Unable to login using built-in account

[motorious1]

Expected behavior Login Using Anonymous Yalp account should work

Actual behavior Checking for Updates fails with: Trying to log in with credentials provided by Yalp Store [Google account access] [checked] With a built-in Yalp Store account [checked] Your original device info [checked] Your default language

(click OK) same thing. Steps to reproduce

1. Open app
2. Check for updates

Your setup Huawei Honor5x, LineageOS MicroG Oreo 8.1.0 Yalp Store 0.45-legacy (from F-Droid repo)

[the-ward]

I'm having the same issue. Setup: S9+, Android 9.0 Yalp Store 0.45-legacy (from F-Droid repo)

[ildar]

I think we're screwed. If only someone would help... @kiliakin !?

[supremesyntax]

This problem is there from time to time if the token dispenser is not reachable. Usually just wait a few hours

[motorious1]

This problem is there from time to time if the token dispenser is not reachable. Usually just wait a few hours

Been waiting for several days. If its a token issue normally Aurora Store will work but both have been down for the same amount of time. Wanted to make sure Goolag didn't change something on their end that broke the token server...

[deerp]

Same issues here. Tried the yalp fork available in play store, Aurora even with proxy settings I got XDA. Nothing works.

[zjabri]

Hi all, same here, I am trying for days ... unable to login at all.

[motorious1]

Looks like the same thing in this Aurora Store issue:

https://gitlab.com/AuroraOSS/AuroraStore/issues/188

"Google deliberately blocked these accounts specifically, & anonymous accounts generally"

[elbaulp]

Same problem, not working for a few weeks now.

[rlucassen2]

I can't login with a personal account either. Do you experience the same behaviour?

R.

[kiplingw]

Yup.

[rlucassen2]

They must detect that it's Yalp

[motorious1]

I can't login with a personal account either. Do you experience the same behaviour?

R.

Having a personal goolag account defeats the purpose of using apps like Aurora and yalp in the first place doesn't it? Plus, you can't create an account without giving them a valid cell number so privacy through obfuscation isn't possible. Looks like it's time to go back to the walled garden of Apple to try and regain some semblance of privacy even if it's fragile and fleeting.

[rlucassen2]

I fully agree, I have just an account for these sorts of issues. And I have never been asked for a cell phone number BTW. I just need a few apps that are in the GPS, for the rest I can live happily with the stuff Fdroid provides on my LineageOS phone.

[kiplingw]

I also agree. I think we have at least two options that come to my mind. One is to figure out how Skynet is detecting the client and adapt, such as modifying the user agent string it's submitting. The other is we hold out for the Purism phone.

[ildar]

Works for me. LOS14.1, 2FA on

[j75]

Tried Monday Nov. 18 - doesn't work with the build-in account... :-(

[ildar]

Oops, sorry for misleading info. Anonymous logins do not work, see Aurora issue. Better track there

[ildar]

I mean personal accounts still work at least with 2FA.

[ilf]

+1. Yalp sais:

Token dispenser returned an auth error for http://token-dispenser.duckdns.org:8080/token-ac2dm/email/yalp.store.user.six%40gmail.com

The URL works, but sais:

Google responded with: Auth error

So token-dispenser.duckdns.org could add another shared Google account. I don't know who that is, maybe the Yalp author. If you need any help, please let us know what we can do. It would be really awesome if Yalp continues to deliver updates and PlayStore downloads.

Thanks for the awesome work so far!

[somini]

https://gitlab.com/AuroraOSS/AuroraStore/issues/188

Looks like AuroraStore fixed that issue. DIff here:

https://gitlab.com/AuroraOSS/AuroraStore/compare/3.1.3...3.1.4

[deerp]

Aurora 3.1.4 confirmed working!

[j75]

Is this 3.1.4 version available somewhere?

[deerp]

Is this 3.1.4 version available somewhere?

Yes it's on GitLab and apkmirror - https://www.apkmirror.com/apk/aurora-oss/aurora-store-gitlab-version/aurora-store-gitlab-version-3-1-4-release/aurora-store-gitlab-version-3-1-4-android-apk-download/

[angela-d]

@j75 You can get the nightlies from Aurora OSS' site: http://auroraoss.com/ (under Download Nightly Builds)

APK Mirror is questionable.. I went to download an app off of there a while back that was removed from the Play Store and the signature didn't match up with the official image.

APK Mirror might be tampering with the app somehow. Not to say they did so with this APK (I didn't check it) - but proceed with caution while using that site.

[rancidfrog]

https://gitlab.com/AuroraOSS/AuroraStore/-/releases

[kiplingw]

Any news on patching Yalp to fix this issue?

[ioogithub]

I have this issue as well. I tried Yalp for the first time and couldn't get it working.

[deerp]

@j75 You can get the nightlies from Aurora OSS' site: http://auroraoss.com/ (under Download Nightly Builds)

APK Mirror is questionable.. I went to download an app off of there a while back that was removed from the Play Store and the signature didn't match up with the official image.

APK Mirror might be tampering with the app somehow. Not to say they did so with this APK (I didn't check it) - but proceed with caution while using that site.

Dont worry, I downloaded the APK mirror APK 3.1.4 and was able to download the GitLab APK 3.1.5 from the Aurora Store and it worked fine.

Of course you are correct in wanting to be cautious. Downloading apks from anywhere can carry a certain level of risk although Ive never had any issues downloading anything from apkmirror. I would be interested in your experience of downloading an app that had a different signature to a playstore one though if it wasn't going too off topic.

Just to update, still no luck with yalp with either the yalp fork 0.46, the older original 0.45 on FDroid but can confirm that Aurora Store 3.1.5 is working like a charm. Occasionally I get logged out due to tokens needing updating but I've managed to log back in straight away using default settings. Works fine with VPN and Tor too. Very happy.

[angela-d]

@deerp If you have a copy of the legitimate app (such as the one offered by AuroraOSS, or something you previously downloaded from the Playstore, in my case) you can compare it to the one that's susceptible to tampering.

If you already have Java installed (which you likely do if on Linux), keytool will suffice: https://stackoverflow.com/questions/7104624/how-do-i-verify-that-an-android-apk-is-signed-with-a-release-certificate

If you compare the output from each copy, you'd discover whether or not that particular APK was tampered with.

[deerp]

@angela-d

I checked the certificate fingerprint and file hashes and compared the AuroraOSS APK you can get direct from Gitlab to the one offered in APK Mirror. There is a match on all. It's definitely the same APK from Gitlab. No changing signatures or certificates.

As a pointer to others who may not know, APK Mirror also offers FDroid versions of Aurora and up-to-date - 3.1.5. Only problem is if you download the GitLab version and try to update to FDroid later on, you will not be able to successfully install as FDroid use their own signing. If you install any app from FDroid, it's best to keep to that app/site for updates to avoid any confusion.

EDIT just to add, I have also downloaded the APK direct from Http://auroraoss.com/ and compared to GitLab and APKMirror and the GitLab version on APK Mirror matches the http://auroraoss.com one!

If in doubt about APK Mirror, go on an APK you're interested in and click on the 'is it safe to install' link next to download the APK. You can compare the certificate fingerprints and files hashes yourself.

[ildar]

@shram47, would you be interested in backporting this? https://github.com/yeriomin/YalpStore/issues/627#issuecomment-559537922

[shram47]

@ildar aurora is not an interesting app for me.YalpStore is more like in every sense.

[ildar]

agree. That's why asking:

would you be interested in backporting this?

I. e. picking this change to Yalp ?

[shram47]

Yes.

чт, 5 дек. 2019 г., 8:42 ildar notifications@github.com:

agree. That's why asking:

would you be interested in backporting this?

I. e. picking this change to Yalp ?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/yeriomin/YalpStore/issues/627?email_source=notifications&email_token=AGDEXKOEYHJXDNHYUY2NH2TQXCIF5A5CNFSM4JI2CBB2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEF7R7OQ#issuecomment-561979322, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGDEXKJQZTYSZRISOSZBUOTQXCIF5ANCNFSM4JI2CBBQ .

[angela-d]

As a pointer to others who may not know, APK Mirror also offers FDroid versions of Aurora and up-to-date - 3.1.5

Not sure there's any benefit to downloading something from APK Mirror over F-Droid. If F-Droid has it, I'd definitely err on the side of caution and get it direct from the source, rather than a 3rd party.

It should also be cautioned, that just because this time the APK Mirror downloads weren't tampered with, doesn't mean they're all like that or won't be tampered with, in the future.

Every download should be treated as suspect until the signatures are verified. Not just APK Mirror, but any 3rd party site - there's plenty of similar sites that exist purely to load users up with malware.

[mjanssens]

Although i completely understand your worries, in my opinion you cannot discredit f-droid by categorizing them as "a 3rd party". That almost sounds like: I don't trust Debian, because they are a 3rd-party. There is more nuance to this. Please research. Look at https://f-droid.org/en/docs/ ie or ask the developers on the channels they can be reached. But pls dont discredit a platform on gutfealing. Research apkmirror too.

[deerp]

@angela-d

I totally agree with you about an element of risk downloading apks from any source. I once downloaded an APK from apkmirror for Google play services app but didn't realise I downloaded a version meant for a slightly different type of phone and had constant pop ups informing me that the app had force closed. That is not the fault of APK mirror but my own by not selecting the version for my phone.

Here is APK mirrors faq and guidelines - https://www.apkmirror.com/faq/

They have a very strict policy of not accepting apks that have been tampered with and the signing must be from actual app developer. Your example you mentioned originally about downloading an apk from there that didn't match the signature of the app you had installed may very well have been because the app was taken off play store. If you check the faq, it clearly says that you can install updates again from play store after downloading apks from the site unless the APK is for an FDroid version for example.

Also downloading direct from source does not mean that it is completely safe. You produced a link for the nightly builds for Aurora which are in effect test builds. They are fine tuned daily to iron out bugs to get them ready for stable release. Downloading test build apks carries it's own risk.

[angela-d]

@mjanssens - I think you're misunderstanding what I wrote. I explicitly did not refer to F-Droid as 3rd party - but APK mirror:

If F-Droid has it, I'd definitely err on the side of caution and get it direct from the source, rather than a 3rd party.

Direct from the source = F-Droid 3rd party = APK Mirror

[mjanssens]

I did indeed misunderstand, glad you reprased it in these words, perfectly clear now. And I agree with your other point on trusting your sources, always verify them.

[ildar]

F-Droid is offtopic here. Please move to its forum site

Apk mirror's also

[angela-d]

@ildar Yalp is broken and unsupported. Discussing alternatives and safe sources of alternatives is not offtopic.

[deerp]

@angela-d agree with that.

Here's a list of sites to download the yalp fork which is on 0.46. Unfortunately that is not working at the moment but it's possible that it may still be continued to developed for. Last update was 5 months ago.

https://f-droid.org/packages/com.github.kiliakin.yalpstore/

https://github.com/kiliakin/YalpStore

https://play.google.com/store/apps/details?id=com.github.kiliakin.yalpstore

Currently Aurora is the only alternative working.

[ildar]

It works fine except anonymous login. I use it regularly

[deerp]

It works fine except anonymous login. I use it regularly

It's not working for me with logging in with a Google account. Get constant client error 404. I have 2FA on my Google account so when I put in my Google password in the yalp app, it directs me to my Google account. I create a new password for Yalp, click done to save it and go back to yalp and get this error. I've tested force stopping yalp, clearing cache, uninstalling app, downloading legacy versions, FDroid versions, the yalp fork from play store and FDroid and nothing works for me.

Sticking to Aurora for now until there is an update to Yalp that solves anonymous logins.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[kiplingw]

...

[motorious1]

Entire Yalp Store project should be marked as stale as I have not seen any issues addressed and resolved for some time.

Solution: Use Aurora Store from F-Droid repo and uninstall Yalp.

Closing this due to lack of acknowledgement and resolution from app owner.

[HemanthJabalpuri]

@motorious1 @kiplingw @ildar @angela-d @deerp @shram47 It is fixed in the fork of Aurora Store dev at https://github.com/whyorean/YalpStore

-Why someone need Yalp if Aurora is there? Since, Aurora doesn't support Android <5.0 versions.

Thanks