sad state of affairs. Hope something can be resolved soon.

https://github.com/jberkel/sms-backup-plus/issues/959#issuecomment-513018820

Should work for you. Mine stopped yesterday. Up and running with this fix.

Those instructions seem to be for those using 2-step verification. I do not use that. My SMS Backup+ stopped working today and gives me XOAuth authorization error. I have always had IMAP enabled. I noticed that allowing less secure apps had been disabled (not by me) so I re-enabled it, but still can't connect now. Any suggestions? This has always been such a great app. I am wondering how to continue to backup my sms and call log. Forgive any duplication, but I just joined this group and would appreciate some advice.

less secure settings

You will have to go to advance setting SMS Backup+ then go into customize imap and set the imap.gmail.com:993 and use you email as user ID and your password. Make sure the authinication is set to clear text and security is tls.

After that go to a PC and login to gmail, in the right hand corner click the cog then setting then goto the tab "forward and pop/imap". Under the imap access change it to enable.

Now go to you gmail account settings on the left side click security. Scroll down to less secure settings and turn it on.

Now you should be able to continue to use the app. It is just not as secure.

Google will probably not close this method down anytime soon to many developers and admins you this method for logs

I tried this but the option for "less secure settings" is not there. Midway through it says "Third-party apps with account access and "Your devices".

Those instructions seem to be for those using 2-step verification. I do not use that. My SMS Backup+ stopped working today and gives me XOAuth authorization error. I have always had IMAP enabled. I noticed that allowing less secure apps had been disabled (not by me) so I re-enabled it, but still can't connect now. Any suggestions? This has always been such a great app. I am wondering how to continue to backup my sms and call log. Forgive any duplication, but I just joined this group and would appreciate some advice.

I do use two factor authentication, but even without that should work. My imap was always enabled too. Didn't stop google from denying access to the app.

I also could not find "less secure" in my security settings. It would not work with the regular imap method until I enabled the app password. Give it a try if you haven't already. Super easy and it can't hurt.

The Problem is there is no option for an app password unless 2 factor authorization is used! Also, isn't Gmail supposed to automatically backup texts and calls when you sync, even without the SMS Backup+? That also seems to have stopped, which is even more concerning.

@skrosen1 As far as I can tell, Gmail never backup your calls and messages (in a visible way). You should concerned how can your Gmail App access your messages without such permission if it's the case.

If you can't find the less-secure-app section, please check lesssecureapps and enable it. If it says you can't enable it, please post the message here for reference.

Yes, I set it up to do that years ago (there are easy instructions online) but it too has stopped working so it seems something else is also going on.

So you have less-secure-apps enabled, set SMSbackup+ authenticated with your full email address and main password in plaintext mode, and still can't make it work?

If so, post your logs so somebody can check what really happened.

On 2019年8月9日 15:16:30 GMT+08:00, skrosen1 notifications@github.com wrote:

Yes, I set it up to do that years ago (there are easy instructions
online) but it too has stopped working so it seems something else is
also going on.

I had to switch to IMAP yesterday. Works well so far.

For those having difficulty, perhaps try setting up a regular email client (on your desktop, like Thunderbird etc) to see if you can actually make an IMAP connection.

OMG! I got it to work. Thank you all so much. I hadn't realized that IMAP wasn't already set up in advanced settings in the app. The info was greyed out as if it was already entered, but when I switched to plain text from XOAuth2, then it allowed me to enter the necessary info. I'm thrilled that it is working again. Wonderful app!

By the way, does this mean that the app will also work to restore messages to a new device, the way it always did? Do these small adjustments in advanced settings take all the issues away now?

I did notice one last thing. I no longer see the sync log in my files. I can view a log within the app, but there used to a stored log. Hmmm... I'm guessing this is why restore may no longer work. If that's the case, what can be used at this point to restore messages to a new phone?

@jberkel did you happen to get a reference or rejection number when you applied with Google by chance? If so, can you forward that to me? I know a number of people who work in various Google departments and I'd like to see if I can get enough leverage to get the application to be reconsidered and, hopefully, approved. I can try without a reference, but it might be easier if I have something I can give them to look up the application. Thanks for all your hard work over the years!

Can you make sure those backups are labeled with identical IMAP lable you configured in SMSbackup+? Any typo may lead to nothing to restore.
The log file should has nothing to do with restoring and can be removed freely.

The app claims to keep my sync log stored as "sms_backup_plus.log" but there is no longer such an entry in my files on my phone. There definitely used to be one.

Thanks all for the info.
After reading through this thread I am able to get this app working.
Step 1: check lesssecureapps and enable it.
Step 2: In the app select "Advanced settings" --> "Custom IMAP server" --> "Authentication". Click "Plain text". Type in your gmail address and password in the appropriate fields below the authentication selection you just made.
Now you will be able to click the backup button on the app's main page and it'll connect to gmail.

Step1 is not required, when using Step2.

Step1 is only to Activate, when 2fa NOT aktiv!

I guess @conan179 is meaning Step1 is not required when using 2FA.

In shorts,

• https://myaccount.google.com/apppasswords if you DO use 2FA, and
• https://myaccount.google.com/lesssecureapps if you do NOT!
  Those options can't be enabled concurrently, so just pick the one suiting you.

@pingu8007 No!
When using IMAP sync (2fa is on or not), is esssecureapps NOT required,

The esssecureapps Setting is only for XOAuth2. IMAP is not triggering by esssecureapps!

@conan179 You are lucky guy if you can login with main password in plaintext mode without this option.
An application certainly can be authenticated without this option if Google think it's safe, but I can't found any IMAP case around me.

Also, XOAuth2 ("sign in with Google") is thought to be safe according to https://support.google.com/accounts/answer/6010255, it's strange that you need to enable it for XOAuth2 🤔

I'm not sure what 2FA is but for me the service couldnt access gmail without step 1

@schmitt-kevin https://en.wikipedia.org/wiki/Multi-factor_authentication

@Conan179 ah thank you

I see that my 2FA is already disabled in gmail security so step 1 seems to be a must for me.

After plugging my email address and a generated app password into the appropriate fields, it took a bit of random guessing to get imap.gmail.com:993 with TLS but now it seems to be working.

I do wonder why, in 2019, does anyone still _not_ use 2FA? It's almost a standing joke: _most people who don't use 2FA fall into two groups: those who've been compromised, and those who don't yet know they've been compromised_.

Or let me put that another way: don't bother with option 1; just turn on 2FA on your account, and use option 2.

2fa donst work with IMAP, SMTP or POP3.
The only Mail acces.
All other Google acces(calender,Contats,Apps) using XOAuth2 and this are using 2fa.

@conan179 the point of using generated app passwords is that they bypass the 2FA check in a restricted and controlled manner, suitable for use in protocols like IMAP that don't support OAUTH directly.

You can leave 2FA on for everything else.

If you already use 2FA on your account, do not downgrade your security by turning it off.

True.
lesssecureapps donst make a canche with the Apppassword.

Many, many thanks to everyone ... and especially @jberkel.

I'm sure this isn't true, but if @jberkel is a bad actor, and we implement the workaround in this comment (assuming we have 2FA turned on), what access does @jberkel have to our Google account?

I assume 2FA would prevent @jberkel from logging into my Google account, but what can be done b/c I've created an App password and shared it in SMS Backup+?

Thanks!

I found where the sync log is stored. It used to be a standalone entry but now appears in zegoggles in android data subfile.

So, will it still be able to restore to a new device?

@skrosen1 In short, yes. I have the log disabled on my device and I've restored many times.

As pingu8007 posted above:

Can you make sure those backups are labeled with identical IMAP lable you configured in SMSbackup+? Any typo may lead to nothing to restore. The log file should has nothing to do with restoring and can be removed freely.

@cognomore I'm sure there's a more detailed official google link somewhere, but if this app were malicious or compromised a bad actor would at least have read+write+delete access to all your gmail emails. Furthermore, this access would NOT be prevented by 2FA; in fact, the whole purpose of using app passwords is to bypass 2FA. However, you can also revoke that authorization at any time by going to "manage app passwords", and removing the access for this app. I'm unsure if you can use app passwords for other types of account access beyond email (like for gapps, etc).

As kurahaupo said above:

the point of using generated app passwords is that they bypass the 2FA check in a restricted and controlled manner, suitable for use in protocols like IMAP that don't support OAUTH directly.

That said, I've used this app for the better part of a decade with no surprises, so I highly doubt @jberkel is a bad actor, but I also understand that code compromises can and do happen, and there is some level of risk/trust one must be comfortable with when allowing these permissions.

I'm not sophisticated with computers/android...I believe that you all have found a way to use the sms backup now...can someone please explain to me what to do to use it in layman terms

@1lefty1 this, this and this

Hello all.
Even if my application still works without authentication problem, since I've installed it on my phne many years ago, I've been following your discussion. Yesterday, just to be sure I understand things that I've been said about application passwords, I've reviewed my Google account security settings. And, just after that, my application stopped working, throwing an authentication error. How ever, I've just displayed several pages about security features, and without changing anything. So I've tried what someone has described about "application password". First I have set back the two factors authentication that I tried some time ago but that I had disabled next. This is the requirement to access the application password feature. I've created one for SMS Backup, and changed the application authentication mode to use it. And... IT WORKS !
I hope this can help others to make their authentication work too.
Regards.

I'm not sophisticated with computers/android...I believe that you all have found a way to use the sms backup now...can someone please explain to me what to do to use it in layman terms

Turn on 2 factor authentication

Then follow steps here :
https://github.com/jberkel/sms-backup-plus/issues/972

Thanks to all

@jberkel I tried following the steps for 2FA enabled and disabled, but I get the same error message from SMSBackup: "username not set". I verified that my email is filled in, what am I missing here?

Hello! I would like to express my thanks for this program being available, and I hope that the developer is able to get it sorted with Google for it to be a 'verified' app (just so it stays available and supported). For me it's very important both to archive and have access to old texts, and so I am very grateful to this program (and I have donated to the developer accordingly, and I hope everyone else does as well). Anyway, thanks again, and I hope this app stays available for a long time to come!

P.S. the 'app password' workaround described above worked great for me. It keeps 2FA working. Thanks to the community as well for identifying this workaround.

I've been a longtime SMS Backup+ user, it is easily one of the best apps on my phone, hands down. So, it was with much angst that I got the message that Google was clamping down. I use 2FA (really, it's 2SV, but I digress).

I really appreciate the guidance y'all provided to switch my app settings, and then create an app-specific password. SMS Backup+ is once again working on my phone.

Cheers.

I'll echo the appreciation and thanks that others have expressed for the workaround solution. It's back up and working again for me also. It's no longer backing up my call log, but in all honesty I don't really care about that. (I mean after all it just shows that a call was made or received, not the content of the call.) Text message backups were they only thing I really use it for, and it's once again working fine. The 2-tier security system that's been activated on the account gives added piece of mind, and it only takes an extra second or two to retrieve code and type it in when using your PC. I'm grateful to Jan for developing this valuable app all these years ago, and to those who provided the work-around for the current issue. Once again, thanks.

You will have to go to advance setting SMS Backup+ then go into customize imap and set the imap.gmail.com:993 and use you email as user ID and your password. Make sure the authinication is set to clear text and security is tls.

After that go to a PC and login to gmail, in the right hand corner click the cog then setting then goto the tab "forward and pop/imap". Under the imap access change it to enable.

Now go to you gmail account settings on the left side click security. Scroll down to less secure settings and turn it on.

Now you should be able to continue to use the app. It is just not as secure.

Google will probably not close this method down anytime soon to many developers and admins you this method for logs

I am in awe of your genius. Thank you for sharing it with lesser mortals such as me.

The app stopped working suddenly about 10 days ago. I couldn't make sense of this as I assumed the verification had to be on the way.
Anyhow I just tried the IMAP server solution and it worked fine for text messages and the call log.
Thanks guys!
Been using this amazing app forever - don't remember how long or how many phones and it's invaluable.

I cannot get this to work. It is telling me : IMAP authorization error. Make sure login and password are set correctly.

Questions: Do I use my actual gmail address as my user ID and I use my actual gmail address as my password? Or do you mean that I should use my gmail's password as the password? I've tried both to no avail.

Also, I cannot find anywhere where I am supposed to do the following:
Now go to you gmail account settings on the left side click security. Scroll down to less secure settings and turn it on.
I cannot find where this is.

HELP! I love SMSbackup + and have been using it for years, storing nearly 100K messages. I need this.

Note that I am not a developer and I do not code. Flying blind here.

I cannot get this to work. It is telling me : IMAP authorization error. Make sure login and password are set correctly.

Questions: Do I use my actual gmail address as my user ID and I use my actual gmail address as my password? Or do you mean that I should use my gmail's password as the password? I've tried both to no avail.

Also, I cannot find anywhere where I am supposed to do the following:
Now go to you gmail account settings on the left side click security. Scroll down to less secure settings and turn it on.
I cannot find where this is.

HELP! I love SMSbackup + and have been using it for years, storing nearly 100K messages. I need this.

Note that I am not a developer and I do not code. Flying blind here.

I'm not a programmer either. No worries, if you found your way to be able to comment here in Github, it's well within your skill set, with a little patience and stick-to-it-ness.

First question - do you use 2-factor authentication/2-step verification for your gmail? (you should! but, if not, this process will be easier).

If you do not use 2FA/2SV, then, yes, you follow jasonfahaught's comment above, using your gmail address and gmail password.

If you are using 2FA/2SV, then you've first got to generate an app-specific password, and that's the password you'll use in the above instructions instead of your regular gmail password. To generate an app-specific password, see https://github.com/jberkel/sms-backup-plus/issues/972#issue-479136399

I followed all the above, and it's working again (better/faster than it was before, actually!)

Also, I cannot find anywhere where I am supposed to do the following:
Now go to you gmail account settings on the left side click security. Scroll down to less secure settings and turn it on.

Google for ”google less secure access” and then read the first link.

And use you address as username and your password as password, of course.

Thank you for all your help , I will try it again when I have a moment to concentrate on all of this. I'll report back with the results, hopefully as a satisfied customer.

<<

@Chicagoguy1

Open the app on your phone.

Tap "Advanced settings".

Tap "Custom IMAP server".

Then follow the instructions earlier in the thread.

@Chicagoguy1

Open the app on your phone.

Tap "Advanced settings".

Tap "Custom IMAP server".

Then follow the instructions earlier in the thread.

Many thanks! I was trying to go through application manager- didn't occur to me to open the app. Still can't get it to connect though. If anyone is willing to review my settings I'd appreciate it. I have iMap enabled in gmail. I am not using 2-factor authentication. I was already set to imap.gmail.com:993. I enabled clear text. I entered my gmail username (email) and gmail password in advanced settings. Security is TLS. Getting "unable to connect."

Hi @Chicagoguy1.

I wonder if you’re using your proper Gmail account password? If so, this
may be your issue. You need to generate an App password for IMAP.

Here's the general guide for creating an app password for IMAP which I've
used successfully (thank you to tomswartz07 and Jasonfhaught for providing these instructions earlier in this thread. I'm merely copying you):

1. Log into Gmail
2. Click on your photo in the top right corner
3. Click on the button “My Account“
4. In the left menu bar click on “Sign into Google“
5. Under “Password & sign-in method” (first block on the right side)
   click on “App passwords“
6. You are required to login again. Log in using your normal email
   address and password.
7. From the drop down list “Select App” select the option “Mail“
8. From the drop down list “Select Device” select the option “Other
   (Custom name)“
9. Enter a name for the service, for example “SMSBackup+“
10. Click the button “Generate“
11. The application specific password is generated, write it down in a
    safe place as it will only be displayed once.
12. Then go through the steps on the SMS Backup+ App like you did before.

After setting this up, you should be able to use your normal password
linked to the email address that you've linked to SMSBackup+

Hope this helps.

On Wed, 14 Aug 2019 at 12:42, Chicagoguy1 notifications@github.com wrote:

@Chicagoguy1 https://github.com/Chicagoguy1

Open the app on your phone.

Tap "Advanced settings".

Tap "Custom IMAP server".

Then follow the instructions earlier in the thread.

Many thanks! I was trying to go through application manager- didn't occur
to me to open the app. Still can't get it to connect though. If anyone is
willing to review my settings I'd appreciate it. I have iMap enabled in
gmail. I am not using 2-factor authentication. I enabled clear text. I
entered my gmail username (email) and gmail password in advanced settings.
Security is TLS. Getting "unable to connect."

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/jberkel/sms-backup-plus/issues/959?email_source=notifications&email_token=AD6OXVSB4FHSCODCIUWUQZ3QENWKZA5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4HQ7WQ#issuecomment-521080794,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AD6OXVT4DUI6NJDS44GP25DQENWKZANCNFSM4HYI7LTQ
.

Forgive me for being unskilled and just uneducated regarding programming / coding .
Is GMAIL the only email that sms backup+ will work with?

XOAuth2 method, yes. XOAuth2 is a variant of OAuth2, proposed and used only by Google.
For plaintext method, no. SMSbackup+ can work with any mail services that supporting IMAP protocol.
Those limitations applied to both sms and call log. In addition to backup call log to mail server, events added can be synchronized to any calendar services as long as you choose the right calendar, thanks Android's calendar provider mechanism.

Thanks for this YMJH. I experimented with app passwords the other night when I had 2-step auth turned on, but couldn't make anything work. Are you sure I need an app password considering I have 2-step auth turned off?

Hi @Chicagoguy1. I wonder if you’re using your proper Gmail account password? If so, this may be your issue. You need to generate an App password for IMAP. Here's the general guide for creating an app password for IMAP which I've used successfully (thank you to tomswartz07 and Jasonfhaught for providing these instructions earlier in this thread. I'm merely copying you): 1. Log into Gmail 2. Click on your photo in the top right corner 3. Click on the button “My Account“ 4. In the left menu bar click on “Sign into Google“ 5. Under “Password & sign-in method” (first block on the right side) click on “App passwords“ 6. You are required to login again. Log in using your normal email address and password. 7. From the drop down list “Select App” select the option “Mail“ 8. From the drop down list “Select Device” select the option “Other (Custom name)“ 9. Enter a name for the service, for example “SMSBackup+“ 10. Click the button “Generate“ 11. The application specific password is generated, write it down in a safe place as it will only be displayed once. 12. Then go through the steps on the SMS Backup+ App like you did before. After setting this up, you should be able to use your normal password linked to the email address that you've linked to SMSBackup+ Hope this helps.
…
On Wed, 14 Aug 2019 at 12:42, Chicagoguy1 @.*> wrote: @Chicagoguy1 https://github.com/Chicagoguy1 Open the app on your phone. Tap "Advanced settings". Tap "Custom IMAP server". Then follow the instructions earlier in the thread. Many thanks! I was trying to go through application manager- didn't occur to me to open the app. Still can't get it to connect though. If anyone is willing to review my settings I'd appreciate it. I have iMap enabled in gmail. I am not using 2-factor authentication. I enabled clear text. I entered my gmail username (email) and gmail password in advanced settings. Security is TLS. Getting "unable to connect." — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#959?email_source=notifications&email_token=AD6OXVSB4FHSCODCIUWUQZ3QENWKZA5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4HQ7WQ#issuecomment-521080794>, or mute the thread https://github.com/notifications/unsubscribe-auth/AD6OXVT4DUI6NJDS44GP25DQENWKZANCNFSM4HYI7LTQ .

Also those instructions don't work for me at all. What platform are they for? There's no "my account" button, just the word "account." When I click it I am not prompted to sign in. There is nothing anywhere that says "password and sign in method." etc....

Well, I have 2 step verification turned on (I did not turn it off at any
stage before or during set up) and it worked okay for me. I am far from an
expert and am repeating steps in this thread that helped me. My tip is to
try with and, if no success, without 2 step verification and see if one
works for you.
Good luck and please tell if you're successful 😊.

On Thu, 15 Aug. 2019, 09:04 Chicagoguy1, notifications@github.com wrote:

Thanks for this YMJH. I experimented with app passwords the other night
when I had 2-step auth turned on, but couldn't make anything work. Are you
sure I need an app password considering I have 2-step auth turned off?

Hi @Chicagoguy1 https://github.com/Chicagoguy1. I wonder if you’re
using your proper Gmail account password? If so, this may be your issue.
You need to generate an App password for IMAP. Here's the general guide for
creating an app password for IMAP which I've used successfully (thank you
to tomswartz07 and Jasonfhaught for providing these instructions earlier in
this thread. I'm merely copying you): 1. Log into Gmail 2. Click on your
photo in the top right corner 3. Click on the button “My Account“ 4. In the
left menu bar click on “Sign into Google“ 5. Under “Password & sign-in
method” (first block on the right side) click on “App passwords“ 6. You are
required to login again. Log in using your normal email address and
password. 7. From the drop down list “Select App” select the option “Mail“

1. From the drop down list “Select Device” select the option “Other (Custom
   name)“ 9. Enter a name for the service, for example “SMSBackup+“ 10. Click
   the button “Generate“ 11. The application specific password is generated,
   write it down in a safe place as it will only be displayed once. 12. Then
   go through the steps on the SMS Backup+ App like you did before. After
   setting this up, you should be able to use your normal password linked to
   the email address that you've linked to SMSBackup+ Hope this helps.
   … <#m_-4336130681117046909_m_5883488140168014153_>
   On Wed, 14 Aug 2019 at 12:42, Chicagoguy1 @.*> wrote: @Chicagoguy1
   https://github.com/Chicagoguy1 https://github.com/Chicagoguy1 Open the
   app on your phone. Tap "Advanced settings". Tap "Custom IMAP server". Then
   follow the instructions earlier in the thread. Many thanks! I was trying to
   go through application manager- didn't occur to me to open the app. Still
   can't get it to connect though. If anyone is willing to review my settings
   I'd appreciate it. I have iMap enabled in gmail. I am not using 2-factor
   authentication. I enabled clear text. I entered my gmail username (email)
   and gmail password in advanced settings. Security is TLS. Getting "unable
   to connect." — You are receiving this because you commented. Reply to this
   email directly, view it on GitHub <#959
   https://github.com/jberkel/sms-backup-plus/issues/959?email_source=notifications&email_token=AD6OXVSB4FHSCODCIUWUQZ3QENWKZA5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4HQ7WQ#issuecomment-521080794>,
   or mute the thread
   https://github.com/notifications/unsubscribe-auth/AD6OXVT4DUI6NJDS44GP25DQENWKZANCNFSM4HYI7LTQ
   .

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/jberkel/sms-backup-plus/issues/959?email_source=notifications&email_token=AD6OXVQH7MBVN5OEUYAS4ZLQESJB5A5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4KNBMA#issuecomment-521457840,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AD6OXVXNUBVTVOLSL7RUDVTQESJB5ANCNFSM4HYI7LTQ
.

I can confirm that app passwords are only needed to get around two-step authorization and you will not see the option to create them in gmail if it's turned off. I think I have it working now... not sure what I changed but it could have been as simple as a mistyped account password.I also enabled "trust all certificates." Once it's done backing up I'll disable that to see if it makes a difference.

On Wed, Aug 14, 2019, at 6:52 PM, YMJH wrote:

Well, I have 2 step verification turned on (I did not turn it off at any
stage before or during set up) and it worked okay for me. I am far from an
expert and am repeating steps in this thread that helped me. My tip is to
try with and, if no success, without 2 step verification and see if one
works for you.
Good luck and please tell if you're successful 😊.

On Thu, 15 Aug. 2019, 09:04 Chicagoguy1, notifications@github.com wrote:

Thanks for this YMJH. I experimented with app passwords the other night
when I had 2-step auth turned on, but couldn't make anything work. Are you
sure I need an app password considering I have 2-step auth turned off?

Hi @Chicagoguy1 https://github.com/Chicagoguy1. I wonder if you’re
using your proper Gmail account password? If so, this may be your issue.
You need to generate an App password for IMAP. Here's the general guide for
creating an app password for IMAP which I've used successfully (thank you
to tomswartz07 and Jasonfhaught for providing these instructions earlier in
this thread. I'm merely copying you): 1. Log into Gmail 2. Click on your
photo in the top right corner 3. Click on the button “My Account“ 4. In the
left menu bar click on “Sign into Google“ 5. Under “Password & sign-in
method” (first block on the right side) click on “App passwords“ 6. You are
required to login again. Log in using your normal email address and
password. 7. From the drop down list “Select App” select the option “Mail“

1. From the drop down list “Select Device” select the option “Other (Custom
   name)“ 9. Enter a name for the service, for example “SMSBackup+“ 10. Click
   the button “Generate“ 11. The application specific password is generated,
   write it down in a safe place as it will only be displayed once. 12. Then
   go through the steps on the SMS Backup+ App like you did before. After
   setting this up, you should be able to use your normal password linked to
   the email address that you've linked to SMSBackup+ Hope this helps.
   … <#m_-4336130681117046909_m_5883488140168014153_>
   On Wed, 14 Aug 2019 at 12:42, Chicagoguy1 @.*> wrote: @Chicagoguy1
   https://github.com/Chicagoguy1 https://github.com/Chicagoguy1 Open the
   app on your phone. Tap "Advanced settings". Tap "Custom IMAP server". Then
   follow the instructions earlier in the thread. Many thanks! I was trying to
   go through application manager- didn't occur to me to open the app. Still
   can't get it to connect though. If anyone is willing to review my settings
   I'd appreciate it. I have iMap enabled in gmail. I am not using 2-factor
   authentication. I enabled clear text. I entered my gmail username (email)
   and gmail password in advanced settings. Security is TLS. Getting "unable
   to connect." — You are receiving this because you commented. Reply to this
   email directly, view it on GitHub <#959
   https://github.com/jberkel/sms-backup-plus/issues/959?email_source=notifications&email_token=AD6OXVSB4FHSCODCIUWUQZ3QENWKZA5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4HQ7WQ#issuecomment-521080794>,
   or mute the thread
   https://github.com/notifications/unsubscribe-auth/AD6OXVT4DUI6NJDS44GP25DQENWKZANCNFSM4HYI7LTQ
   .

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/jberkel/sms-backup-plus/issues/959?email_source=notifications&email_token=AD6OXVQH7MBVN5OEUYAS4ZLQESJB5A5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4KNBMA#issuecomment-521457840,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AD6OXVXNUBVTVOLSL7RUDVTQESJB5ANCNFSM4HYI7LTQ
.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/jberkel/sms-backup-plus/issues/959?email_source=notifications&email_token=AM4VKYF3KISZTX4747DUWP3QESLC3A5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4KN24I#issuecomment-521461105, or mute the thread https://github.com/notifications/unsubscribe-auth/AM4VKYGLK2JFFFXTO3TSEXDQESLC3ANCNFSM4HYI7LTQ.

--
Howard Kaplan
[email protected]

Well, it seems to be backing up to my gmail again, but for some reason the "SMS with" messages are not forwarding to my fastmail account (but other gmail messages are) where I read everything. I know it's a longshot that someone here might care about that problem... something about enabling plaintext or TLS is causing this maybe?

@chicagoguy1 Unless you are MITM yourself or you understand what you are doing, turn "trust all certificates" off NOW. You are putting yourself in dangerous.
Google it if you're wondering what is MITM.

@chicagoguy1...ditto what @PinGu said.
Great you've got SMS Backup+ working though.

On Thu, 15 Aug. 2019, 10:12 PinGu, notifications@github.com wrote:

@chicagoguy1 Unless you are MITM yourself or you understand what you are
doing, turn "trust all certificates" off NOW. You are putting yourself in
dangerous.
Google it if you're wondering what is MITM.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/jberkel/sms-backup-plus/issues/959?email_source=notifications&email_token=AD6OXVQHZNCT5J3HEDY7BRTQESQ5PA5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4KQG7I#issuecomment-521470845,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AD6OXVRZA7L6YYK2NUHJ3XLQESQ5PANCNFSM4HYI7LTQ
.

Allright, I turned it off and it's still backing up to gmail but for whatever reason not forwarding, thanks.

On Wed, Aug 14, 2019, at 7:42 PM, PinGu wrote:

@chicagoguy1 Unless you are MITM yourself or you understand what you are doing, turn "trust all certificates" off NOW. You are putting yourself in dangerous.
Google it if you're wondering what is MITM.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/jberkel/sms-backup-plus/issues/959?email_source=notifications&email_token=AM4VKYEZ7YMFG3PWFMPQCULQESQ5XA5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4KQG7I#issuecomment-521470845, or mute the thread https://github.com/notifications/unsubscribe-auth/AM4VKYFN7RS73ZA4FXOIGJ3QESQ5XANCNFSM4HYI7LTQ.

Does SMS Backup+ basically generate an e-mail to create the individual backup, or does it happen some other way? Trying to figure out why these messages are no longer being treated like other incoming messages (by gmail or fastmail.)

This app is the main reason I use Android over iOS, and a critical part of my business. When I find the time, I will write Google a bit long email and flame them. Thanks Jan, sorry to hear this.

Think I followed Jason instructions and got this email "Someone just used your password to try to sign in to your account from a non-Google app. Google blocked them, but you should check what happened. Review your account activity to make sure no one else has access."

What did I do wrong ?

@airnerd If your not using 2FA and they're failed synchronization near the time specified in message, you probably had everything done correctly.
If not, your password may be leaked.

To solve synchronization fail: (a) try again later. (b) consider switching to 2FA and app-specified-password solution.

I tried again and found the accept lass secure apps switch had gone default I turned it on and backup appears to be running

Ty for our response :) what do you mean by " your password may be leaked." ? which also begs the question , is the acceptance of less secure apps a huge risk ?

@airnerd Google has been trying to trick people into not using less secure apps and blocking them randomly

I just read that GMail Suite will be eliminating the ability to select less secure apps in October.  You will only be able to use less secure apps after this change in the future if it is selected on your account prior to their eliminating our ability to do so!  This is really important for people to know.  
Does anybody know how to set SMS Backup+ to work on AOL?  I would love to have both, just in case.

-----Original Message-----
From: Bitpop notifications@github.com
To: jberkel/sms-backup-plus sms-backup-plus@noreply.github.com
Cc: skrosen1 skrosen1@aol.com; Mention mention@noreply.github.com
Sent: Thu, Aug 15, 2019 1:04 am
Subject: Re: [jberkel/sms-backup-plus] G Suite notice about SMS Backup+ becoming restricted (#959)

@airnerd Google has been trying to trick people into not using less secure apps and blocking them randomly—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

There IS a workaround!!! https://support.google.com/accounts/answer/185833 create an App password. This will allow SMS Backup+ to access Gmail via IMAP without having access to your main password. Google doesn't block this method.
BTW, I just made a donation too. I hope @jberkel continues developing the App. Make the new version that aligns with Google's policies a paid app.

@mtiday That method has been mentioned a bunch of times before, but I don't blame you because the topic is getting longer and longer. But for the sake of others I'll leave a link to a post within this issue thread which is far more detailed and helpful: https://github.com/jberkel/sms-backup-plus/issues/959#issuecomment-513018820

NOTE: This method expressly needs _2-Step Verification_ enabled, if you haven't already just do it. Don't worry, it's not a big deal to manage and brings extra security overall: https://support.google.com/accounts/answer/185839

Just to note and clarify possible confusions: The use of app-specific password or 2-step verification is recommendable, but optional.

To reenable SMSBackup+ function (with both GMail and Google Calendar) it is enough to use your password in plain text in the app and activate ”less secure apps” access in your Google account.
https://myaccount.google.com/lesssecureapps

As a general guide, you have to activate IMAP access in your GMail (if you still have not done it in the past) and then use SMSBackup+ as a normal IMAP app. To do it go to ”Server settings” and set:

• Authentication: Plain text
• Server address: imap.gmail.com:993
• Security: TLS
• Trust all certificates: No
• Username: your Google full email address.
• Password: your Google password.

(Maybe this could change in the future, but it is checked as of August 17th, 2019)

Options:

1. Is there a lightweight IMAP email server for Mac, Linus or Windows that we can install locally, send all SMS Backups to that local server, and have that server automatically Forward to Gmail?
2. I have tried this yet, but can SMS Backup forward all SMS, MMS and Call Logs as 'Events' to a separate CallSMSMMS Calendar in Google Calendar, and then have Google Calendar sync with Gmail?
   I am an attorney and I use SMS Backup for time tracking and protected/searchable storage in Gmail for Call Records, and texts from clients who insist on texting even though I 'prohibit' the practice because of risk of loss of the important communications.

Malversan, thank you for the instructions to re-enable SMS Backup+. Please clarify where to locate the "Server Settings" you mentioned. Is this within Gmail? Which tab? I see nothing labeled "Server Settings".

Malversan, I found the settings: in the app on the phone, Advanced Settings, Custom IMAP server.

I just hope that eventually this app can meet the criteria necessary to work as before without lowering the security setting.

@billiegote See the post from @ner00 above. His link to the #959 (comment) and the note about enabling 2 factor auth should point you in the right direction.

Unfortunately, I cannot risk the lowered security login for Gmail with continuous transmitting of the unencrypted password. My emails contain attorney-client confidential communications.

"All’s well that ends well ... until it doesn’t. Mistakes can be expensive … Call me first”

Thank you,
Allan C. Aksell, Esq.
Aksell & Vargo, PA
PO Box 607734
Orlando, FL 32860
Phone: 407.293.1091
Fax: 407.536.5829
Email: Allan.[email protected]

On Aug 20, 2019, at 8:29 AM, Michael Tiday notifications@github.com wrote:

@billiegote https://github.com/billiegote See the post from @ner00 https://github.com/ner00 above. His link to the #959 (comment) https://github.com/jberkel/sms-backup-plus/issues/959#issuecomment-513018820 and the note about enabling 2 factor auth should point you in the right direction.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub https://github.com/jberkel/sms-backup-plus/issues/959?email_source=notifications&email_token=AM5WLEDCI2NUUYRHIZWI3EDQFPPUHA5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4WDQNI#issuecomment-522991669, or mute the thread https://github.com/notifications/unsubscribe-auth/AM5WLEG7V56H3CRLPSFIDL3QFPPUHANCNFSM4HYI7LTQ.

Less-secure-app or plaintext password WON'T transmit your password without protection, and WON'T let anybody on the net sniffing your communication.
Your every byte is transmitted inside a industry-proven secure tunnel called SSL/TLS.
Unless you're under attack or MITM your self, the risk of enabling less-secure-app and/or using plaintext password aren't any higher than sharing your password with your colleagues.

@pingu8007 makes a good point. "Plain Text" means that the app password is stored on your phone in plain text. It is transmitted encrypted to Google.

with continuous transmitting of the unencrypted password.

That would only happen if you use apps that login with zero security. And as @pingu8007 said, SMSBackup+ is NOT one of those apps.

You can trivially set a high security level (the same you use when you browse secure sites) just using SSL encryption to communicate the app with the GMail IMAP server. In my instructions I explained how.

Just found the simplest way from reading the reviews on SMS Backup+ download app. in goggle play store. This is from Melissa Colombo....I love you Melissa, thanks! I've tried all the above solutions and none works until I read Melissa. Just follow her easy instructions and it works perfectly;
To everyone bummed that this is not working anymore, fret not! There is a work around. 1. Install firefox browser on your phone. 2. Login to google in firefox with the same google account for your google play store. 3. Go to the SMS Backup+ app on your phone and disconnect your email from the app.(Settings/App Manger/SMS Back+/clear data/clear cache) 4. Reconnect your email address to the app. 5. A warning will appear that the app couldn't connect with your google account and asks if you want to try through another browser. Click to continue. 6. A pop-up will ask which browser, select Firefox. 7. When firefox comes up, you will already be logged in, so just click through the prompts. 8. You will be returned to the SMS Backup+ app, select backup. The app will ask if you want to backup EVERYTHING on the phone. If you haven't backed up in awhile, this may be a good idea, but it will take a bunch of time. Be prepared for a longggg backup time.

My Final thoughts.....this is by far the best backup app out there and hope this will continue working, again thank you Melissa!!!

Login to google in firefox with the same google account.
...
When firefox comes up, you will already be logged in.

Good if it serves for you. But do you have to do that previous cleaning and relogging each time you do a backup/restore? What happens with unattended scheduled backups, when Firefox is not opened?

Good if it serves for you. But do you have to do that previous cleaning and relogging each time you do a backup/restore? What happens with unattended scheduled backups, when Firefox is not opened?

If you stay logged into your gmail account from Firefox I don't see a problem. I've just backed up 2 phones and it works just like before.....my advice is try it and find out.

If you stay logged into your gmail account from Firefox I don't see a problem.

The problem (and it is very obvious) is that you are not in a PC. You cannot control having an app (Firefox) always opened in a mobile device, as the system should close it automatically to save battery or free needed memory.

Does the backup still work if Firefox is closed? Or after some time, when Android closes it automatically as you go opening other apps? I ask it seriously, as you say there is no problem in that circumstance.

You have neither answered the question. Do that cleanup and relogging should be done once and again, or something is saved into SMSBackup+ configuration that saves the user from repeating the process (after a reboot, for example)?

In my opinion YOU should try it and find out before claiming victory, as you have not come with a permanent solution. You have just tested your foreground scenario, so you found an interesting but elaborated way to do an INTERACTIVE backup/restore. But it is good if it serves for you.

Hello everyone. I'm sorry about this situation, SMS Backup+ will no longer have access to Gmail, mainly because it's not an email reading app.
[ . . . ]
I'm not sure what to do at this point, either remove the app from the store or release a new version which removes the automatic account setup, since that is broken / will be broken soon.

@jberkel - Is there any sort of appeal process? Would it help having users e-mail/submit/push/report with it to show their support? I guess, basically, is there anything we can do to try to change Google's mind on this? Anything we can do to help?

The end result is great: individual eml messages and attachments in a powerful Gmail server, but Gmail security is becoming the brickwall. I assume you grab all the SMS, MMS and Call Log entries on the phone, then convert them into either a csv or datatable or individual .eml files, and then negotiate the login to Gmail and push them in as new messages. BUT, Gmail negotiation is the problem now, and you can get to the same end result without negotiating with Gmail. Why not take the csv/datatable/.eml formated data/messages and feed it into a dedicated/embedded email client or server (or any client that will work), push them into the outbox or initiate a batch 'composing', and let that client negotiate with Gmail (or any other email server) and send the messages as its own? That is what they do as email clients. You may run into some bulk sending issues based on the number of messages, but that is what MailChimp does (for a fee): feed it a batch, it converts/composes each message as its own, and then sends it. OR, is there any email server around (e.g. MSN, Hotmail, AOL...) that you can easily switch to? Once you send/upload to that server, then that server can be set to regularly Forward all the messages to Gmail = exact same end result. Any email server, not just Gmail, provides lots of safe, searchable, archivable storage, and that is the beauty of SmartBackup+, instead of batch archive files. All the users need to do is create an account with another email server with the sole purpose of accepting SmartBack uploaded messages, and then auto-forwarding to whatever email server you like. I switched from Yahoo and other email servers to Gmail, and used the auto-forward to transfer and eventually kill off the old email address/server. If bandwidth and computers were free, you could even use a dedicated Sendmail server that ALL Smartbackups are sent to, and all users would create separate accounts with separate POP or IMAP forwarding instructions to their end email provider, and the Sendmail server would be a pass-through provider (no storage) of the backup messages. But 'hey', I'm just an attorney...

No, the result are not the same.

You lost EVERYTHING you can use to distinguish between them. This was
discussed hundreds comments ago.
Once you compose them again, you no longer remember who calls or send what
to you at when. Everything but the time you sent message to yourself are
gone.
You also lost the ability to restore them to your phone, FOREVER. That's
NOT what we are looking for.

Forward all the messages to Gmail = exact same end result.

That is far from being true. SMSBackup+ stores messages preserving the sender/receiver and the exact time stamp of SMS and calls. All that information is lost if you use email forwarding, along with any restoring capabilities.

If you just need to store a readable copy of your SMS and call log in a secure place, there are plenty of apps out there that use Google Drive for that purpose. You will for sure find one that does what you need in a less complicated way.

I think Google should hire @jberkel and make the SMSBackup+ a feature of Android.

This discussion is all over the place at this point but I thought I'd try this again: I formerly had all of my texts that came into my gmail account forwarding to my fastmail where I read everything (I virtually never log into gmail.) I was able to get SMS Backup+ sending to gmail again using the methods described here, but now they're not forwarding to fastmail along with other gmail messages. Any of you smart folks able to explain why? I can log into gmail to see them but they're kind of off my radar otherwise.

I thought I posted a comment thanking everyone for helping me get my SMSBackup + running again, but I don't see it, so sorry if this is redundant. THANK YOU!! And a shout out to @jberkel for creating a great app, one I cannot live without. I agree with Jonl722, Google should hire you!

Hi I am so sorry I am super low tech person but one who is grateful to @janberkel for this app since 2015.
I am confused: post by @cashell 4 days suggests to me there is no solution yet, but post by @easp3400 suggests there is. While this is being sorted out, I haven't had backup since Aug 7 so felt had no choice but to turn SMS Backup & Restore as alternative. Will be waiting to return to SMS Backup once it all works out. Sorry @malversan I don't know how to contribute to solution other than suggest alternative to low techers like me while smarties like you and others figure a perm solution. Thank you all!

There is no need to apologize at all, @aishayeoh. Certainly ”SMS Backup & Restore” is a very good and versatile app. You brought a permanent solution for everyone that just wants one of the main features considered here: backup and restore SMS messages and call logs in the cloud in a secure and automatized way. Thanks for that.

The thing that makes SMSBackup+ different (a lot) is enabling Google Calendar and GMail search capabilities to look for specific SMS or calls. But for the backup/restore part, there are other capable and also free alternatives out there, as @aishayeoh just demonstrated.

Losing a great app. Been using this for long & now dont know what to do???

Can anyone pls suggest an alternate??

Can anyone pls suggest an alternate?

Can you please read the previous messages?

Guys try this solution as alternative: https://llamalab.com/automate/community/flows/6222

Guys try this solution as alternative.

Guy, READ THE PREVIOUS INFO before adding unuseful noise to the thread.

Your solution is not full, not free, not versatile, not standalone, and it even requires manual configuration. That's plainly a pile of crap compared to the much better solution that was posted just two messages before.

So please, FOR YOUR OWN GOOD, READ THE PREVIOUS MESSAGES before posting your particular solution without thinking even for a second if it is suitable for anyone else. Otherwise you are not helping users, but confusing them.

I suggest to close this issue, and lock/tag it with wontfix if possible. There are nothing we can do on Google's unilateral decision.

A discussion of alternative product is off topic and has no help fixing this issue, and almost all information required to make this App work again are mentioned in previous comments.

For discussion about how to make Google accept this App, I think there should be a dedicated issue.

Any recommendation?

I think that's a good idea. It might also be good to create a new issue with just the clear instructions and have that locked and pinned or somehow conspicuously featured here so that newcomers won't have to dig for it.

I totally agree with the proposal, as this thread is becoming a landing track for lazy people that just adds noise or redundance because they do not take any effort in reading the info already posted.

I also agree with the themes proposed as separate threads:

• How to configure SMSBackup+ and Google account to continue working.

Detailed and clear step-by-step instructions for unskilled users, and nothing more. That includes:

1. SMSBackup+ app configuration to use GMail IMAP.
2. Activating IMAP in GMail.
3. Activating less secure apps in Google account.
4. (For the security paranoids) Possible variant with Google's app-specific password.
5. (For the security paranoids) Posible variant with 2-step verification, if applicable.

Maybe alternative apps could also be added at the end, after all instructions have been posted. I would suggest to post only links to free Android apps that accomplish at least ALL the features that SMSBackup+ has, except for the GMail and Google Calendar integration (as I think that is a feature unique of SMSBackup+). There are many, so no need for alternatives that rely on esoteric tricks or paid bundles. That would be helpful for any users landing here only in search of a secure cloud backup/restore automated solution.

• How to influence Google decision about this app.

That means only proposals that could be HELPFUL. No complaints (nobody at Google will ever read them), no childish whinnings or rants about Google's decision, no stupidly unuseful ”+1” or ”me too” votes (that should be written in bold in the first line of the thread), nor any other unhelpful message.

This is an issue tracker, so the aim is to search for solutions, not to do another ”post your opinion here” Twitter-like thread.

I suggest to close this issue, and lock/tag it with wontfix if possible. There are nothing we can do on Google's unilateral decision.

A discussion of alternative product is off topic and has no help fixing this issue, and almost all information required to make this App work again are mentioned in previous comments.

For discussion about how to make Google accept this App, I think there should be a dedicated issue.

Any recommendation?

Err I was just asked to re-authorise the app for access to my account. Did it, bingo. SMS Backup+ has now started re-syncing SMS's.
Did Google fix it and make it go away or did Jan do something ???

@GoogleDoll, it may seem somewhat erratic. I suppose the selective lockdown of a worldwide service is long and progressive, and does not affect everybody at the same time (the XOAuth2 method stopped working for me one month after it was supposed to). I would not count on it working at the end of the process, unless Google makes an official statement in that direction (and I would not count on that either).

I've relied on this app for almost 10 years.
Best design ever and love it's integration to Gmail.
I have the Firefox workaround in place until something more permanent hopefully becomes available

All:

I've opened a pull request to the project that compiles the relevant information into an easily read section at the top of the project's README.

976

The file diff is here: https://github.com/jberkel/sms-backup-plus/blob/f470c2aa7bfeaa88c4c6d9bdb5b75db478eab0a0/README.md

To anyone joining the thread beyond the posting of this message, I will summarize:

• Yes, the issue is known and SMS/MMS will not sync. This is Google's decision.
• The project maintainer, @jberkel appealed the decision, but was unable to remove the restriction to the app.
• The steps highlighted in the change referenced above will provide a workaround. Click the link to the updated README, follow the instructions referenced, and the app will resume working.
• The workaround involves manually configuring the app to use a secure 'App Password' instead of XOAUTH
• Not all users appear to be locked out of XOAUTH immediately, some may log back in only to be locked out after a few hours/days, but it is not guaranteed and it appears that the app will not work with the previous authentication method after the rollout from Google finishes. The only confirmed, persistent fix is referenced in the above change.
• I presume that in order to restore non-user-intervention functionality to the app, it will require a code change. Please monitor the Commit log for any relevant changes.

Please refrain from commenting further on this thread unless it is related directly to resolving the issue.
The ability to lock and close the issue is only permitted to the project maintainer, and he appears to be otherwise indisposed.

I finally got around to doing this, but I DID NOT disable the existing GMAIL sync before configuring the IMAP server. The new configuration showed up on the main settings page and when I pressed the manual BACKUP button it did not prompt me for what to backup and only seemed to back up the 27 new messages since the previous successful backup. I can't really confirm it by trying again since it is done but maybe someone else can and the instructions can be updated if so.

Nevermind it does not solve the duplicate problem. On further checking it looks like it duplicated some old messages but did not include them in the count and put them in a folder showing they were from me to me even though the original messages were to someone else. Sorry for the false alarm.

If you have 2-factor auth configured, you will have to do an application-specific password for SMS Backup+ ... it's easy and it removes the concern about having your primary email password stored in the clear on your phone. My only issue right now is that my big backup (from Aug 7 ... 1700+ items) has died several times, less than 150 items in ... bleh!

Chrome didn't allow me to add SMS Backup+ to my account, but Firefox did. I was able to connect two separate accounts on two separate phones with success through XOAuth2. Make sure XOAuth2 is selected under Advanced Settings>Custom IMAP server>Authentication.

Here's what I did:

1. Tap "Connect" in SMS Backup+.
2. Tap your account.
3. On the error "Could not get token..." etc, tap OK to sign in through your browser.
4. Sign in.
5. Allow access to SMS Backup+.

Just found the simplest way from reading the reviews on SMS Backup+ download app. in goggle play store. This is from Melissa Colombo....I love you Melissa, thanks! I've tried all the above solutions and none works until I read Melissa. Just follow her easy instructions and it works perfectly;
To everyone bummed that this is not working anymore, fret not! There is a work around. 1. Install firefox browser on your phone. 2. Login to google in firefox with the same google account for your google play store. 3. Go to the SMS Backup+ app on your phone and disconnect your email from the app.(Settings/App Manger/SMS Back+/clear data/clear cache) 4. Reconnect your email address to the app. 5. A warning will appear that the app couldn't connect with your google account and asks if you want to try through another browser. Click to continue. 6. A pop-up will ask which browser, select Firefox. 7. When firefox comes up, you will already be logged in, so just click through the prompts. 8. You will be returned to the SMS Backup+ app, select backup. The app will ask if you want to backup EVERYTHING on the phone. If you haven't backed up in awhile, this may be a good idea, but it will take a bunch of time. Be prepared for a longggg backup time.
My Final thoughts.....this is by far the best backup app out there and hope this will continue working, again thank you Melissa!!!

This worked for me. I deleted the app and reinstalled but followed everything else. I had given up because I tried this before but kept getting an error from google. Changed Firefox to my default email on my android and it is now backing up. Yay! Thank you Jan Berkel!

@Lorio1964 @Xuderis that's amazing, great find. I'll see if can change the auth flow so that another browser is tried first, or move it back to a webview if possible.

just not sure how long this "backdoor" will work 😐

update: apparently this is rate limited, so will fail when some threshold is passed. the only reliable way will be app passwords...

It is still working for me but only when I manually backup. The auto backup feature isn't working unfortunately.

Check this out.It worked for me :

https://www.androidpolice.com/2019/08/12/sms-backup-is-now-broken-due-to-gmails-api-changes-but-theres-a-workaround/

@charmlander That is exactly the workaround discussed in this issue. In any case, that one is well written and illustrated so that's a great share.

Considering OAuth is still working for me, im going to ride it till it burns... I updated and had to downgrade fast when I noticed what it was.

Thanks dev's for this fantastic tool for so long, shame on Google for this and what they did to Nest

@hammerfest,
Exactly what does that update do? I've been avoiding it because I didn't want to rock the boat. My setup is working perfectly, including auto-backups to my Gmail account.

@B150n gets rid of the OAuth option.

I've upgraded, OAuth still working for me, but it's showing as deprecated,
so I imagine I won't be able to re-authenticate if it stops working.

On Thu, 24 Oct 2019, 18:19 Tom Sullivan, notifications@github.com wrote:

@B150n https://github.com/B150n gets rid of the OAuth option.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/jberkel/sms-backup-plus/issues/959?email_source=notifications&email_token=AABIDUXCYVRMPAIBFCI3AI3QQHKJDA5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECFZBBA#issuecomment-546017412,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AABIDUVO3QNXISWGWCEKJ23QQHKJDANCNFSM4HYI7LTQ
.

I am a novice but I changed to the allowing less secure app option in my Google account that had been offered way back when this was first announced, not with any special authentication set up.  It seems to work perfectly (although I followed someone's directions and can't remember exactly how I set it up now).  Is that what method you are using? What is deprecated and how do you know that?  Is there now a more permanent solution that is being recommended?
I appreciate the advice.

-----Original Message-----
From: craignicol notifications@github.com
To: jberkel/sms-backup-plus sms-backup-plus@noreply.github.com
Cc: skrosen1 skrosen1@aol.com; Mention mention@noreply.github.com
Sent: Thu, Oct 24, 2019 3:54 pm
Subject: Re: [jberkel/sms-backup-plus] G Suite notice about SMS Backup+ becoming restricted (#959)

I've upgraded, OAuth still working for me, but it's showing as deprecated,
so I imagine I won't be able to re-authenticate if it stops working.

On Thu, 24 Oct 2019, 18:19 Tom Sullivan, notifications@github.com wrote:

@B150n https://github.com/B150n gets rid of the OAuth option.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/jberkel/sms-backup-plus/issues/959?email_source=notifications&email_token=AABIDUXCYVRMPAIBFCI3AI3QQHKJDA5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECFZBBA#issuecomment-546017412,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AABIDUVO3QNXISWGWCEKJ23QQHKJDANCNFSM4HYI7LTQ
.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.

Under "Advanced Settings" there is a "Legacy settings" option which states
"XOAuth2 is no longer supported" but also says that it is my current
authentication method, and shows my Google Account as connected. I suspect
itll work until Google switches something off on their side.

On Thu, 24 Oct 2019 at 21:33, skrosen1 notifications@github.com wrote:

I am a novice but I changed to the allowing less secure app option in my
Google account that had been offered way back when this was first
announced, not with any special authentication set up. It seems to work
perfectly (although I followed someone's directions and can't remember
exactly how I set it up now). Is that what method you are using? What is
deprecated and how do you know that? Is there now a more permanent
solution that is being recommended?
I appreciate the advice.

-----Original Message-----
From: craignicol notifications@github.com
To: jberkel/sms-backup-plus sms-backup-plus@noreply.github.com
Cc: skrosen1 skrosen1@aol.com; Mention mention@noreply.github.com
Sent: Thu, Oct 24, 2019 3:54 pm
Subject: Re: [jberkel/sms-backup-plus] G Suite notice about SMS Backup+
becoming restricted (#959)

I've upgraded, OAuth still working for me, but it's showing as deprecated,
so I imagine I won't be able to re-authenticate if it stops working.

On Thu, 24 Oct 2019, 18:19 Tom Sullivan, notifications@github.com wrote:

@B150n https://github.com/B150n gets rid of the OAuth option.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<
https://github.com/jberkel/sms-backup-plus/issues/959?email_source=notifications&email_token=AABIDUXCYVRMPAIBFCI3AI3QQHKJDA5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECFZBBA#issuecomment-546017412
,
or unsubscribe
<
https://github.com/notifications/unsubscribe-auth/AABIDUVO3QNXISWGWCEKJ23QQHKJDANCNFSM4HYI7LTQ

.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/jberkel/sms-backup-plus/issues/959?email_source=notifications&email_token=AABIDUU7QCHFK6MN5M42BSLQQIBBDA5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECGK7KA#issuecomment-546090920,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AABIDUQXVHUB7AEGZJVMD6LQQIBBDANCNFSM4HYI7LTQ
.

--
http://twitter.com/craignicol | https://craignicol.wordpress.com

I was very bummed to find out that SMS Backup+ was not working anymore when I tried to set it up on a new phone; I even went to update my Google Play review to 1* to manifest my sadness. :(

However, shortly after, while trying to look for an alternative to sync SMS and call log to Gmail, I found the Custom IMAP workaround on a Google Support post linking an Android Police article and it worked just fine, so now I am happy again. :)

For reference, here's the original Google Support post and the Android Police article with a detailed step by step procedure on how to enable the Custom IMAP workaround.

https://support.google.com/mail/thread/11779202?hl=en

https://www.androidpolice.com/2019/08/12/sms-backup-is-now-broken-due-to-gmails-api-changes-but-theres-a-workaround/

Thank you so much for this app, which I love for long time and have used for various years now.

Keep up the good work! I hope it can continue to function, even if with workaround. Cheers!

I was unable to make this workaround work and am up and running just fine with the simpler solution provided (many times) earlier in this discussion. Unfortunately I can't get restored to a new phone and can't figure out why. It appears to work fine and then says "zero items restored." I've tried setting number of messages to restore to "all," 100, etc.

I was very bummed to find out that SMS Backup+ was not working anymore when I tried to set it up on a new phone; I even went to update my Google Play review to 1* to manifest my sadness. :(

However, shortly after, while trying to look for an alternative to sync SMS and call log to Gmail, I found the Custom IMAP workaround on a Google Support post linking an Android Police article and it worked just fine, so now I am happy again. :)

For reference, here's the original Google Support post and the Android Police article with a detailed step by step procedure on how to enable the Custom IMAP workaround.

https://support.google.com/mail/thread/11779202?hl=en

https://www.androidpolice.com/2019/08/12/sms-backup-is-now-broken-due-to-gmails-api-changes-but-theres-a-workaround/

Thank you so much for this app, which I love for long time and have used for various years now.

Keep up the good work! I hope it can continue to function, even if with workaround. Cheers!

I am a novice but I changed to the allowing less secure app option in my Google account that had been offered way back when this was first announced, not with any special authentication set up. It seems to work perfectly (although I followed someone's directions and can't remember exactly how I set it up now). Is that what method you are using? What is deprecated and how do you know that? Is there now a more permanent solution that is being recommended? I appreciate the advice.
-----Original Message----- From: craignicol notifications@github.com To: jberkel/sms-backup-plus sms-backup-plus@noreply.github.com Cc: skrosen1 skrosen1@aol.com; Mention mention@noreply.github.com Sent: Thu, Oct 24, 2019 3:54 pm Subject: Re: [jberkel/sms-backup-plus] G Suite notice about SMS Backup+ becoming restricted (#959) I've upgraded, OAuth still working for me, but it's showing as deprecated, so I imagine I won't be able to re-authenticate if it stops working.
On Thu, 24 Oct 2019, 18:19 Tom Sullivan, @.*> wrote: @B150n https://github.com/B150n gets rid of the OAuth option. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#959?email_source=notifications&email_token=AABIDUXCYVRMPAIBFCI3AI3QQHKJDA5CNFSM4HYI7LT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECFZBBA#issuecomment-546017412>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABIDUVO3QNXISWGWCEKJ23QQHKJDANCNFSM4HYI7LTQ .
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

I did the same, and I actually did have someone try to log into my gmail account about a month later using my correct credentials; Google blocked it and sent me a red alert (maybe because of where the login was coming from.) So there is a downside to "less secure."

Guys I have the steps that is present in the link below, and it works like a charm:
https://www.androidpolice.com/2019/08/21/backup-sms-text-messages-android/

Well I would not count on the alternative solution for long anyway. Just got an email for my Gsuite accounts
_"Starting February 15, 2021, G Suite accounts will only allow access to apps using OAuth. Password-based access will no longer be supported."_

_"Starting February 15, 2021, G Suite accounts will only allow access to apps using OAuth. Password-based access will no longer be supported."_

Sad news. But if I understand it well, that would affect only Google Suite accounts, not all generic Google accounts. Is that correct?

Yes that was what the announcement was for and this original ticket was for but this original ticket now applies to personal gmail and GSuite users. For things like this it tends to happen to both it's just a matter of time.

For things like this it tends to happen to both it's just a matter of time.

I agree it's a worry that eventually could affect all Google users.

But I can't think in Google abandoning all standards and forcing users to develop Google-only apps. That would be a suicide.

@jberkel What about the backup API ? I think this is what WhatsApp uses to back up to Google Drive. This removes the need for Gmail, and I think Drive backups don't use up your storage space.

@jberkel What about the backup API ? I think this is what WhatsApp uses to back up to Google Drive. This removes the need for Gmail, and I think Drive backups don't use up your storage space.

There is no shortage of apps doing just that, it's almost a waste of time to compete in that arena. This app always stood out for what other apps don't provide, one is calendar sync, the other is the ability to use Gmail as a search engine to find SMS text, numbers or contacts received and sent. A simple backup mechanism doesn't allow for any of that, making the app extremely redundant.

I'm not seeing "App Passwords" in my account setup under "Signing In To Google". Sounds like they've disabled it in planning to remove password access altogether?

I'm not seeing "App Passwords" in my account setup under "Signing In To Google".

I think you have to activate ”Two step authentication” first, to use app-specific passwords. Google does not want you to use one-only old security mechanism.

One advantage of SMS Backup+ over Google's SMS backup is that I can search for my new and old SMS with the Gmail Interface with SMS Backup+ running.

I don't know how to search if I use Google SMS Backup alone.

Being able to search and find an SMS from within GMail is without a doubt THE REASON I SWITCHED from iOS to Android. SMS Backup+ is a must have and definitely in my top 20 apps of all time. I was able to get it running again on a newer phone running Android, but struggle with my older phone due to this change.

How hard would it be to switch the gmail stuff to let's say a google spreadsheet or something?

How hard would it be to switch the gmail stuff to let's say a google spreadsheet or something?

I don't know how hard it would be, but it would make it wildly unappealing in my opinion.

Not sure if this was mentioned but if you setup an app password and use that and IMAP settings it works

https://support.google.com/accounts/answer/185833?hl=en

Working great with imap, 2step-verify, and app password.
https://myaccount.google.com/apppasswords

I'm using the 2 step method too, works great.
But automated backups don't trigger, I have to run them manually.
Anyone else have this problem or know how to fix it?

@tommyent It looks like app specific passwords aren't counted as "password-based access", so using IMAP should continue to work: https://support.google.com/mail/thread/23738001?hl=en

For them to drop IMAP support entirely, without leaving any compliant authentication option (such as app specific passwords) would be a big hit to a lot of third party software, and G Suite enterprise clients wouldn't be happy about that. Not impossible that Google could do it anyway, of course, but not likely either.

Two step verify? How would that work with sms backup? BTW, I guess they've changed this url in the last 24 days... 
Myaccount.google.com/u/1/security 
Still struggling through this. I'm about to try the 2step verification now. 
Yup, still rejecting.... Even with allowing less secure apps. 
Tried two Gmail accounts one, I confirmed the login attempt was by me. The other, it never asked. 

Sent from Yahoo Mail on Android

On Sat, Feb 1, 2020 at 3:13 AM, GrandpaGusnotifications@github.com wrote:
Working great with imap, 2step-verify, and app password.
https://myaccount.google.com/apppasswords

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.

Yep, process listed at
https://www.androidpolice.com/2019/08/12/sms-backup-is-now-broken-due-to-gmails-api-changes-but-theres-a-workaround/
works!
The imap settings listed above were enough to get me going but the app needs a password which instructions above indicate.

Enable IMAP access in Gmail. The option is accessible from the Settings cog icon in the corner -> Settings -> Forwarding and POP/IMAP. There, select "Enable IMAP" and click "Save Changes" at the bottom of the screen.
Now we're going to make an app password for SMS Backup+. Go to security.google.com and select "App passwords." You'll be prompted to sign in again.
On this screen, there's a pair of drop-down lists for categorizing the app password you're about to make. Select "Other" from the left-most drop-down list and give this password a descriptive name like "SMS Backup+" so you know what it's for later.
Click Generate.
Google will give you a randomly generated sixteen character password. Make a note of it, but please treat this as carefully as your normal password. Don't write it on a post-it and stick it on your monitor or copy it to Google Drive/Keep. It's a password that grants access to your Google account without the security of two-factor authentication, treat it as such.
Now open SMS Backup+ on the phone you'd like to use.
Tap "Advanced settings."
Tap "Custom IMAP server."
Tap "Authentication."
Select "Plain text."
Most of the default settings the app loads for Gmail-based IMAP will be fine, but we'll need to change two. Tap "Username" and enter your Gmail address, hitting "OK" when you are done.
Tap "Password" and enter that app password generated up above in step 5 — no spaces. Tap "OK" when you are done.
Double-check that the setting in the Security is set to "TLS." It should be by default, but you should be sure.
Back out to the app's main screen and backups should now work, though the "Connect" section for linking to a Gmail account will now be grayed out.

Does this solution enables Calendar sync? I do not see any calendars listed.

Bwaahhhh! I just got the email too!!! I'll have to try the IMAP method but c'mon Google?!

Is there an online petition against this anywhere yet? Or in support of SMS Backup+ or just generally allowing creative & clever uses of Gmail?

I saw alternative plan to use IFTTT has been kiboshed by that email too 😥

On Tue, 30 Jun 2020, 18:28 Schultzter, notifications@github.com wrote:

Bwaahhhh! I just got the email too!!! I'll have to try the IMAP method but
c'mon Google?!

Is there an online petition against this anywhere yet? Or in support of
SMS Backup+ or just generally allowing creative & clever uses of Gmail?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/jberkel/sms-backup-plus/issues/959#issuecomment-651936326,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AABIDUVMJRY3K4ZP4KCN6XLRZIOE7ANCNFSM4HYI7LTQ
.

BingBingBing. We have a winner here as well...

LOL

I just received the email as well. I will wait until the date they mentioned (July 8) has passed and go from there. Terrible news indeed.

@madhur you still need to sign into Google directly to get calendar access; using IMAP won't grant that. (Calendar access is not part of the "sensitive" scope, so it's not affected by the policy change.)

@schultzter @KOveteran I'm guessing you're on G-suite accounts, so you've had an extra year. Welcome to the rest of the world. :-(

@madhur you still need to sign into Google directly to get calendar access; using IMAP won't grant that. (Calendar access is not part of the "sensitive" scope, so it's not affected by the policy change.)

I am not able to do direct Google Sign in. I get the message "This app has not yet been verified by Google in order to use Google Sign in. " This is when I try to connect (Connect your gmail account) from Advanced Settings.

My calendar section option is disabled as shown below. My Google account is synced up on my phone along with Calendars.

@madhur The option for Connect your Gmail account (unsupported) is for people who (for whatever reason) still have the ability to enable access to _Gmail_. (_If_ Google rescinds its previous decision, it won't be necessary to deploy a new version of the app.)

The _Google_ account access for calendar sync is different, and already enabled through the application manifest, unless you've gone into your device settings and disabled it, or if you've logged out of Google on your device as a whole (ie, logged out in Chrome).

@madhur ... or if you said "no" when SMS Backup+ _first_ asked for Calendar access. If so, you'll need to go into your device's Settings app, then App Management, _SMS Backup+_ , Permissions, Calendar, and re-enable access.

@madhur ... or if you said "no" when SMS Backup+ _first_ asked for Calendar access. If so, you'll need to go into your device's Settings app, then App Management, _SMS Backup+_ , Permissions, Calendar, and re-enable access.

Disabling and enabling back Calendar permission did the trick for me. Thanks.

@kurahaupo :[
How have you managed since then?

@madhur ... or if you said "no" when SMS Backup+ _first_ asked for Calendar access. If so, you'll need to go into your device's Settings app, then App Management, _SMS Backup+_ , Permissions, Calendar, and re-enable access.

Disabling and enabling back Calendar permission did the trick for me. Thanks.

I tried enabling Calendar permission. It did not work for me.