• General

  • Cannot log in with Google Advanced Protection Program on

I enrolled to the Google Advanced Protection Program to benefit from the increased security. I use Sandboxed Google Play on my GOS phone.

After having set up the two security keys through Vanadium on the Google account website, I got logged out from all my sessions for security. I logged in again to my Google account on the Google website through Vanadium with no issues, using my Nitrokey FIDO2 key.

However, when I tried to log in again to my Google account directly from GOS, after having entered my password, the screen got stuck on the “2-step Verification” page and the usual popup window for 2-step verification process (that popupped correctly in Vanadium) never appeared here.

I tested also by deleting my Google account from GOS settings and re-adding it, but to no avail.

How come? Both Vanadium and GOS use the same installed sandboxed Google Play Services. Also, few days ago, before enrolling to the program, I had to manually delete my Google account from GOS. Since I was already using FIDO2 key, I had to insert it after having entered my password, and at that time it worked perfectly.

Is it possible that this program allows Vanadium to log in but no GOS since it’s not the stock OS?

    From my limited understanding, the Google Protection Program doesn't work on GoS and instead requires stock OS but I could be wrong on this.

      DeletedUser213 The main feature I was after was the ability to force the 2FA to use only security keys (including for the backup 2FA method). So, this was independent of GOS. However, it is indeed buggy to log in through GOS when enrolled in this program.

      I managed to log back in on the phone by activating passwordless authentication with passkeys in my Google account settings. With this, I got the 2FA screen. However, using the key yielded an error. Which led me to another screen to use another way to do 2FA with a backup code. This one could be obtained by logging in to the Google account through Vanadium (and since this worked from the start, I could get the code and log in also on GOS).

        One of my accounts with Gapp enabled I'm able to add the account to GOS, the other account experiences an error.
        When I have time I will re-enroll the account in Gapp and see if that fixes things.
        Give re-enrolling with Gapp a try.

        • [deleted]

        • Post #5
        • Edited

        boarim You have to enable 'Storage scopes' for 'Google Play services' (com.google.android.gms) for FIDO2 to work

        • nrt replied to this.

            [deleted] they successfully logged in using vanadium, its enabled.

              Re-enrolling does not work.

              7 months later

              I'm facing the same problem and cannot login to my Google account through the Play Store anymore after enabling the Advanced Protection Program.

              Has anyone found a workaround for this and/or is the GOS team aware of this issue?

                Blissed
                Pixel 8 pro, Android version 2024022300, Play store 39.7.34-31[0]606456090, Play services 24.06.15(190408-607434073), Google account with ADP on works fine here.

                    Upstate1618

                    I just got it to work!

                    I have a Pixel 7 Pro, Android version 2024022300, Play Store 39.7.34-31 [0] [PR] 606456090,
                    Play services 24.05.13 (190400-602827846)

                    Here's what happened step by step:

                    • Attempt to open Play Store or Gmail App with ADP-enabled Google account
                    • "Verify it's you, log in again"
                    • Enter my password
                    • "2-Step Verification - Wait a second"
                    • After several minutes "There was a problem - Try using your security key again or try another way to verify it's you"
                    • Choose another way
                    • Enter security code obtained from logging into Google account through Brave
                    • It works!

                    Sorry for the confusion, I never let it wait so long on the "Wait a second" screen before so I never got the option of using a security code. It's still a bit odd that it won't let me authenticate with my Security key, but at least this workaround works.

                        Blissed My issue changed since the creation of this post, and now I have the exact same issue than you (and the same workaround).

                        I tried with Firefox on my laptop and it logs in fine by the way. It seems to be specific to GOS.

                            boarim

                            This is not a GOS problem.
                            It's a random problem that mainly affects recent google accounts.
                            It also happens on pixel stock OS