Purpose of New App
A new version of Google Auth Client (GAC) has been released and could be found in both Samsung and Google app stores (e.g. see it at Play Store).
The major benefit is that it integrates phone’s and Gear’s 2FA apps in a single solution and allows transferring accounts between these two peers in any direction: from phone to Gear or vise versa. There is no need for Google’s stock app anymore, because the companion includes all GA functionality and adds features that stock GA app is currently missing.
The companion allows scanning Google’s QR bar code, which is a client/server shared secret used for generating one time passwords (OTP).
In addition, the Android’s companion can be also used to backup and restore all 2FA accounts. Backups could be encrypted using a password based encryption (PBE) with HMAC signature used during restore process to verify integrity of the backup.
Plain backups are also supported, but not recommended, since they are stored in Android’s “Download” directory that can be accessed by other applications that are granted “read storage” permission.
Using Google Drive for backup/restore operations makes syncing accounts across all your Android and Gear devices simple.
- Android application can be downloaded from Play Store: GAC Services
- The most universal way of installing Gear GAC application is through Samsung’s Android Gear App: Gear App
- If you browsing apps from a Samsung’s Galaxy device, you can also try a direct link for GAC, but it doesn’t work in all browsers even on Galaxy devices:
Why Updating Old App Not Possible
The old GAC app supports many legacy Gear devices such as Gear, Gear II, Gear Neo, and Gear S. Since all these devices are different, they require different binaries. Samsung App Store doesn’t allow mixing companion and non-companion binary types in a single app’s distribution. That’s why new app is needed to enable companion functionality. We will gladly merge these two versions as soon as Samsung change their policies (the best scenario) or when we decide to stop supporting legacy devices.
Below is an error message, which is caused by an attempt to add a companion-based binary to the old non-companion style app
Adding New Account from Android
To add a new account from the phone you’ll need to select “Connect to Phone” menu on Gear first:
Pic 1. Menu Page on Gear
If the device is already paired with and connected to the phone through Bluetooth, an icon on the top will turn green and you’ll see the following message:
Pic 2. Gear Connected to Phone
At this point a GAC Scanner page should popup on the phone automatically. Point camera to the QR bar code. When QR bar code is recognized the blue border will be blinking and a masked scanned code will show up in an edit box located just above the camera window.
Pic 3. QR Scanner Page
Press “Send to Gear” button and the scanned account will be sent to your Gear device. You can save the account on phone by pressing “Save” button, which will bring you to the “Accounts” page. Alternatively, you can get there by pressing an account button in GAC Scanner’s toolbar (left to exit button).
Pic 4. Accounts Page
At the “Accounts” page you could see a list of OTP tokens for all your accounts, and you can use the buttons on the bottom to perform the following actions (left to right):
- Send selected accounts to Gear
- Save all accounts to a backup file
- Delete selected accounts from your phone
- Restore all accounts from a backup
- Add more accounts by either scanning QR bar code or by typing a shared secret manually
Tap a list item if you want to zoom token for a single account. The token will be refreshed properly in the zoomed view as well. When a color of the border becomes red, a new token will be generated automatically.
Pic 5. Zoomed Token
You can scroll accounts on this page using left and right arrow buttons on the bottom.
Changing Account’s Order
By default the accounts are stored in an alphabetic order, but it’s possible to change the order by long pressing an account name and dragging it to the new place.
Backing up and Restoring Accounts on Phone
Account restore page can be reached by tapping restore button (second from the right) on Accounts page.
Pic 6. Restore and Backup
By default, restore logic will use an encrypted backup and password will be required to decrypt the accounts and to verify a signature created by a backup. You can use plain unencrypted backup by checking “Don’t use encryption” switch, but that option is strongly discouraged. If you want your app to remember the password, use “Remember password” switch.
A button located in the right part of “Accts on Gear” box could be used to restore phone’s accounts directly from a gear device.
The backups that are not needed anymore can be deleted by selecting them in the backup list and pressing a “trash” button on the bottom.
Saving accounts to a backup file is similar and has two options as well: encrypted and unencrypted backups.
Google Drive can be used to backup and restore accounts as well. Use Google Drive button with a question mark to check what backups are available.
Messages Seeing on Gear
When accounts are successfully received by Gear you’ll see the following screen:
Pic 7. Accounts Received from Phone
When messages are sent by Gear to phone, you’ll see the confirmation screen:
Pic 8. Accounts Sent to Phone
If Gear is disconnected from its peer, the green icon will turn red.
Pic 9. No Connection Page
The Token/OTP page has not changed and can be reached by tapping an account name on menu screen.
Pic 10. Token Page
- An issue specific to Android 8.0 has been identified: the Android companion crashes with a Runtime Exception. The issue was attributed to the “new behavior” of Android 8.0 and is considered by many as a platform bug: https://stackoverflow.com/questions/48072438/java-lang-illegalstateexception-only-fullscreen-opaque-activities-can-request-o. That issue has been fixed in GAC version 3.4.1. Please report if you still see this problem.
- Progress bar might not work correctly on some older models: it didn’t go all the way to the end and didn’t refresh the tokens. The issue has been fixed in GAC version 3.4.0.