Yalpstore: 2-step Verification Support

Created on 3 Jan 2017  路  12Comments  路  Source: yeriomin/YalpStore

At first, thank you for your work on this application.

Second, here is the issue :
When you're trying to connect you to your Google account at first launch, it says the credentials are incorrect.
It's false in my case, the credentials entered are good but I'm using an OTP to connect me to my Google account, the fact is your application doesn't handle/ask for the OTP for the connection...

I'm surely not the only one in this case, hope you will fix it soon :)

Thank you in advance

Most helpful comment

You need to create a new app password in your google account for this app and use that together with your username instead of your normal password.

All 12 comments

You need to create a new app password in your google account for this app and use that together with your username instead of your normal password.

Hi,

Well, to be clear it's not a real implementation because we need to use an Application-specific password, a real implementation will be after the login+password entry, show us an iframe browser window which will ask the OTP to validate the connection.

Anyway, it works for now with an Application-specific password, so let's explain here how it works for the future issues and because I like the idea to erase the Play Store. (and want to promote your work)


Explanation

We will need to use an application-specific passwords in order to access an account that use 2-step verification for Yalp Store.
You'll need to generate a new app-specific password, then use this generated password instead of using your regular account password + OTP.

The procedure

How to generate an application-specific password :

  1. Visit your Google Account settings page.
  2. On the left, click Security.
  3. Under the "2-step verification" topic, click Manage your application specific passwords.
  4. Under the Application-specific passwords section, enter a descriptive name for the application you want to authorize, then click 鈥淕enerate application-specific password". You'll then see the application-specific password (ASP) you just created. You'll also see the name you wrote in for the device and a link to Revoke (or cancel) the code.
  5. When you sign in to an application requiring an ASP, enter your ASP in the password field, and make sure you check the "Remember password" option if you want the application to remember the code.

Source

_(PS : Keep up your good work, Hope you will add some new features one day :))_
_(PPS : I think you can close this issue, or maybe will you use it to remember you about adding the iframe browser window which is asking the OTP ?)_

Thank you for the issue and the workaround.
I will add a message about 2-step verification and look into making it work properly later.

I am starting to think that a redirect to the app password creation page is a viable permanent solution. Any opinions?

Totally!
Maybe along with a hint what is going on because a lot of people don't seem to understand the connection between Two Step Auth and App passwords.

@yeriomin
Well, not the optimal option in my point of view, but you can maybe provide two ways to do it and let the users free to use the method they prefer, free as freedom... :)

Hi all,
I had a similar issue with a non-rooted phone having Gapps, and maybe this information is helpful in general:

What I first did was to deactivate/disable the entire Gapps bloat. Then installed Yalp and could not establish a logon to play store with symptoms as described in this thread and related threads. The ID I used here however works already with Yalp on other (rooted) devices w/o Google.

I have solved my issue by temporarily re-enabling the Google Play services, performing the initial logon through Yalp store (which then worked without any issues) and afterwards disable again the Google Spy services. From that point onwards, all works like a charm, also on my non-rooted device.

It also needs to be mentioned, that on the other devices, where I use Yalp, there is microG installed. So maybe there is a certain "Google" functionality needed to establish the 1st "relationship" with the device, which is not part of the Yalp app itself...?

Hope this information is helpful.
Kind regards, M

@MSe1969 Yes. As stated in the README and in the disclaimer shown to the user when he tries to log in using his own credentials, you have to log in to the Play Store at least once normally (through Play Store app or through their web site) and accept the Google Play ToS. It's been like that since the beginning, no surprise. Yalp does not require any Gapps or microG installed to work.

Sorry for taking so long to respond.

@yeriomin - I think you may have misunderstood, what I tried to say. What you tell about having to use the Google-ID a very first time with the Play Store app is 100% clear to me, no doubts about that.

What I had experienced however was the following:

  • I have one "special" ID, which I use on three (rooted) phones via Yalp store without any issues. And yes, that ID was used the very 1st time with real GApps, otherwise it would not work at all.
  • On those 3 rooted devices, using Yalp was as easy as simply launching Yalp and enter the credentials and all worked like a charm
  • I have a non-rooted phone, S5-Mini with Samsung stock bloat-firmware (at that time, it was still Lollipop, meanwhile upgraded, still stock). On that phone, GApps were active with a different ID. I have deactivated/frozen ALL GApps (including those you only see if you choose the option to display system processes). Then, I installed Yalp though F-Droid. When I now attempted to use my "special" ID, which is already in use without any issues on three other devices with Yalp, this did NOT work!
    I got funny hints about two-step authentication and invalid credentials.
  • The only way to solve this way to temporarily re-enable play services (nothing else, no Play Store, and especially no logon to Google, as my special ID was not stored as an account anywhere on my phone), then launch Yalp, logon, which then worked with my known "special" credentials and finally freezing play services again, and since then - all is fine.

I have no good explanation to this observation. Regards, M

@MSe1969 OK, that's interesting. I'll keep this in mind. Since that time some changes happened to device id generation. It is now closer to the original. So maybe it would work straight away on a new version.

Or you can change Google login is username, normally if you have 2-step or not. Login by username still work !

The issue is almost a year old and I think it is time to close it even though it is not solved.

  • Most users use the built-in account and it is quite stable.
  • Most of the users with their own account don't use 2-step auth.
  • Having tried several times, I found no way to successfully replicate the 2-step auth message exchange...

I really appreciate everyone's inputs on this issue. This discussion has indirectly let me make the login process a lot more stable.

Was this page helpful?
0 / 5 - 0 ratings