
Ask HN: Android intents pass 2SV codes to Play Services, or I just hacked 2SV? - lips
If clarification is needed:
I just signed into a gmail account on an android device <i>without</i> typing in the 2FA code.
Can intents pass on the 2FA code to Play Services, or did I just find a bug?
(Edited title for accuracy based on 1st reply)
======
sekasi
You probably mean 2SA, not 2FA.

Also Google 2SA allows you to 'trust' or 'remember' devices to circumvent
multiple queries for a code. Is this what might have occurred ?

~~~
lips
Upon digging, you're correct, though it seems I found more references to 2SV,
but point taken.

I am staunchly of the 'don't allow my machines to remember anything' variety,
so likely not. If this 'remembering' is flagged in an app default, I'd be
happy to clear it out and re-test.

I went to retrieve the 2SA/V code, and when attempting to switch back to the
dialog, it failed/crashed to the launcher. The dialog was still present in the
application switcher, but repeatedly failed. But directly starting gmail
bypassed the auth request and logged me in.

