I downloaded an app for 18+ years old that I had used on a different device and I thought I had used Google oAuth, so I selected that option to log in with. When I realized it was incorrect, I didn't see anywhere to sign out, so I put down a birthday as if I was 8 years old, hoping that would log me out, but it didn't. Now when I open the app it just says you need to be 18 years old to use the app and doesn't have an option to log out. I tried the following to get logged out of the app, but none have worked: * Deleting the app data and cache * Uninstalling and reinstalling the app. * Restarting the phone * Removing the connection from [Google Third-party apps & services](https://myaccount.google.com/connections) So where on my device is this login actually stored? How can I remove it?

In my opinion it's not so much Android question despite I have an Android phone related to the problem but rather Google Chrome browser settings issue but my question initially posted in Superuser got downvoted and then closed right after and I was told to ask it here by the moderator... **Problem:** I'm unable to authenticate to AWS web console in Google Chrome browser due to browser forcibly asking me a Passkey which I don't have. I can't also set it up due to owning a not compatible Android phone. I literally am switching browser just to login to AWS atm. Rarely but persistently in every few months I have a situation where Google Chrome starts asking for Passkey when I try to log into my AWS Console in browser. Meanwhile when I'm asked for passkey then there is no place in AWS login-view to use password instead. AWS at the moment has the "old login" and "new login" views possible and both act the same- I am asked for passkey without possibility to use password instead. After clicking "Cancel", I'm just displayed with "Troubleshoot MFA " link which forwards me to AWS documentation and it does not help me or possibility to "Cancel" the authentication, which forwards me back to the AWS Console login form again. **What I've tried:** 1. I read the AWS documentation given in the link above- no help 1. I have tried the setting described in this Google forum post but this didn't change my situation at all, even after restarting the browser. 1. In my phone settings I checked "Devices & sharing" -> "Passkey linked devices" and it was empty. Just to be sure I "Cleared" the device list still. No change in AWS login after that though- still demanding the Passkey. Changing my phone isn't an option to start forcibly using passkeys. I have 2FA setup anyway through my external device. How to turn off this aggressive Passkey requirement from Google for AWS (or any other service's authentication)?

I have been using FreeOTP by Redhat/Fedora for a few years now as my main two way authentication app. However, I have realised that the current version (1.5) is quite a few years old (having been released in 2016). https://freeotp.github.io/ https://f-droid.org/packages/org.fedorahosted.freeotp/ There is however a forked version; FreeOTP+. This fork's latest update (1.7) came out in December of 2019, making it far more up to date than the upstream app. https://f-droid.org/en/packages/org.liberty.android.freeotpplus/ I am however concerned about security, due to the app playing a very important role in account security. I am also unsure as I am not too familiar with the work/trustworthiness of the developer of the fork (I mean him/her no offence when I say this, I'm just cautious when it comes to account security), where as I know Redhat to be a secure and freedom respecting company. So which would be the safer option? Should I stick with the older FreeOTP? Do two way authentication apps need to have up to date security patches? Or can I trust the more up to date FreeOTP+? Also, even though I appreciate the help and good intentions of people who would recommend this; but please don't recommend that I use the Google or Microsoft authenticators instead. I want to use a Free/Open Source authentication app rather than a proprietary one.

We have a web application and want to provide an app for it. We use a simple WebViewClient application which opens our web application. This works good. For authentication the web application doesn't use our own site, but an external ID provider, which redirects back to our website after authentication. The session timeout is pretty short due to reglatory reasons, so the user cannot stay logged in for a longer period of time. So we want the user to at least be able to autofill the user/password fields with credentials that are stored on the phone. It seems like I get different behaviours on different devices. For example I have an Android 9 device and there seems to be no possibility to use stored credentials on the login form. A friend has an Android 12 and for him when he enters the password field he has this little key symbol to use stored credentials to autofill the fields by then selecting one of the stored user/password combinations. Also in Android Studio in an emulator I don't get this option in my keyboard to use stored credentials. So my question is. What are the requirements that this is shown on your phone? Is there a way we can set up the app to always allow the possibility to use stored credentials? Please keep in mind that we don't have control over the login page itself, as it is hosted by the Identity provider. So we would need a solution based only in the app itself.

I have noticed recently that Chrome for Android does not autofill passwords on Basic HTTP authentication pages. For example, if I navigate to https://httpbin.org/basic-auth/Bijan/Password on Chrome and save the password, it works perfectly. Navigating back to the same page autofills the password. On Chrome for Android, I verify that the password is saved. However, navigating to the same page from my phone, does not autofill the password. Is this a bug for anyone else? Is there anything I can do to fix this?

Is there a way to add an RSS Feed that requires BASIC authentication via HTTP to [Feeder](https://play.google.com/store/apps/details?id=com.nononsenseapps.feeder.play) app? I haven't found a way yet and issues in the project's GitLab are disabled, so there is no way to send the request to the man behind the project.

I have an old Android device that I sometimes use. Presumably it is full of critical security holes, but the value I get from using it is much less than the cost of a newer device, especially since said newer device will be in exactly the same situation a few years after I buy it. I noticed today that this old device has an entry for an "Automatically created passkey" at https://g.co/passkeys I think this means that Google is trusting this device to hold a cryptographic secret that would let *more* devices log into my Google account. How do I communicate to Google that this device is untrustworthy, and revoke its stored passkey? (And also probably disable sign-in-via-notification on the device?) Can I clear the keys from the device somehow or will it just make more? Is the only way to prevent Google from trusting the device to authenticate new sessions to sign the device out of my account completely?

I can not log in with 2FA from Microsoft Authenticator. Although the time is correct on my Android phone, when I use the authenticator app, I can not log in to my sites. It displays the wrong code. How to fix this? I tried to set my phone date/time to automatic but the problem remains. I googled and find on the search there is an option to sync time inside Microsoft Authenticator, but I can not find this option in the settings menu.

This app tries to handle logins through the browser with a custom "protocol"/scheme in the URI, i.e. instead of https://..., it tries to open dbnavigator://idm_auth/login?..., but the browser (Google Chrome) says "Web page not available", "net::UNKNOWN_URL_SCHEME". How do I help the app explain to the browser how to access that address?

I would like to be able to generate *pingID* 2FA keys from a generic OTP app such as freeOTP for Android, authy for windowsOS or an OTP app of a smartwatch. The service allows me to enrol 2 devices and at the moment I have a device with the official "pindID" client. To enrol the 2nd device the admin page generates a QR and provides a key/string Updated: Originally I was using the default QR or the 13 numeric string to enter manually. But I've discovered that it is possible to generate different ones through selecting "authenticator. Then, this QR is recognized by 3rd party apps and the string is 32digits alphanumeric. Now the device appears as paired in the pingID/pingOne console. However,the device generated code is not working on pingID auth prompts. BTW, there are differences with pingId client: PingID client requires to log with a 6 pin password and code/token is renewed after seconds generic OTP apps, don't require app and the code/token is renewed after much more time 3rd party apps tried: Android: (freeOTP, freeOTP+,Aegis) WIndowsOS: Authy Smartwatch one (not android) pingID=pingidentity from https://www.pingidentity.com

What is the official source for apksigner as referenced e.g. in this [answer](https://android.stackexchange.com/a/218161/375063) ? People are citing Android Studio, Android SDK Build Tools/Platform Tools/Command Line Tools etc. (as well as some shady archives on Google Drive), but non of these contain the program. I've downloaded, installed and searched them all. Alternatively, what is the official source for Android SDK Build Tools 24.0.3, which allegedly contains the apksigner? I've found an apksigner.jar and apksigner.bat inside a private Google [repository](https://dl.google.com/android/repository/build-tools_r24.0.3-windows.zip) , but running apksigner verify --verbose --print-certs apksigner.bat verify --verbose --print-certs apksigner.jar verify --verbose --print-certs doesn't work (no output). This is the content of said batch file apksigner.bat: @echo off REM Copyright (C) 2016 The Android Open Source Project REM REM Licensed under the Apache License, Version 2.0 (the "License"); REM you may not use this file except in compliance with the License. REM You may obtain a copy of the License at REM REM http://www.apache.org/licenses/LICENSE-2.0 REM REM Unless required by applicable law or agreed to in writing, software REM distributed under the License is distributed on an "AS IS" BASIS, REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. REM See the License for the specific language governing permissions and REM limitations under the License. REM don't modify the caller's environment setlocal REM Locate apksigner.jar in the directory where apksigner.bat was found and start it. REM Set up prog to be the path of this script, including following symlinks, REM and set up progdir to be the fully-qualified pathname of its directory. set prog=%~f0 rem Check we have a valid Java.exe in the path. set java_exe= if exist "%~dp0..\tools\lib\find_java.bat" call "%~dp0..\tools\lib\find_java.bat" if exist "%~dp0..\..\tools\lib\find_java.bat" call "%~dp0..\..\tools\lib\find_java.bat" if not defined java_exe goto :EOF set jarfile=apksigner.jar set "frameworkdir=%~dp0" rem frameworkdir must not end with a dir sep. set "frameworkdir=%frameworkdir:~0,-1%" if exist "%frameworkdir%\%jarfile%" goto JarFileOk set "frameworkdir=%~dp0lib" if exist "%frameworkdir%\%jarfile%" goto JarFileOk set "frameworkdir=%~dp0..\framework" :JarFileOk set "jarpath=%frameworkdir%\%jarfile%" set javaOpts= set args= REM By default, give apksigner a max heap size of 1 gig and a stack size of 1meg. rem This can be overridden by using "-JXmx..." and "-JXss..." options below. set defaultXmx=-Xmx1024M set defaultXss=-Xss1m REM Capture all arguments that are not -J options. REM Note that when reading the input arguments with %1, the cmd.exe REM automagically converts --name=value arguments into 2 arguments "--name" REM followed by "value". apksigner has been changed to know how to deal with that. set params= :firstArg if [%1]==[] goto endArgs set a=%~1 if [%defaultXmx%]==[] goto notXmx if %a:~0,5% NEQ -JXmx goto notXmx set defaultXmx= :notXmx if [%defaultXss%]==[] goto notXss if %a:~0,5% NEQ -JXss goto notXss set defaultXss= :notXss if %a:~0,2% NEQ -J goto notJ set javaOpts=%javaOpts% -%a:~2% shift /1 goto firstArg :notJ set params=%params% %1 shift /1 goto firstArg :endArgs set javaOpts=%javaOpts% %defaultXmx% %defaultXss% call "%java_exe%" %javaOpts% -Djava.ext.dirs="%frameworkdir%" -jar "%jarpath%" %params% UPDATE: As suggested, I've now tried apksigner from Android Build Tools. Here is the output: Verifies Verified using v1 scheme (JAR signing): true Verified using v2 scheme (APK Signature Scheme v2): true Verified using v3 scheme (APK Signature Scheme v3): false Verified using v4 scheme (APK Signature Scheme v4): false Verified for SourceStamp: false Number of signers: 1 Signer #1 certificate DN: CN=Unknown, OU=Unknown, O=Fiducia IT AG, L=Unknown, ST =Unknown, C=DE Signer #1 certificate SHA-256 digest: 53a6afa8f0d219bba2fe84154f256ecec85b34175f fee5b7387fda0afcc12605 Signer #1 certificate SHA-1 digest: addb5ed43a27660e41acb1d39e85ddd7b9c9807c Signer #1 certificate MD5 digest: 1be8c130e83eb6b36e4aff93bcdd1b28 Signer #1 key algorithm: RSA Signer #1 key size (bits): 2048 Signer #1 public key SHA-256 digest: 671eafb570fa9e82cb7a8d5c435dad3d86990a09d5b 20f41b42e3152b3cd5a6a Signer #1 public key SHA-1 digest: c021e779e6086e20a7c60b05a0c30b94c59c83ba Signer #1 public key MD5 digest: d42dc7a6bcb0ace30d8ac316bc321c9c WARNING: META-INF/androidx.navigation_navigation-fragment.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.camera_camera-camera2.version not protected by signat ure. Unauthorized modifications to this JAR entry will not be detected. Delete o r move the entry outside of META-INF/. WARNING: META-INF/androidx.customview_customview.version not protected by signat ure. Unauthorized modifications to this JAR entry will not be detected. Delete o r move the entry outside of META-INF/. WARNING: META-INF/services/ya.k not protected by signature. Unauthorized modific ations to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.room_room-runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or mo ve the entry outside of META-INF/. WARNING: META-INF/androidx.camera_camera-lifecycle.version not protected by sign ature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.browser_browser.version not protected by signature. U nauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/com.google.android.material_material.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. De lete or move the entry outside of META-INF/. WARNING: META-INF/androidx.savedstate_savedstate-ktx.version not protected by si gnature. Unauthorized modifications to this JAR entry will not be detected. Dele te or move the entry outside of META-INF/. WARNING: META-INF/androidx.activity_activity-ktx.version not protected by signat ure. Unauthorized modifications to this JAR entry will not be detected. Delete o r move the entry outside of META-INF/. WARNING: META-INF/kotlinx_coroutines_play_services.version not protected by sign ature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.slidingpanelayout_slidingpanelayout.version not prote cted by signature. Unauthorized modifications to this JAR entry will not be dete cted. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.dynamicanimation_dynamicanimation.version not protect ed by signature. Unauthorized modifications to this JAR entry will not be detect ed. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.exifinterface_exifinterface.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. De lete or move the entry outside of META-INF/. WARNING: META-INF/androidx.sqlite_sqlite-ktx.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or mo ve the entry outside of META-INF/. WARNING: META-INF/androidx.lifecycle_lifecycle-extensions.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.versionedparcelable_versionedparcelable.version not p rotected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.lifecycle_lifecycle-livedata-ktx.version not protecte d by signature. Unauthorized modifications to this JAR entry will not be detecte d. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.preference_preference-ktx.version not protected by si gnature. Unauthorized modifications to this JAR entry will not be detected. Dele te or move the entry outside of META-INF/. WARNING: META-INF/androidx.preference_preference.version not protected by signat ure. Unauthorized modifications to this JAR entry will not be detected. Delete o r move the entry outside of META-INF/. WARNING: META-INF/androidx.navigation_navigation-ui.version not protected by sig nature. Unauthorized modifications to this JAR entry will not be detected. Delet e or move the entry outside of META-INF/. WARNING: META-INF/androidx.lifecycle_lifecycle-runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. De lete or move the entry outside of META-INF/. WARNING: META-INF/androidx.room_room-ktx.version not protected by signature. Una uthorized modifications to this JAR entry will not be detected. Delete or move t he entry outside of META-INF/. WARNING: META-INF/androidx.appcompat_appcompat-resources.version not protected b y signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.appcompat_appcompat.version not protected by signatur e. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.lifecycle_lifecycle-livedata.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. D elete or move the entry outside of META-INF/. WARNING: META-INF/androidx.navigation_navigation-runtime.version not protected b y signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.navigation_navigation-runtime-ktx.version not protect ed by signature. Unauthorized modifications to this JAR entry will not be detect ed. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.window_window.version not protected by signature. Una uthorized modifications to this JAR entry will not be detected. Delete or move t he entry outside of META-INF/. WARNING: META-INF/androidx.cursoradapter_cursoradapter.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. De lete or move the entry outside of META-INF/. WARNING: META-INF/androidx.savedstate_savedstate.version not protected by signat ure. Unauthorized modifications to this JAR entry will not be detected. Delete o r move the entry outside of META-INF/. WARNING: META-INF/androidx.fragment_fragment.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or mo ve the entry outside of META-INF/. WARNING: META-INF/androidx.vectordrawable_vectordrawable.version not protected b y signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.fragment_fragment-ktx.version not protected by signat ure. Unauthorized modifications to this JAR entry will not be detected. Delete o r move the entry outside of META-INF/. WARNING: META-INF/androidx.sqlite_sqlite-framework.version not protected by sign ature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.core_core.version not protected by signature. Unautho rized modifications to this JAR entry will not be detected. Delete or move the e ntry outside of META-INF/. WARNING: META-INF/androidx.vectordrawable_vectordrawable-animated.version not pr otected by signature. Unauthorized modifications to this JAR entry will not be d etected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.localbroadcastmanager_localbroadcastmanager.version n ot protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.lifecycle_lifecycle-viewmodel-savedstate.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.security_security-crypto.version not protected by sig nature. Unauthorized modifications to this JAR entry will not be detected. Delet e or move the entry outside of META-INF/. WARNING: META-INF/androidx.navigation_navigation-common-ktx.version not protecte d by signature. Unauthorized modifications to this JAR entry will not be detecte d. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.biometric_biometric.version not protected by signatur e. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.lifecycle_lifecycle-livedata-core.version not protect ed by signature. Unauthorized modifications to this JAR entry will not be detect ed. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.navigation_navigation-common.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. D elete or move the entry outside of META-INF/. WARNING: META-INF/kotlinx_coroutines_android.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or mo ve the entry outside of META-INF/. WARNING: META-INF/androidx.legacy_legacy-support-core-utils.version not protecte d by signature. Unauthorized modifications to this JAR entry will not be detecte d. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.viewpager2_viewpager2.version not protected by signat ure. Unauthorized modifications to this JAR entry will not be detected. Delete o r move the entry outside of META-INF/. WARNING: META-INF/androidx.transition_transition.version not protected by signat ure. Unauthorized modifications to this JAR entry will not be detected. Delete o r move the entry outside of META-INF/. WARNING: META-INF/androidx.print_print.version not protected by signature. Unaut horized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.documentfile_documentfile.version not protected by si gnature. Unauthorized modifications to this JAR entry will not be detected. Dele te or move the entry outside of META-INF/. WARNING: META-INF/androidx.core_core-ktx.version not protected by signature. Una uthorized modifications to this JAR entry will not be detected. Delete or move t he entry outside of META-INF/. WARNING: META-INF/androidx.emoji2_emoji2-views-helper.version not protected by s ignature. Unauthorized modifications to this JAR entry will not be detected. Del ete or move the entry outside of META-INF/. WARNING: META-INF/androidx.recyclerview_recyclerview.version not protected by si gnature. Unauthorized modifications to this JAR entry will not be detected. Dele te or move the entry outside of META-INF/. WARNING: META-INF/androidx.tracing_tracing.version not protected by signature. U nauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.startup_startup-runtime.version not protected by sign ature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.navigation_navigation-fragment-ktx.version not protec ted by signature. Unauthorized modifications to this JAR entry will not be detec ted. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.lifecycle_lifecycle-livedata-core-ktx.version not pro tected by signature. Unauthorized modifications to this JAR entry will not be de tected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.arch.core_core-runtime.version not protected by signa ture. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.emoji2_emoji2.version not protected by signature. Una uthorized modifications to this JAR entry will not be detected. Delete or move t he entry outside of META-INF/. WARNING: META-INF/androidx.lifecycle_lifecycle-viewmodel-ktx.version not protect ed by signature. Unauthorized modifications to this JAR entry will not be detect ed. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.lifecycle_lifecycle-runtime-ktx.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected . Delete or move the entry outside of META-INF/. WARNING: META-INF/services/ta.z not protected by signature. Unauthorized modific ations to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/INDEX.LIST not protected by signature. Unauthorized modificati ons to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.activity_activity.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or mo ve the entry outside of META-INF/. WARNING: META-INF/androidx.drawerlayout_drawerlayout.version not protected by si gnature. Unauthorized modifications to this JAR entry will not be detected. Dele te or move the entry outside of META-INF/. WARNING: META-INF/androidx.interpolator_interpolator.version not protected by si gnature. Unauthorized modifications to this JAR entry will not be detected. Dele te or move the entry outside of META-INF/. WARNING: META-INF/com/android/build/gradle/app-metadata.properties not protected by signature. Unauthorized modifications to this JAR entry will not be detected . Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.lifecycle_lifecycle-viewmodel.version not protected b y signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.camera_camera-core.version not protected by signature . Unauthorized modifications to this JAR entry will not be detected. Delete or m ove the entry outside of META-INF/. WARNING: META-INF/androidx.swiperefreshlayout_swiperefreshlayout.version not pro tected by signature. Unauthorized modifications to this JAR entry will not be de tected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.lifecycle_lifecycle-service.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. De lete or move the entry outside of META-INF/. WARNING: META-INF/androidx.lifecycle_lifecycle-process.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. De lete or move the entry outside of META-INF/. WARNING: META-INF/androidx.loader_loader.version not protected by signature. Una uthorized modifications to this JAR entry will not be detected. Delete or move t he entry outside of META-INF/. WARNING: META-INF/androidx.viewpager_viewpager.version not protected by signatur e. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.cardview_cardview.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or mo ve the entry outside of META-INF/. WARNING: META-INF/androidx.navigation_navigation-ui-ktx.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. D elete or move the entry outside of META-INF/. WARNING: META-INF/androidx.coordinatorlayout_coordinatorlayout.version not prote cted by signature. Unauthorized modifications to this JAR entry will not be dete cted. Delete or move the entry outside of META-INF/. WARNING: META-INF/kotlinx_coroutines_core.version not protected by signature. Un authorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.camera_camera-view.version not protected by signature . Unauthorized modifications to this JAR entry will not be detected. Delete or m ove the entry outside of META-INF/. WARNING: META-INF/androidx.annotation_annotation-experimental.version not protec ted by signature. Unauthorized modifications to this JAR entry will not be detec ted. Delete or move the entry outside of META-INF/. WARNING: META-INF/androidx.sqlite_sqlite.version not protected by signature. Una uthorized modifications to this JAR entry will not be detected. Delete or move t he entry outside of META-INF/. WARNING: META-INF/androidx.core_core-splashscreen.version not protected by signa ture. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. What is the meaning?

Android devices seem to generally require you to enter your PIN/password after successfully authenticating with your fingerprint. The reasons for why this is happening and what triggers it are already layed out in https://android.stackexchange.com/questions/241560/conditions-for-triggering-pin-required-for-additional-security . Now, with my old phone, this was annoying, with my new one this seems to happen with every second unlock. Hence, it needs to go. Really. Anyone here who knows how to 1) deactivate the feature altogether or 2) configure specific conditions for when it happens?

I'm getting three different APK file sizes for supposedly the [same version/build app](https://play.google.com/store/apps/details?id=com.starfinanz.mobile.android.dkbpushtan) : - [Version 1](https://apps.evozi.com/apk-downloader/?id=com.starfinanz.mobile.android.dkbpushtan) from Evozi: 22.485.694 bytes - [Version 2](https://apkpure.com/dkb-tan2go/com.starfinanz.mobile.android.dkbpushtan) from Apkpure: 22.766.408 bytes - [Version 3](https://tan2go.de.aptoide.com/app) from Aptoide: 18.641.648 bytes **Why?** Which file is the original one and which two are fakes? Could you please confirm that the Evozi downloader is trying to "slip" you a APK version (here: 2.7.2) different from the Google Play store link that you provided (here: 2.7.3) or that both Apkpure and Aptoide are claiming publishing *more recent* publishing dates (here: 08-09-2021 and 14-09-2021) than the original (06-09-2021)? Why is this happening? **UPDATE 1:** As per request, I've extracted all APKs. The results are even more concerning: - Version 1 from Evozi: 957 Files, 51 Folders, 24.757.075 bytes - Version 2 from Apkpure: 819 Files, 21 Folders, 25.118.159 bytes - Version 3 from Aptoide: 4319 Files, 101 Folders, 31.704.315 bytes *...4319 files?!* **UPDATE 2:** As suggested, I used apksigner to take a look at the certificates inside the APKs: Version 1 from Evozi: 957 Files, 51 Folders, 24.757.075 bytes C:\Users\...\Desktop>java -jar apksigner.jar verify --verbose --print-certs com.starfinanz.mobile.android.dkbpushtan_30044_apps.evozi.com.apk Verifies Verified using v1 scheme (JAR signing): true Verified using v2 scheme (APK Signature Scheme v2): true Verified using v3 scheme (APK Signature Scheme v3): false Verified using v4 scheme (APK Signature Scheme v4): false Verified for SourceStamp: false Number of signers: 1 Signer #1 certificate DN: CN=Niels Mathea, OU=IT Betrieb Bank, O=DKB Service GmbH, L=Potsdam, ST=Brandenburg, C=DE Signer #1 certificate SHA-256 digest: e5067dca4553173a1dd76352a8287b293960119689244ac58d0552703efe4268 Signer #1 certificate SHA-1 digest: b4199718eaa0e676755af77419fb59abf7fece00 Signer #1 certificate MD5 digest: 0a566744818c6fb89f4c900a1502cf1c Signer #1 key algorithm: RSA Signer #1 key size (bits): 2048 Signer #1 public key SHA-256 digest: d878ba65ddcd7bbd0d9fd284f0bc61762c7ecb83ecb6c58c8c138939fb661f7f Signer #1 public key SHA-1 digest: dbf739ed124f07181b3cdd1867bdd0eb63da3d71 Signer #1 public key MD5 digest: 94fcb9a87a8ec48eed706456a93ab0cd WARNING: META-INF/androidx.customview_customview.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. [...] Version 2 from Apkpure: 819 Files, 21 Folders, 25.118.159 bytes C:\Users\...\Desktop>java -jar apksigner.jar verify --verbose --print-certs "DKB TAN2go_v2.7.3_apkpure.com.apk" Verifies Verified using v1 scheme (JAR signing): true Verified using v2 scheme (APK Signature Scheme v2): true Verified using v3 scheme (APK Signature Scheme v3): false Verified using v4 scheme (APK Signature Scheme v4): false Verified for SourceStamp: false Number of signers: 1 Signer #1 certificate DN: CN=Niels Mathea, OU=IT Betrieb Bank, O=DKB Service GmbH, L=Potsdam, ST=Brandenburg, C=DE Signer #1 certificate SHA-256 digest: e5067dca4553173a1dd76352a8287b293960119689244ac58d0552703efe4268 Signer #1 certificate SHA-1 digest: b4199718eaa0e676755af77419fb59abf7fece00 Signer #1 certificate MD5 digest: 0a566744818c6fb89f4c900a1502cf1c Signer #1 key algorithm: RSA Signer #1 key size (bits): 2048 Signer #1 public key SHA-256 digest: d878ba65ddcd7bbd0d9fd284f0bc61762c7ecb83ecb6c58c8c138939fb661f7f Signer #1 public key SHA-1 digest: dbf739ed124f07181b3cdd1867bdd0eb63da3d71 Signer #1 public key MD5 digest: 94fcb9a87a8ec48eed706456a93ab0cd WARNING: META-INF/androidx.customview_customview.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. [...] Version 3 from Aptoide: 777 Files, 21 Folders, 25.059.540 bytes C:\Users\EPI-SMLM\Desktop>java -jar apksigner.jar verify --verbose --print-certs com-starfinanz-mobile-android-dkbpushtan-30049-59302957-c297d2d2df90587173f6f8b78fce939d.apk Verifies Verified using v1 scheme (JAR signing): true Verified using v2 scheme (APK Signature Scheme v2): true Verified using v3 scheme (APK Signature Scheme v3): false Verified using v4 scheme (APK Signature Scheme v4): false Verified for SourceStamp: false Number of signers: 1 Signer #1 certificate DN: CN=Niels Mathea, OU=IT Betrieb Bank, O=DKB Service GmbH, L=Potsdam, ST=Brandenburg, C=DE Signer #1 certificate SHA-256 digest: e5067dca4553173a1dd76352a8287b293960119689244ac58d0552703efe4268 Signer #1 certificate SHA-1 digest: b4199718eaa0e676755af77419fb59abf7fece00 Signer #1 certificate MD5 digest: 0a566744818c6fb89f4c900a1502cf1c Signer #1 key algorithm: RSA Signer #1 key size (bits): 2048 Signer #1 public key SHA-256 digest: d878ba65ddcd7bbd0d9fd284f0bc61762c7ecb83ecb6c58c8c138939fb661f7f Signer #1 public key SHA-1 digest: dbf739ed124f07181b3cdd1867bdd0eb63da3d71 Signer #1 public key MD5 digest: 94fcb9a87a8ec48eed706456a93ab0cd WARNING: META-INF/androidx.customview_customview.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. [...] There is a long list of warnings coming with each APK. Also, as indicated in the comments, Aptoide provided the wrong APK - file size and number of contained files/folders have been updated. Anyone know what to make of this output?

Trying to set up a new Moto-G Stylus with Android 11 on an internal wifi network with mac authentication and a hidden ssid. To provide the expected mac, I selected "Use device MAC" (which is correctly displayed in the connection setup), but the phone continues to send random values. No problem connecting when mac authentication was temporarily disabled on the AP. Repeated forget/re-entering the AP info and resets of the Android networking haven't changed the random behavior. Seems like a bug where the "Use device MAC" is simply being ignored. The phone will be useless without a fix and I can't think of anything else to try. Any suggestions or workarounds would be greatly appreciated. Thanks, -Tom

I have a Android 8 TV box. In developer settings, I can enable/disable USB debug. After enable, any device in LAN can use adb connect to connect to (no password or auth required) and control it via shell. My questions: 1. Does that mean any app on the Android devices can connect 127.0.0.1:5555 and get a shell permission? (The Android box is rooted. In adb I can use su directly) ss -pnltu | grep 5555 got:

tcp    LISTEN     0      4        :::5555                 :::*                   users:(("adbd",pid=5051,fd=15))

How can I protect my Android from being hacked by an installed app. 2. I can't use setprop ro.adb.secure 1, it says

setprop: failed to set property 'ro.adb.secure' to '1'

It's always 0. So the ROM doesn't support the adb RSA auth security feature. How can I protect my Android from being hacked from other LAN devices. (I want to keep usb debugging on cause I can install/uninstall apps from PC) ------------- **Update**: I come up with a simple trick: changing the port

setprop service.adb.tcp.port 5550

that will hide my adbd from 80% hackers I think. But, still, that's not a real solution. It's just a workaround

When i tried to open my Whatsapp chats from web browser on laptop, and wanted to scan a QR code from Whatsapp on my smartphone, Whatsapp asked for password, indide the same Whatsapp window. As i have found from https://faq.whatsapp.com/web/download-and-installation/how-to-log-in-or-out?lang=en , it asks for Android's screen lock password. > To log in to WhatsApp on WhatsApp Web, WhatsApp Desktop, or Portal, > you need to use your phone to scan the QR code. > > Android: Tap LINK A DEVICE. Follow the on-screen instructions if your > device has biometric authentication. If you don’t have biometric > authentication enabled, you’ll be prompted to enter the pin you use to > unlock your phone. > > Note: The authentication is handled by your device’s operating system > using the biometrics stored there. WhatsApp can’t access the biometric > information stored by your device's operating system. Also I had seen similar behaviour with other apps, when app of a state service asked, in own window, for password of other state service. I have found out that Facebook also used to allow for apps to ask for Facebook password in their windows: https://developers.facebook.com/blog/post/2021/06/28/deprecating-support-fb-login-authentication-android-embedded-browsers/?locale=en_US > We have been monitoring an uptick in phishing attempts on Android > embedded browsers (also known as webviews), so beginning in August, we > will no longer support FB Login authentication on Android embedded > browsers. > > If your app is using version 8.2+ of the SDK, we utilize several > methods to authenticate the user through other methods -- including > options like sending a push notification to verify the user’s identity > (a.k.a. “Passwordless flow”) or asking the user to complete the login > in the Chrome browser (Chrome Custom Tabs) or Facebook Android app > (a.k.a. Android App Switch). I have searched for Android docs and have found this: https://developer.android.com/training/sign-in/biometric-auth I see there screenshots where dialog windows are shown, while all background is darkened, including Android's top panel... But seems this is a new version of Android, and I used Android 6. Whith which Android version these separate dialog windows for authentication first appeared? I checked for older version of this page, https://web.archive.org/web/20191002021720/https://developer.android.com/training/sign-in/biometric-auth , and i see there were same dialogs in 2019, no older archives. What is Android's policy/recommendation on asking for password of other legal entities? I have seen https://developer.android.com/topic/security/best-practices and I did not see there any such recommendation. I think it is not secure, because, probably it is possible for a window to log any passwords entered in it.

Bought an air-purifier which can be monitored/controlled by Smartmi app . To use this app one have to enter a ***Verification code***. The app, nor the support page, say anything about what this verification code is, so it is likely one think this has something to do with google verification when searching the web. Where to get the code?

Since I will be lending my phone to someone else, I want my phone to ask my Google account password (or alternative authentication) each time an app is installed. If I go to *Google Play* -> *Three bars menu* -> *Settings* -> *Require authentication for purchases*, the options are: 1. For all purchases through Google Play on this device. 2. Every 30 minutes. 3. Never. The first option seems to be what I am looking for. Nevertheless, I am not asked for any authentication for installing apps. **Can this be done? How?** Using a Samsung Galaxy J7, with Android 6.0.1.

My phone is Samsung Galaxy S4 SHV-E330S with a broken screen (cannot see or touch anything) For more context please see my old questions here and here . I have already tried these: https://android.stackexchange.com/questions/120394/can-i-enable-usb-debugging-using-adb/120453#120453 https://stackoverflow.com/questions/26213954/how-to-solve-adb-device-unauthorized-in-android-adb-host-device Nothing seems to work. I have pushed the adbkey.pub file in .android folder in the PC to /data/misc/adb/adb_keys in the phone while in recovery. On rebooting to android it was still unauthorized. I am pretty sure that before the screen c\broke AI had developer mode and USB debugging enabled on this phone. regardless, I executed the commands shown here adb shell mount /system abd shell echo "persist.service.adb.enable=1" >> default.prop echo "persist.service.debuggable=1" >> default.prop echo "persist.sys.usb.config=mtp,adb" >> default.prop echo "persist.service.adb.enable=1" >> /system/build.prop echo "persist.service.debuggable=1" >> /system/build.prop echo "persist.sys.usb.config=mtp,adb" >> /system/build.prop since I found out that the above lines of text were not in the original default.prop and /system/build.prop (even though I am pretty sure I had enabled USB debugging before the screen broke). Even after adding these lines, the phone is still unauthorized when I reboot to android. Since then I have recovered the original default.prop and /system/build.prop into the phone. What else can I try now to bypass the RSA authentication dialog box? I have another rooted android phone (different model and OS version) which I have full access to through adb, but it does not even have an adb_keys folder inside /data/misc/adb/adb_keys, so I can't just copy over from that phone to this phone either. What else can I do to bypass the RSA authentication dialog box on this phone?

I have a OnePlus 3 with an unlocked bootloader and LineageOS. I forget the PIN and I am trying to recover access to it, and I have access to the recovery. The data is encrypted. My understanding is that, if the device is using FBE, the value adb shell getprop ro.crypto.state will return encrypted, and the /data partition will be impossible to read. Despite the fact that adb shell getprop ro.crypto.state returns encrypted, and despite the fact that I have not entered the PIN stored in the hardware keystore, I am able to browse and copy files from /data using adb shell. So this seems to be in conflict: I should not be able to access /data if that returns encrypted. Is this true? If not, why is this not a conflict? (I apologize if this has been asked before, I could not find any questions on this.)