Related
So far, I have not managed to remote wipe my Froyo Nexus One from Exchange. It just didn't work.
I'm wondering if this hasn't been implemented yet in the version I downloaded (the one that was publicized up last weekend) or if there's something I'm missing.
Has anyone every done this successfully?
Maybe when the finalized Froyo build is out. I would try it myself but what if it works
I'm stil unable to do this using FRF83. Has anyone else tried and had it successfully work?
Exchange sends the remote wipe command but the phone just doesn't acknowledge it.
I'm hoping Google isn't trying to quietly not include full ActiveSync capability into Froyo... it seems awfully late not to have features baked into incremental test builds after the source has been released.
You don't have the final release yet, chillax and wait for, then you can complain to your hearts desire about what isn't included.
I'm on FRF85B. Still doesn't work.
The admnistration settings are correctly configured I assume?(both server side and phone side)
I have the device setup connecting to my Exchange server. I can get mail fine. It updates my calendar fine.
Within Exchange, the device is setup and seen.
But when a Remote Wipe is initiated, nothing happens. I can see the request being sent, but the phone never acknowledges it. I get the standard security error the next time I try to sync and I can't send or receive any new mail, but I still have access to all mail that has already been pushed to me.
Even though our policy says that a PIN is required, I've never been prompted for a PIN. (Although, I do have a security pattern setup, so I dunno how that affects anything.)
Inside the device's Location & Security settings, there is an option for Select Device Administrators, but it doesn't do anything.
I don't know of any other configuration or administration options.
You may have to do a factory reset and implement the administrator from first boot.
You probably can't gain admin access to a device after the device is set up. That'd be a huge sercurity flaw.
Here's what the option looks like, under Location & Security Settings:
Device Administration
Select device administrators
Add or remove device administrators
It doesn't sound like I'd have to wipe in order to add.
ive tried a remote wipe too, but it didnt work :/
Probaby time to get in touch with Google Support.
I posted a bug report and heard back from someone at Google, saying that my issue only exists if Exchange is allowing unprovisioned devices.
So I turned that off. Now I'm getting "This Exchange Activesync Server requires security features your phone does not support."
At least it's a different message.
Now the word I'm getting from Google is:
(via http://code.google.com/p/android/issues/detail?id=9426)
"That's probably the "correct" response, as we only support the basic (EAS 2.5) features in Froyo. So if your server requires, for example, password history or expiration, or complex characters, then it won't be provisionable in Froyo. Our goal is to provide more policy support in future versions, but for now we support - password (PIN/alpha), minimum characters, max. fails to wipe, inactivity timeout, and remote wipe."
So there you have... still no full ActiveSync support in Froyo.
Success!
The password recovery policy is what was causing the holdup.
I had to create a custom policy for Android devices that didn't include this and everything worked as designed.
The next time I attempted to sync I had to confirm the Email app as functioning with a Device Administrator (which explains the odd Location & Security/Select Device Administrators button that nobody really knew what it did.). After allowing that, a PIN was enforced and a remote wipe was successful.
The only concern was that I was able to go in and remove Email as functioning with a Device Administrator. This prevented me from sending or receiving any new mail, but any already-synchronized email remained visible and readable.
I know nothing about any of this so bare with me guys/gals please. Just need help once and ill remove my account. If any of you feel like im wasting your time then please tell me and ill remove my post. Thankyou and i hope someone will give me an idea of whats going on.
Friends ex girlfriend is remotely accessing his phone from her computer, she can lock him out and write text out of format on the lock screen. She has deleted everything on his phone 8 times in the past hour. The Verizon recovery app has been disabled, we went into the Verizon store and changed EVERYTHING, number, passwords, made sure if she ever called in wanting info she couldn't get it. There is no way she figured out any of the passwords, she doesn't have access to any of his accounts, gmails facebook etc... i thought for sure she was using the recovery app but that's impossible cause no account has been created to access to his phone. Idk guys like i said im not an expert one thing that has me most skeptical she can write whatever she wants, whatever color, on his phone on any spot on the screen. Its completely out of set text formations on the lock screen looks like doodles i guess. Just curious if you guys have have ever heard of anything like this happening before. Thanks and i apologize if this shouldn't be here just on a desperate attempt to figure this out. Verizon is completely stumped they have no idea how she does it, even the main tech guy at the store (idk his credentials) cant figure it out.
From what I've seen so far, Android Device Manager (part of Google's setup) can do remote wipes. as can Motorola ID. I imagine both of these may "automatically setup" when you re-activate the phone. Beyond that, you'd need an app to perform such changes, I'd think.
Also, if he's on a joint-account with his exGF, and if she has access to the account, VZ may be doing this without the store-people knowing it?
schwinn8 said:
From what I've seen so far, Android Device Manager (part of Google's setup) can do remote wipes. as can Motorola ID. I imagine both of these may "automatically setup" when you re-activate the phone. Beyond that, you'd need an app to perform such changes, I'd think.
Also, if he's on a joint-account with his exGF, and if she has access to the account, VZ may be doing this without the store-people knowing it?
Click to expand...
Click to collapse
If it's Android Device Manager, maybe it would be sufficient to just change the Google login password?
Yeah, he changed his Google password right?
schwinn8 said:
From what I've seen so far, Android Device Manager (part of Google's setup) can do remote wipes. as can Motorola ID. I imagine both of these may "automatically setup" when you re-activate the phone. Beyond that, you'd need an app to perform such changes, I'd think.
Also, if he's on a joint-account with his exGF, and if she has access to the account, VZ may be doing this without the store-people knowing it?
Click to expand...
Click to collapse
He was on a joint account but upon breakin up with her he took her phone, cancelled it, removed her from the account changed his passwords to facebook and google and everything else. Just for the guy to call in and request info he has to answer 5+ extra security questions before hes allowed any info. But ill check out the ADV maybe thats it. Thankyou
I have noticed that my important email has been compromised. I've seen logins from the US (I've never been in the US) and even parts of Sweden that I have not visited (and by a browser that I've never used, so it's not me).
I am really surprised by this considering I use 2-factor authentication on it and my Note 8 doesn't even have Google authenticator visible. It is installed but I've hid it and use it by going to app store and searching for it.
All my important websites are protected by 2-factor authenticator. Except for my phone. I have BitDefender antivirus but I am not sure if this is enough.
I need something really strong to protect my phone from people accessing it and its apps. Mainly a protection against keyloggers.
My phone is rooted if that makes any difference.
Also, I don't mind if it costs money. I will pay well for top notch protection.
Nebell said:
I have noticed that my important email has been compromised. I've seen logins from the US (I've never been in the US) and even parts of Sweden that I have not visited (and by a browser that I've never used, so it's not me).
I am really surprised by this considering I use 2-factor authentication on it and my Note 8 doesn't even have Google authenticator visible. It is installed but I've hid it and use it by going to app store and searching for it.
All my important websites are protected by 2-factor authenticator. Except for my phone. I have BitDefender antivirus but I am not sure if this is enough.
I need something really strong to protect my phone from people accessing it and its apps. Mainly a protection against keyloggers.
My phone is rooted if that makes any difference.
Also, I don't mind if it costs money. I will pay well for top notch protection.
Click to expand...
Click to collapse
If it wasn't rooted I would just encrypt the sd card, make sure you have a good pattern/password and use Secure Folder for anything more sensitive. Between all that, bitdefender, and 2-factor authentication on accounts where possible, the only other thing I can think of is using a VPN when connecting to public wifi. Of course root breaks Knox though, so that changes things here for Secure Folder, etc. Maybe there are some other security apps you could use instead for sensitive stuff, as well as a firewall app, but root does run counter to maximum security.
Nebell said:
I have noticed that my important email has been compromised. I've seen logins from the US (I've never been in the US) and even parts of Sweden that I have not visited (and by a browser that I've never used, so it's not me).
I am really surprised by this considering I use 2-factor authentication on it and my Note 8 doesn't even have Google authenticator visible. It is installed but I've hid it and use it by going to app store and searching for it.
All my important websites are protected by 2-factor authenticator. Except for my phone. I have BitDefender antivirus but I am not sure if this is enough.
I need something really strong to protect my phone from people accessing it and its apps. Mainly a protection against keyloggers.
My phone is rooted if that makes any difference.
Also, I don't mind if it costs money. I will pay well for top notch protection.
Click to expand...
Click to collapse
Rooted phone = lack of security!
As soon as a phone is rooted there is little security as all the inbuilt security (safe folder & knox) are gone and banking apps won't work!
Sent from my SM-N9500 using Tapatalk
sefrcoko said:
If it wasn't rooted I would just encrypt the sd card, make sure you have a good pattern/password and use Secure Folder for anything more sensitive. Between all that, bitdefender, and 2-factor authentication on accounts where possible, the only other thing I can think of is using a VPN when connecting to public wifi. Of course root breaks Knox though, so that changes things here for Secure Folder, etc. Maybe there are some other security apps you could use instead for sensitive stuff, as well as a firewall app, but root does run counter to maximum security.
Click to expand...
Click to collapse
Thanks. I guess I already have enough security. I was baffled that my e-mail was compromised. Maybe it was, maybe it wasn't. I noticed no change to any of my files etc. But it does show suspicious logins from countries I have never been to.
robmeik said:
Rooted phone = lack of security!
As soon as a phone is rooted there is little security as all the inbuilt security (safe folder & knox) are gone and banking apps won't work!
Sent from my SM-N9500 using Tapatalk
Click to expand...
Click to collapse
Yeah thanks for the obvious pointer. But rooting a phone is a must. Also, all my banking apps work just fine. I am not dependant on Samsung.
As was mentioned earlier, use a VPN when using the internet. It does protect your IP and is handy to get to content you can't access from your country..
Nebell said:
Thanks. I guess I already have enough security. I was baffled that my e-mail was compromised. Maybe it was, maybe it wasn't. I noticed no change to any of my files etc. But it does show suspicious logins from countries I have never been to.
Click to expand...
Click to collapse
I assume you have already done this, but I would immediately change my password to that account (along with any other accounts that share the same password), even though you have rwo-factor authentication. Unless you logged in while on VPN or proxy, suspicious logins from other countries you haven't visited sounds like a red flag.
sefrcoko said:
I assume you have already done this, but I would immediately change my password to that account (along with any other accounts that share the same password), even though you have rwo-factor authentication. Unless you logged in while on VPN or proxy, suspicious logins from other countries you haven't visited sounds like a red flag.
Click to expand...
Click to collapse
I changed every important website to a password that is so hard to type I need to do it carefully every time. I got in contact with Fastmail (who btw is an awesome e-mail service, although paid) and they said that my phone is compromised.
Damnit.
I use my phone far more than my computers. They also suggested that I use a password manager but if my phone is compromised so easily then I probably am better off just getting better protection for my phone.
Nebell said:
I changed every important website to a password that is so hard to type I need to do it carefully every time. I got in contact with Fastmail (who btw is an awesome e-mail service, although paid) and they said that my phone is compromised.
Damnit.
I use my phone far more than my computers. They also suggested that I use a password manager but if my phone is compromised so easily then I probably am better off just getting better protection for my phone.
Click to expand...
Click to collapse
Damn that really sucks...sorry yo hear that. Hmm at this point I would backup photos, etc, flash stock firmware, and start fresh. Be careful with what you reinstall, as one of those apps/mods may possibly be the culprit.
@Nebell are you using sms to get your 2step-authentication code? maybe all your sms are being forwarded (via some malware app). You should be using a firewall if you are rooted.
Lots of apps have permission to access sms text messages and even send it.
Before i side load any apps, i use virustotal.com , go to website, upload APK file and if malware then install (if you must have it) but block it using firewall, any other red flags, then find another apk version or similar app.
Let Fastmail know of your breach and they can check which other devices or websites are registered/ linked to your account.
I suggest you backup your data, virus scan it all on a PC, wipe your android phone and start fresh. I use backup-your-mobile by Artur, to export my calendar, contacts, sms, call logs, etc. it works quite good.
good luck mate.
I think it might have been a false positive.
I reset my phone to factory settings and changed all passwords and suddenly "Ashburn US" login kept getting failed attempts on my email. But as soon as I reinstalled Edison Mail app and logged in, the success login from Ashburn US resumed.
It must somehow be connected to that app. I've sent a message to Edison and asked them if they are associated with that location. Maybe their server is located there or something, but I will wait and see what they reply before I take next action.
The fact that makes me believe this was a false positive is that I never noticed anyone reading my email or actually trying to do something, and I do have sensitive stuff in there.
How to Remove FRP Lock From Android Device ?
The FRP feature is always enabled on your device as long as you have an active Google account. To disable FRP, you must remove your Google account.
To remove your Google account, follow these steps:
1 : From any Home screen, touch Apps > Settings.
2 : Touch Accounts > Google.
3 : Touch your Google account, and then touch MORE > Remove account.
Important: If you are sending your device in for service, selling your device, or giving it away, it is very important that you remove your Google account and reset your device.
Share it.
Wanheda-Klaus said:
How to Remove FRP Lock From Android Device ?
The FRP feature is always enabled on your device as long as you have an active Google account. To disable FRP, you must remove your Google account.
To remove your Google account, follow these steps:
1 : From any Home screen, touch Apps > Settings.
2 : Touch Accounts > Google.
3 : Touch your Google account, and then touch MORE > Remove account.
Important: If you are sending your device in for service, selling your device, or giving it away, it is very important that you remove your Google account and reset your device.
Share it.
Click to expand...
Click to collapse
How do you get around it if you bought a refurbished android moto XT1650-02 on FB and they didn't do what they should have done here in this post?
TonyDaTorch said:
How do you get around it if you bought a refurbished android moto XT1650-02 on FB and they didn't do what they should have done here in this post?
Click to expand...
Click to collapse
Have a look at my posts on this subject.
Currently I'm looking into whether I can side load some code via a FAT32 formatted SD card, and if possible, I need to locate where the flag is stored which sets this FRP. Now this could be stored on a rom chip of sorts and at this stage I dont want to break open the device to desolder chips, so this blog could be useful at giving clues into what needs to be looked at. Although the device is a Blink Mini camera, the technique can be applied on other devices, like smart phones.
Blink Mini RE, Part 3 -- Staring into the eye of the binary
If we stare at a binary for long enough, we will intimidate it into giving us its little secrets
astrid.tech
Ideally, I'd have a working device, dump the rom contents, then trigger the FRP and then dump the roms again to compare whats been changed, which would hilight areas for further investigation and maybe even the bit flag in question.
The other area of interest currently is Wireshark with the USB packet sniffer. Lenovo's/Motorola's Rescue and Smart Assist program aka LRMA can interrogate the device via a USB cable and detect the firmware. LRMA also suggests enabling the Developer mode/USB debugging which is enabled by clicking the build number seven times in the Google Android settings. So the question is can LRMA detect the FRP has been set? If it can, Ghidra https://ghidra-sre.org/ can be used to detect the FRP bit flag. I say bit Flag, it could be multiple bit flags in a variety of locations. Never under estimate your enemy.
I've used the Emergency Contact select a photo trick, to gain access to all apps, where I've gone straight for the Settings and Build number, tapped it 7 times as per LRMA's instructions but its not unhidden the developer mode and USB debugging options. This could be disabled once FRP is triggered, but its why I say it could be more than one bit flag which is set. Like you see with UEFI bios on some pc motherboards, there could actually be a two or more locations which could be used.
Like I said earlier, having a working device, dumping roms and then triggering FRP would be ideal, but when you dont have any money, it forces you to use your brain as you can't just step out and buy a new device mirrored in every way.
At this stage I dont know if this FRP flag can be undone. It might be like these RaspberryPi One Time Programmable switches as seen here, but I have been able to toggle some of those as well! https://github.com/raspberrypi/docu...asciidoc/computers/raspberry-pi/otp-bits.adoc
I've so far been unsuccessful in finding out if there is an equivalent of vcgencmd otp_dump for Android phones as this could be another way I might be able to find the FRP flag without having to dump the roms.
This is all new to me so I might be looking in the wrong area's as I'm just an unqualified out of work for decades boring old penniless windows programmer so I'm learning as I go along. But you might find what I've put is useful if you fancy a Thanksgiving, Xmas & New Year challenge for a change.
8-31-21: My report on the death of this app for the NST is a little premature. See post #5, etc., for a "fix". It worked for the poster and it worked for me. It might work for you.
Don't shoot the messenger...
Sometime in late 2020 or early 2021 it became impossible to negotiate an initial login with the Kindle app (yes, even with the OTP they email you). I've checked the security certificates and they are fine. I've tried installing the app on newer devices, going all the way to Oreo. Same behavior. A logcat on the NST shows a failed SSL negotiation so it looks like the server just won't talk to the old app any longer--at least for an initial authorization. That's the very bad news.
There is a tiny bit of good news for those who already have the Kindle app installed and authorized. At least on my three devices it continues to function completely. You can still check out Overdrive Kindle books and send them to your device and the same book on different devices appears to sync. You can also sideload .mobi books and read those. The clock is, however, probably ticking.
I mention this as a warning for anyone who has a legacy Kindle installation and is thinking of doing major work on their device. If you uninstall or wipe out the Kindle app, it's gone for good. It may be possible to use something like Titanium Backup to restore the app. I was able to find all this out after a reset and then restore my NookManager backup and the app worked fine.
Edit: I have done a little experimenting and the app authorization token appears to include a lot about the device and system. So it's not possible to use Titanium Backup. I tried this on a FW 1.2.1 installation with a working copy of Kindle. Then I updated and rooted FW 1.2.2, installed the Kindle app and then restored a Titanium backup from the same device (but with FW 1.2.1). It failed to initialize, asking to register again. I've had success only in restoring a NookManager backup from the same device with the same FW, etc., and in cloning a device from a NookManager backup. This is not something I would necessarily recommend, but you might have your reasons. However, when I tried to correct the MAC address, this threw off the Kindle app token and it reverted to asking for registration again. So there's very little wiggle room for preserving a working installation if you have to do any significant changing.
I have seen your report in the thread where you were trying to help another forum member to overcome the issues he had with his device. This strengths my beliefs that for resolving the SSL issue work on kernel(s) must be done. Question is where exactly? In Linux kernel or somewhere in Android? What SSL is used on NST if the snag is in Linux - OpenSSL or LibreSSL?
In the defense of the NST I must say that recently saw on YouTube video someone put Alpine Linux on Kindle PW3. What am I trying to say is that older generation of this kind of devices suffer from same illness regardless of brand manufacturer pushing people to just abandon the legacy software on them and create their own custom made one tailored for their devices and their intended way of use.
If the SSL layer is somewhere in Android oh boy that might be harder cookie to bake from my point of view.
SJT75 said:
I have seen your report in the thread where you were trying to help another forum member to overcome the issues he had with his device. This strengths my beliefs that for resolving the SSL issue work on kernel(s) must be done. Question is where exactly? In Linux kernel or somewhere in Android? What SSL is used on NST if the snag is in Linux - OpenSSL or LibreSSL?
In the defense of the NST I must say that recently saw on YouTube video someone put Alpine Linux on Kindle PW3. What am I trying to say is that older generation of this kind of devices suffer from same illness regardless of brand manufacturer pushing people to just abandon the legacy software on them and create their own custom made one tailored for their devices and their intended way of use.
I
Click to expand...
Click to collapse
SJT75 said:
I have seen your report in the thread where you were trying to help another forum member to overcome the issues he had with his device. This strengths my beliefs that for resolving the SSL issue work on kernel(s) must be done. Question is where exactly? In Linux kernel or somewhere in Android? What SSL is used on NST if the snag is in Linux - OpenSSL or LibreSSL?
Click to expand...
Click to collapse
My understanding of the issues is very limited. I once happened into a discussion where it was stated that apps which need to communicate with external servers contain their own SSL certificate which has an expiration date. If so, apps like that just die a "natural" death.
It's actually amazing that there are some apps requiring logins that still work on the NST. Two that come to mind are ancient versions of Pandora and TuneIn Radio. I use both and they still perform flawlessly. For now.
Until today I didn't know what Pandora is but I am familiar with TuneIn radio app. Good to know that some of those apps is still working. Well it just had to be complicated with SSL/TLS hidden somewhere in Android layer. I totally understand why people like Android user friendly UI and apps availability. Still gamble with Java seems that didn't paid of regarding promised platform crossing ability.
So either porting to a new Android version which probably will not be very new (low RAM) or making custom Linux which is anything but user friendly?
Edit: Scratch that question about Linux and the app OP mentioned! I just realize that there is no Linux Kindle app. It could be used through Wine and such witchcraft but that is stupid way of doing things on this device. Better option is to use it on PC and then pass it on to NST using Calibre IMHO. SSL/TLS although remains as weak spot for the time being. Oh well... If that issue with certificates get somehow fixed maybe Kindle cloud reader from browser could reclaim at least part of functions of dedicated Kindle app.
For what its worth I recently got a NST and managed to get the kindle app running this morning. I upgraded to FW 1.2.2, rooted with Nook Manager, and installed the app with adb. The sticking point for me was that I had to go into my Amazon account and disable two-factor authentication. When I tried to log in with the app it still gave the bad password error, and Amazon still sent a text message with an OTP, and that let me log in. This same process DID NOT work if I had two-factor auth turned on in my Amazon account.
I don't understand why they still sent an OTP when two-factor auth is turned off, but they did, and it worked.
wrexroad said:
For what its worth I recently got a NST and managed to get the kindle app running this morning. I upgraded to FW 1.2.2, rooted with Nook Manager, and installed the app with adb. The sticking point for me was that I had to go into my Amazon account and disable two-factor authentication. When I tried to log in with the app it still gave the bad password error, and Amazon still sent a text message with an OTP, and that let me log in. This same process DID NOT work if I had two-factor auth turned on in my Amazon account.
I don't understand why they still sent an OTP when two-factor auth is turned off, but they did, and it worked.
Click to expand...
Click to collapse
Wow! This is very good news. I'll give it a try tomorrow on a fresh system and see if I can get it to work.
Did you by any chance go back and turn on the two-factor login and see if the app still connected after first initializing it?
nmyshkin said:
Wow! This is very good news. I'll give it a try tomorrow on a fresh system and see if I can get it to work.
Did you by any chance go back and turn on the two-factor login and see if the app still connected after first initializing it?
Click to expand...
Click to collapse
Yes, I should have mentioned that. I re-enabled two-factor and downloaded a book to test, everything worked fine. I'm currently using this (https://forum.xda-developers.com/t/app-eink-friendly-amazon-kindle-3-2-0-35.2024062/) version of the app, but I don't think it should matter much.
wrexroad said:
Yes, I should have mentioned that. I re-enabled two-factor and downloaded a book to test, everything worked fine. I'm currently using this (https://forum.xda-developers.com/t/app-eink-friendly-amazon-kindle-3-2-0-35.2024062/) version of the app, but I don't think it should matter much.
Click to expand...
Click to collapse
Excellent. As I expected based on legacy installs continuing to work, once the credentials are on the device, you're good to go whether you use single or two factor login after.
I had a password issue with Amazon awhile back and I'll bet that's where the problem originated. When I changed my password, authentication must have gone to two-factor. I need to check that, but I'm pretty sure that's it. What great news! Back to seamless library book checkout and download, all on the device!
BTW, the version of the app you mention is the only one that works (again!) on the NST.
Something is weird on the Amazon side right now. Even though two factor was turned off, they still sent the OTP. The only difference is that it actually worked when two-factor was disabled, but didn't work when it was enabled. Very strange.
wrexroad said:
Something is weird on the Amazon side right now. Even though two factor was turned off, they still sent the OTP. The only difference is that it actually worked when two-factor was disabled, but didn't work when it was enabled. Very strange.
Click to expand...
Click to collapse
Mmm... I'm glad you posted this before I started testing. I have two NSTs with working Kindle apps right now and I don't want to trash those while tracking down the "solution". I need to think about how I'm going to approach this.
OK, I think my last message was a little unclear.
What I meant was that with two-factor enabled you are supposed to be able to log in with a legacy device, have it give you a password error, receive an OTP via text or email, then use the OTP to actually log in. However, this does not work when two-factor is enabled.
What does work is first disabling two-factor auth, then trying to log in. You will still get a password error, they will still send you an OTP and the OTP will now let you log in and register the device.
This is what I meant when I said something was weird, when two-factor is disabled they shouldn't even be sending you an OTP. It's like disabling two-factor makes it work correctly, rather than turning it off.
To be absolutely clear, once I registered the app, I was able to download a book when two-factor was either on or off. The only thing that was affected was the ability to do the initial sign in.
wrexroad said:
OK, I think my last message was a little unclear.
What I meant was that with two-factor enabled you are supposed to be able to log in with a legacy device, have it give you a password error, receive an OTP via text or email, then use the OTP to actually log in. However, this does not work when two-factor is enabled.
What does work is first disabling two-factor auth, then trying to log in. You will still get a password error, they will still send you an OTP and the OTP will now let you log in and register the device.
This is what I meant when I said something was weird, when two-factor is disabled they shouldn't even be sending you an OTP. It's like disabling two-factor makes it work correctly, rather than turning it off.
To be absolutely clear, once I registered the app, I was able to download a book when two-factor was either on or off. The only thing that was affected was the ability to do the initial sign in.
Click to expand...
Click to collapse
OK, that's what I had hoped for and expected since my two working installs were made before my auth. got changed to two-factor. With really old apps you never quite know how server negotiation is going to evolve.
I hope to give it a try later today.
wrexroad said:
To be absolutely clear, once I registered the app, I was able to download a book when two-factor was either on or off. The only thing that was affected was the ability to do the initial sign in.
Click to expand...
Click to collapse
When I went to my Amazon account it seemed like 2SV was not enabled, by which I mean that clicking on "edit" for the settings generated an email which contained a link that took me to a page with a button that said "Get Started".
I didn't pursue this. I didn't see anything about turning it off--or should I have gone farther along?
That's odd, it does sound like it's not turned on... If you didn't have other devices that you were worried about I would say that you should just turn it on then try to log in. If that doesn't work, turn it off and try again. I think the risk is minimal, but clearly there is something different about your account, so it's up to you.
wrexroad said:
That's odd, it does sound like it's not turned on... If you didn't have other devices that you were worried about I would say that you should just turn it on then try to log in. If that doesn't work, turn it off and try again. I think the risk is minimal, but clearly there is something different about your account, so it's up to you.
Click to expand...
Click to collapse
Yeah, this is not working for me. I looked at the 2SV stuff again this morning and thought, "well, I'll just set it up and then disable it". Except I don't own a mobile phone (no, truly, just an emergency ancient (non-text message) device I keep in my glove compartment), and the QR thingy woud do me no good with the NST. So I'm cooked.
Despite apparently not having 2SV set up, now I can't even generate an OTP email when I try to login with the Kindle app. But my two working installations continue to function. Puzzlement.
Edit: I had a friend with a mobile phone help me out. So I finally got to where I could "disable" 2SV. But it made no difference. Still can't log in or even generate an OTP email by trying to log in. I'm glad this worked for you and I'd like to think it might work for others, but alas my account appears to be "special".
Edit-Edit: Yeehaw! It took a lot of fumbling for me with the unwieldy password I had to recreate in the near past, but by clearing the dalvik cache and making sure that 2SV was actually listed as "disabled" at Amazon, I was finally able to log in a new installation!!! Now I don't have to run a "clone" of another device on this particular NST. Thank you, @wrexroad, for taking the time to look into this and communicate your findings. One big step back from the brink for the Kindle app
That's awesome, I'm glad you got it running! In the future, if you need to get a password via text, you can use a temporary number here: https://sms24.me/en/countries/us/
Hey folks,
I just stumbled into this NST world and want to share my experience with the Kindle app. I'm on FW 1.2.2, and used NookManager to root. I replaced the certs file as recommended in another thread. Once I was ready to login, I enabled 2fa on my Amazon account in a browser. The instructions there clarified that I would need to use PASSWORD+OTP when registering my device. Previously I had tried only the OTP, or only my normal passwrord, but those failed. Appending the OTP to my password, I was able to login.
Hope that helps anyone else who has reached this point.