Same for me! So follow-up question, how do we know if an android app is the real deal? I opened the app switcher and it certainly said "Google Play Services" on top of the window asking for my password, and had the correct logo, but could other app present itself in the same way?
That's a clever trick, I'll remember it for next time something similar happens.
I had the same paranoia as several other people in this thread (don't enter password if you're prompted unexpected or without clear reason). I had the fortune only a "trash" gmail account got locked out, not my main one. So I verified on another machine, password was unchanged, checked if I really hadn't registered any other important accounts with that email, and just gave in after an hour or so, to make the notification go away.
Not that it really matters, if you care about security you shouldn't be using Android in the first place.
If you go out to a shop and buy 100 Android phones, at least 99 will be running outdated OS versions with known security issues and no updates available.
Where I am (the Netherlands), Android is way more popular than iOS--I'm not attaching value judgement to popularity or otherwise, nor am I particularly doubtful of your claim that the average (cheap) Android phone is running an outdated version.
But if that's the case then what is going on?
Are they not juicy targets for hackers? (tons of personal information, botnet possibilities, seems valuable to me)
Or are they in fact being hacked quietly and we're not hearing much about it? Is everyone's cheap phone already part of a botnet and nobody realizes?
Is it perhaps that the exploits require physical proximity that hackers don't deem worth the risk?
BB10 would have been even better but they pulled the plug on that one.
Comparing stock iOS with some old unupdated cheap phone with bloated Android is not fair.
- hardware Secure Enclave (as time of writing, only Samsung devices and latest Google Nexus also have a similar hardware, as far as I know)
- strong sandboxing (again, only Samsung devices with Knox can really compare)
- restrictions on which apps you can get, that filters on malicious apps (ex: fake gmail app). It is void if you use jailbroken iOS or allow sideloading on Android.
- security updates are both more frequent (except Google devices, all Android manufacturers always lag behind for updates), and available to older devices (varies from manufacturer to manufacturer, but it's generally way less than Apple)
Of course, you need to factor in the delay to respond to security flaws (I don't have that kind of data), and other factors too, as well as decide if iOS suits you. That's for you to decide.
No, but updated stock android phones are not really a thing, are they ?
I can't really fathom how someone would have gained access to my account with those steps in place (and honestly if they did, I wouldn't even be mad because it's so impressive)... so I immediately assumed that Google was having a log-in problem.
We're still actively working to resolve issues with Identity/Authentication. Future updates will follow when there is significant progress to report.
To summarize; some long-lived OAuth tokens have inadvertently been invalidated.
This may affect the following Cloud services and will manifest as authentication errors:
Cloud APIs using OAuth tokens, and related services that use them
Cloud Storage gsutil
Note: not all customers are affected by this.
OAuth tokens may be recreated by running the following commands:
$ gcloud auth application-default login
$ gcloud auth login
Is it that whatever the issue that caused all this kept happening again and again every few seconds, or is it that once Google Play Services determines you have to login back, it intentionally nags you making your mobile hard to use?
Like others, I also had a moment of extreme panic where I thought something had been compromised, as it also seems to have coincided with an issue where Google Voice SMSes (2FA) were not going through.
Imagine you walked into a group of people, talking about one thing.
You started talking about something completely random and different.
They want to continue their conversation, you keep interjecting with questions about your random thing.
If they could, they'd probably turn you off so you couldn't talk, or go to another place to talk about it.
That's precisely what happened here.
What more is there to say?
I think there's nothing special about refusing to discuss stuff there and disabling comments.
I suspect that there will be many such reports in coming weeks. And lots of denial, and refusal to comment.
And yes, maybe he was just stressed out, and didn't want to be pestered with conspiracy theory ;)
(... that said, it's not like revoking sessions would impede a password-holding adversary...)
The only exception I could imagine would be some service that was brought in as part of an acquisition but has not yet been migrated to Google's internal platform. Obviously not applicable to products like Gmail or other core G Suite apps.
Gmail doesn't use cloudflare.
>Visited Sign in using backup codes - Accounts Help
I don't recall signing in using backup codes..
Nothing odd appears in https://myaccount.google.com/notifications?pli%3D1
It initially gave me a message that something had changed and I needed to log in again, I can't remember if that was on outlook (yes, I use outlook to get my gmail) or on google play.
This kills me oh so very much.
Would prefer if keepass2android had some autotype feature built in for android :D
Fortunately it was a test phone with a throwaway google account - otherwise i'd have known the password.
Was afraid my accoutn was hacked. My GMail password is unique and quite long compared to my other pw so I doubt someone could find it.
I added the account again on the iOS GMail app and then signed in YouTube and it was back to normal... hmm.
I fortunately had the ten backup codes.
I'm really happy to hear it wasn't another attack on my account. It also reminds me that Google can be unresponsive :( and how much I depend on them (both my Gmail and my Android were warning me)
I never seen that flow before with the security key usually it's the SMS/GAuthenticator.
Still haven't fixed my email clients on my Mac, lol.
Seeing as it happened on two different devices, I have little reason to believe it's some sort of Android Malware. Attempting to login with my old password on incognito is a success.
Compromise or not, I recommend changing passwords.
Would it even be possible (assuming say full ownership of the device) to fake the 2FA and still log you in to your account?
Like most here I assumed it was just a random, regular occurrence, and didn't pay much attention.
Had this happen to me on my Android. Real pain in the neck since I have 2FA and I use an offline password manager that I had to re-sync to get the password over to mobile.
I thought I was in sleep and had signed out of my mobile. But then same in mac. Then I thought some issue for sure.. And reports are here...!
ps: why the german text ?
No, geolocation is probably a great idea. /s
Nothing in the Google Account panel for recently security changes though.
This statement is as ridiculous as it gets.
At least that is how I understand the statement.
It did not say "we have no idea, but it's probably not security related".
It said "we are still investigating, but it's probably not security related".
Those are very different statements.
The first, yeah, reasonable complaint.
The second could mean a lot of things. Usually, in these situations, people want to be able to put numbers on things, etc.
So it could reasonably mean "A something like "a bunch of machines are falling over in a datacenter with out of memory, we've determined why, it was an internal bug, fixed it, but are still gathering data about how much was affected, etc, before we say more"
Or whatever. IE saying "we are investigating" doesn't necessarily mean they are investigating the root cause, they could be investigating how long it will take to fix it, ....