`APP_NOT_VERIFIED` login error

[tkelii]

trying to put my phone number in says API error :: 400

[Jabolol]

Hello! This is currently my fault, the error is non-descriptive and I'm already working on a refactor. It should be shipped in a few days.

That error means that your mobile phone must follow the format +$PREFIX $NUMBER. For example I am from Spain, so I would put +34 XXXXXXXXX. The plus and space between the country code and the number is important. BeReal's API is really picky with that. For reference, you can check the full country code list here.

[tkelii]

i did put +44 xxxxxxxx and it says it still

[Jabolol]

I'm on the process of a big refactor right now, scheduled for the coming days. A better process with more descriptive errors is already implemented. Here's how it looks, stay tuned!

[Jabolol]

@tkelii this should have been fixed by 58f26b662d52b43c3f218e29ae39bbd061d79ab5. Feel free to reopen the issue if the error persists or if you need further help.

[tkelii]

now it says APP_NOT_VERIFIED

[Jabolol]

I can log in with a spanish phone number, it could maybe be related to the region but I highly doubt it. Can you check with another BeReal account?

[tkelii]

a different account still says APP_NOT_VERIFIED

[Jabolol]

The APP_NOT_VERIFIED error happens on a country basis. I get the error with phones from the United Kingdom, Georgia and Ukraine, amongst others. I do not get it with phones from Spain and the United States, for instance.

Currently the login logic is extracted from the app itself using a mitm proxy, so it would make sense that the hardcoded session variables and client ids are not valid worldwide.

I'll see if I can rewrite the login logic to use the firebase SDK as BeReal does.

[MomoCrafter2013]

Any update on the APP_NOT_VERIFIED error? I have a UK number and still get it.

Thanks

[Jabolol]

I'm almost done with yet another login rewrite. It will land in a few days at most. Sorry for the inconvenience.

[bunaguna]

I have tried using the mitm proxy to get the API, since I also get APP_NOT_VERIFIED, but it uses https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=......&cb=.......&androidPackageName=com.bereal.ft&sha1Cert=...... and returns

{
    "error": {
        "code": 403,
        "details": [
            {
                "@type": "type.googleapis.com/google.rpc.ErrorInfo",
                "domain": "googleapis.com",
                "metadata": {
                    "consumer": "projects/405768487586",
                    "service": "identitytoolkit.googleapis.com"
                },
                "reason": "API_KEY_ANDROID_APP_BLOCKED"
            }
        ],
        "errors": [
            {
                "domain": "global",
                "message": "Requests from this Android client application <empty> are blocked.",
                "reason": "forbidden"
            }
        ],
        "message": "Requests from this Android client application <empty> are blocked.",
        "status": "PERMISSION_DENIED"
    }
}

is there any way to bypass this? I guess they added some extra security measurements