
New version of Google Authenticator is a new app, old one won't update - ajdecon
http://www.androidpolice.com/2012/03/22/psa-googles-authenticator-updated-to-v2-except-its-a-brand-new-app-and-you-need-to-install-it-to-get-future-updates-old-one-is-dead/
======
nl
The speculation is that someone lost the signing key.

Oh the irony...

------
andrewpi
So the new version of Authenticator can apparently import the credentials from
the old version. I don't know much about Android security, but if Google lost
the signing key, would they still be able to import from the old app?

~~~
devicenull
The credentials are stored in plaintext on your phone. You can trivially
extract them with a backup of your phone and a SQLite database editor.

~~~
andrewpi
I'm familiar with the 'extract from a backup' vulnerability for any
information stored on Android. However, I'm more concerned that another (non
root-privileged) app can access credentials without confirmation.

~~~
skeletonjelly
I believe you'd need a rooted device for it to access another app's files, and
even then you should get a popup prompting for access.

------
dazbradbury
I have a few apps in the marketplace that I made on my old pc years ago. The
keys I used to sign the apps weren't lost, unfortunately, the original Android
eclipse plugin was signing my apps as part of my build process (I think they
have fixed that now).

I wiped the machine, and hey presto, I can't update those apps anymore. I was
shocked there was no workaround, and it seems Google have been hit by this now
also. At least they're sticking to their own policy I guess, I'm sure they
___could_ __update the app if they really wanted to.

~~~
tedunangst
Can you explain some more? You lost the keys or you didn't? If you didn't, why
can't you sign the apps?

~~~
dazbradbury
Sorry, let me elaborate. I have the keys I purposefully signed the apps with.
I would export the apk from eclipse, and sign it, submit it.

However, as part of the eclipse build, eclipse was signing the apk. Therefore
it ended up signed by TWO keys. When I re-installed eclipse, this hidden key
that I wasn't aware of was lost.

I couldn't submit to the Android market without the app being signed by BOTH
keys. That is what I found strange...

------
jameswyse
New app is here:
[https://play.google.com/store/apps/details?id=com.google.and...](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2)

------
trotsky
Well, you can't say the chinese aren't persistent.

