Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security check is needed DisplayUnlockCaptcha #159

Open
druphliu opened this issue May 12, 2022 · 18 comments
Open

Security check is needed DisplayUnlockCaptcha #159

druphliu opened this issue May 12, 2022 · 18 comments

Comments

@druphliu
Copy link

Hello there!

I'm getting the following error message when I try to download an app from the Google Play Store:

Security check is needed, try to visit https://accounts.google.com/b/0/DisplayUnlockCaptcha to unlock, or setup an app-specific password
I tried the following:

account password without MFA
account password without MFA and "unsecure" connection enabled (or however that is called)
app-specific password (with MFA)

@Arshit007
Copy link

Yes,I am also facing the same issue from last day only.When did you start facing this same problem?

@adtimizer
Copy link

same here... what a nightmare. tried multiple accounts/app specific but nothing worked. Yesterday google announced some changed to the playstore agreement... maybe its related?

@poseidonsg
Copy link

I am also facing the same problem. Did someone figure it out?

@druphliu
Copy link
Author

@matlink we need you help

@Arshit007
Copy link

Arshit007 commented May 13, 2022

I am not able to login in the playstore.It is giving me 'Security check is needed, try to visit https://accounts.google.com/b/0/DisplayUnlockCaptcha to unlock, or setup an app-specific password' again and again

@poseidonsg
Copy link

I am still facing this issue.. not sure what is the resolution here.

@minhduyzin
Copy link

Now, I am also facing the same problem. Did someone figure it out?

@pnu-s
Copy link

pnu-s commented May 19, 2022

Having the same issue, I just tested apkeep (which is still maintained) and it seems to work just fine!

I'm unsure what is the difference which makes it work.
@Hainish Would you have any idea? 🙏

@adtimizer
Copy link

great!!!!!! thanks for sharing.
do you know if its possible to get the split option? i can't see it in the USAGE text.

@Hainish
Copy link

Hainish commented May 19, 2022

@pnu-s I'm really not sure, I mostly mimic what this library does, providing the default device configuration of hero2lte, a timezone of UTC, and a locale of en_US.

@adtimizer No split apk support yet. It's on the list.

@therealchjones
Copy link

APKeep (and rust gpapi) not working for me now, either. Have tried multiple old and new accounts, signing onto emulator play store first (and accepting terms) or not. No luck. Is it possible Google has disabled app passwords for play store access? (Or gotten even better about identifying unofficial clients?)

@HarryWindsor
Copy link

I am having the same issues, https://github.com/EFForg/apkeep is not an option for me as I need a python api :(

@DavidRodriguezTorrado
Copy link

This problem seems to be still active. Some moths ago ocurred and the solution was to add a parameter ("droidguard_results": "some_random_string") in function getLoginParams (that is in gpapi/config.py). I guess something similar is happening this time. Google might have updated/changed something about their login.

Did anyone find out news about this issue? (Or has any idea that can feed to find a solution)

@wandamaxm
Copy link

There was an issue with the headers to some of the requests, I have created this pull request that fixes it for me: #161

@marty0678
Copy link

As mentioned in #162 the above PR doesn't appear to be working any longer.

@Exadra37
Copy link

This security check only occurs to me when using a plain text password. To fix it just create an App password on your Google account and use it instead.

Bear in mind that currently this repo doesn't work due to another error, therefore you need to use the code on the branch of this merge request:

marty0678#5 (comment)

@Exadra37
Copy link

Nowadays my working setup is to have a dedicated Gmail account for this without 2FA enabled, otherwise authentication with Google will not work, even with app password.

This week I also had to downgrade from Python 3.7 to 3.6 to solve Bad Authentication from Google.

My current Dockerfile that clones a fork of this repo that is more up to date.:

ARG TAG=3.6

FROM python:${TAG}

ARG CONTAINER_USER="developer"
ARG CONTAINER_USER_UID=1000

ARG LANGUAGE_CODE="en"
ARG COUNTRY_CODE="GB"
ARG ENCODING="UTF-8"
ARG CHECKOUT_COMMIT_HASH=aa193ea198ac789f2b7d7a6650174078a93710a5

ARG LOCALE_STRING="${LANGUAGE_CODE}_${COUNTRY_CODE}"
ARG LOCALIZATION="${LOCALE_STRING}.${ENCODING}"

RUN apt update && apt -y upgrade && \
    apt -y install \
        locales \
        git \
        curl \
        inotify-tools && \

        echo "${LOCALIZATION} ${ENCODING}" > /etc/locale.gen && \
        locale-gen "${LOCALIZATION}" && \

        useradd -m -u "${CONTAINER_USER_UID}" -s /bin/bash "${CONTAINER_USER}" && \
        mkdir /home/"${CONTAINER_USER}"/workspace && \
        chown -R "${CONTAINER_USER}":"${CONTAINER_USER}" /home/"${CONTAINER_USER}"

RUN apt install -y protobuf-compiler

ENV USER ${CONTAINER_USER}
ENV LANG "${LOCALIZATION}"
ENV LANGUAGE "${LOCALE_STRING}:${LANGUAGE_CODE}"
ENV PATH=/home/${CONTAINER_USER}/.local/bin:${PATH}
ENV LC_ALL "${LOCALIZATION}"

USER ${CONTAINER_USER}

WORKDIR /home/${CONTAINER_USER}/workspace

RUN git clone https://github.com/Augustin-FL/googleplay-api.git .
RUN git reset --hard "${CHECKOUT_COMMIT_HASH}"

RUN pip3 install -r requirements.txt
RUN python3 setup.py build

RUN pip3 install --upgrade protobuf

CMD ["bash"]

I had to trim down the Dockerfile and haven't tested it, but it should work.

@ghost
Copy link

ghost commented Jun 24, 2023

This week I also had to downgrade from Python 3.7 to 3.6 to solve Bad Authentication from Google.

this is a poor fix, as you are just avoiding the underlying issue rather than addressing it. the real problem is that Google uses TLS fingerprinting, which Python 3.6 is part of the whitelist by random chance. A proper fix would be to pass a properly constructed TLS client hello that matches Android API 21-33. I have code that does this in my repos, or for Python you can utilize gpsoauth

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

14 participants