Multiple accounts

[atom-smasher]

I was previously able to set up multiple accounts and save each one as a WebApp, eg "Gmail - User One" and "Gmail - User Two". Now, it seems like both saved "WebApps" open the same account.

Expected behaviour: "WebApps" saved with access to different accounts from the same service/website should maintain access to different accounts.

[trymeouteh]

I am having this issue on lineageos 17.1

[tobykurien]

FYI this may be specific to GMail, because I tried multiple accounts with Mastodon for a month or so and it works fine. Perhaps GMail is using a supercookie or similar and hence is leaking across sandboxes?

[atom-smasher]

Seems like Gmail has several redirects during the login process, and WebApps can't follow all of them. Instead, WebApps defers to a browser app after a few redirects. At least, I think that's what's happening.

gmail.com → accounts.google.com → mail.google.com -- or -- mail.google.com → accounts.google.com → mail.google.com

I've found that I can log in to Gmail directly from "accounts.google.com". However, if I then "Save as Webapp", the saved WebApp does not "stay" logged in, and it can not be used to successfully log back in to Gmail. This makes WebApps entirely useless for Gmail. I can enjoy this kind of inconvenience by using a "private tab" in a more conventional web browser.

If a default browser is selected (on Android), Gmail is opened, after logging in, in that browser. If no default browser is selected, a pop-up appears, prompting to open the link in a browser. Webapps is not available for selection, to open the link.

This is kind of a security issue, since WebApps will silently defer to a normal web browser to log in to sites. Then the normal web browser is "contaminated" with login, cookies, etc.

WebApps v4.3, Android 10, Resurrection Remix, RR-Q-8.6.9

[tobykurien]

You can save accounts.google.com as a separate web app. Then any other Google app can be saved into it's own web app and when asked to login, WebApps will automatically redirect to your accounts.google.com one to do the auth.

[atom-smasher]

One of the problems with that, is that creating a WebApp for "accounts.google.com" actually creates a WebApp for something along the lines of "accounts.google.com/identifier?xxxxxx".

Because of that, Google may still associate logins from different accounts to a single device.

How to see it:

1- Open WebApps 2- Click the globe icon to "Open Site" 3- Open ("Open in new sandbox"; do NOT check "Temporarily allow redirects") 4- Open the action-bar, if needed 5- Select the options (three dots) 6- Select "Share URL" 7- Select a notepad app, and paste the URL into the notepad

If there was a way to edit the actual URL saved with the WebApp, this might be a secure method. Otherwise, I think it's more secure to just allow WebApps to follow the redirects that are part of the Google login ecosystem.

Anyway… I tried it, and it does not work.

1- Open WebApps 2- Click the globe icon to "Open Site" 3- Open ("Open in new sandbox"; tested here with "Temporarily allow redirects" checked and unchecked) 4- Save "Sign in - Google accounts" as a Webapp 5- Close the "Sign in - Google accounts" Webapp 5- Open WebApps 6- Click the globe icon to "Open Site" 7- Open or ("Open in new sandbox"; tested here with "Temporarily allow redirects" checked and unchecked) 8- Try to log in to Gmail 9- After logging in to Gmail (if you can log in), save as a Gmail WebApp 10 - Close the Gmail WebApp 11 - Open WebApps 12 - Open the saved Gmail WebApp, and try to log in

Login to Gmail does not work, after closing WebApps, re-opening WebApps, and opening the saved Gmail WebApp. As before, after entering a correct password, WebApps defers the next redirect to a "normal" browser.