Skip to content

2FA authenticator application based on Google Authenticator Android App and SQLCipher

License

Notifications You must be signed in to change notification settings

Jiawen-Zhang/ExtraSecure

Repository files navigation

ExtraSecure Authenticator for Android

This project is an open source fork of the Google Authenticator Android app on the Play Store. While this fork is open source, the official version of the app still remains proprietary. There is no guarantee that the open source repository will receive any changes made upstream (or vice versa).

This repo includes a vulnerability-mitigated authenticator based on Google Authenticator, which mitigated some known issues of Google Authenticator.

Google Authenticator generates 2-Step Verification codes on your phone.

2-Step Verification provides stronger security for your Google Account by requiring a second step of verification when you sign in. In addition to your password, you’ll also need a code generated by the Google Authenticator app on your phone.

Learn more about 2-Step Verification: https://g.co/2step

Features:

  • Generate verification codes without a data connection
  • Google Authenticator works with many providers & accounts
  • Dark theme available
  • Automatic setup via QR code

Disclaimer: This open source fork of Authenticator is not an officially supported Google product.

Description

The ExtraSecure Authenticator is developed based on Google Authenticator project, which includes implementations of one-time passcode generators for several mobile platforms, as well as a Pluggable Authentication Module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth).

  • This project contains the Android app. All other apps and the PAM module are hosted in separate projects.

  • The Android implementation supports the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238.

  • By design, there are no account backups in any of the apps.

Further documentation is available in the Wiki.

Installation

Installing the app should be as simple as installing the APK from this repo.

Developer Guide

Interested in developing with Authenticator? Instructions to get started are below. Please be sure to review the Contributor Guide and the Code of Conduct if you would like to contribute to this repository.

Prerequisites

Google Authenticator is built with Bazel. To install Bazel on your machine, follow the installation instructions provided in the official Bazel documentation. You can download the appropriate versions of the Android SDK and Build Tools via the Android SDK Manager.

Building from Source

  1. Clone the repository.

    git clone https://github.com/google/google-authenticator-android.git
    cd google-authenticator-android
  2. Set the ANDROID_HOME environment variable to the path of your Android SDK, or hardcode the value into the WORKSPACE file.

    export ANDROID_HOME="/path/to/sdk"
    # or
    $EDITOR WORKSPACE
  3. Build the APK with Bazel. The APK build target is at //java/com/google/android/apps/authenticator. If you already have an emulator running or device attached to your machine, you can use the mobile-install Bazel directive to put the app directly on your Android device. Otherwise, build the APK normally and install it on your device via adb.

    bazel mobile-install //java/com/google/android/apps/authenticator
    # or
    bazel build //java/com/google/android/apps/authenticator \
      && adb install -r -d bazel-bin/java/com/google/android/apps/authenticator/authenticator.apk

Running Tests

Running the tests for Authenticator requires additional prerequisites described in the android_instrumentation_test documentation. Most notably, at the moment, tests can only be run on Linux. There is an open tracking issue for adding test support to other operating systems. Please file Bazel-related issues against the Bazel repository instead of this repository.

Running tests also requires the appropriate Android emulator images to be installed (depending on the specific test target). You can download any necessary images from the AVD Manager.

Test Targets

All test targets can be found under the javatests/ directory.

bazel test //javatests/...

Test Configs

By default, all tests will be run on a headless emulator. To see the Android device running the test, or to run tests on a specific device or emulator, specify the value of the config flag in the Bazel test command to be one of headless, gui, or local_device.

# Run headless tests (default)
bazel test --config=headless //javatests/com/google/android/apps/authenticator:authenticator_instrumentation_tests-19

# Run tests on an ephemeral emulator that displays the GUI
bazel test --config=gui //javatests/com/google/android/apps/authenticator:authenticator_instrumentation_tests-19

# Run tests on an emulator or attached device
bazel test --config=local_device //javatests/com/google/android/apps/authenticator:authenticator_instrumentation_tests-19

WARNING: Running tests on a real device may delete your preexisting OTP seeds. Do it at your own risk. If you must run tests on a real device, it is recommended to use a test device that doesn't hold important data.

License

Copyright 2019 Google LLC

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

About

2FA authenticator application based on Google Authenticator Android App and SQLCipher

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published