Cannot connect: GooglePlayException Server Error

[doragasu]

I cannot get YalpStore to work on a Nexus 5 (hammerhead). I tried ROMs NitrogenOS and DarkROM. Same behaviour with both:
1.- I open a freshly installed Yalp Store. A toast message appears with "com.github.yeriomin.play.storeapi.GooglePlayException Server Error"
2.- Then the only options I get are trying to login using a fake account or using my own account. If I try login again with the fake account, the error repeats.

I cannot access settings since the login popup is modal. Note I am running MicroG and all seelf-checks are passing (I don't know if this matters, I write it just in case). I have also previously installed exactly the same configuration with a NitrogenOS ROM on a Nexus 4 (mako) and everything worked flawlessly (and is working flawlessly as of today).

Is this a bug or am I missing something.

[agru]

I can confirm the same problem with a current LineageOS. A friend of mine told me this problem and I looked on my own device. First everything seemed to be fine ... but when I logged of and tried to get in again, I had exactly the same problem - "com.github.yeriomin.play.storeapi.GooglePlayException Server Error". Since that, I am not able to access again.

[halwa]

Can also confirm, I get the same error message on a fresh install of AOSP Extended with NanoMod/MicroG.

[Locash]

Confirmed. I am able to login with my OWN dummy Google account but the yalp fake account is no longer working.
I would suggest that in the meantime, a person create a NEW Google account on a web browser--->use it to login to the playstore website---->login to YALP with said new login.

[Yetangitu]

Confirmed on a Teclast X80 Pro with bowdlerized stock OS (minus the Google bits).

[ttobsen]

I can also confirm, using a Fairphone 2 with Fairphone open 17.10.1 OS.

[wigy-opensource-developer]

I was waiting for 0.27 on F-Droid and was disappointed to see that fake login does not work on the new token dispensers either. The 1st call choosing the account succeeds with HTTP 200, but the second call getting a token fails with 403:

10-09 20:26:35.522 I/com.github.yeriomin.yalpstore.NativeHttpClientAdapter(3471): Requesting http://route-play-store-token-dispenser.1d35.starter-us-east-1.openshiftapps.com/token-ac2dm/email/yalp.store.user.one%40gmail.com

After that the authentication fails on the Play Store. Do we have some hope to get back the token dispenser to work soon?

[tkosamja]

Another confirmation here. I kept getting this error for some days. Tried reinstalling the app but the error persists. Now, when I try to log in with a fake account the app just crashes. I am using LineageOS.

[temtemy]

Same here using the latest build of Resurrection Remix 5.8.5 running in Samsung Galaxy S3. The same error appeared before version 0.26, but at 0.27 a different error appeared, and I will report that as a new issue.

[agru]

Yesterday, an update of Yalp was available via F-Droid. After installation of Yalp Store in version 0.27, the "com.github.yeriomin.play.storeapi.GooglePlayException Server Error" went away.

First I was happy, but then I had to see, that the Yalp Store fake account for Google does not work. The error message says that the e-mail-address or the password is wrong :-(

[temtemy]

@agru That's exactly what happened to me at #299

[yeriomin]

@doragasu @agru @halwa @Locash @Yetangitu @temtemy @ttobsen @wigy-opensource-developer

Built-in account needs a certain web service to function: a play store auth token dispenser. I have deployed one in January on a free hosting. But that hosting was turned off on 30 of September. After that I deployed another token dispenser on an alternative hosting of the same company and tagged the 0.27 version. The new token dispenser worked for a couple of days and then stopped returning tokens (well it still works, but it returns tokens for ~5% of requests). I deployed several more dispensers on different hostings in different countries. Some worked and some didn't. I still don't know the exact reason why this happens. Considering that they are exact clones, the problem is not with the token dispenser. Google might be blocking them by their address. Some dispensers don't work from the start, though.

I'll add two more dispensers into version 0.28, but there is no guarantee they won't stop working after some time. I might have to remove the built-in account feature from Yalp Store if I don't find a stable solution.

[Yetangitu]

Is there any way to run a token dispenser yourself? Where is the code for those dispensers? Maybe this function could be outsourced to (shudder) 'the cloud', namely those yalp-users who have access to their own servers.

[yeriomin]

@Yetangitu

Is there any way to run a token dispenser yourself? Where is the code for those dispensers?

Yes. There is a link in the previous comment: https://github.com/yeriomin/token-dispenser. Some people have been using it for some time.

outsourced to (shudder) 'the cloud'

It can. It has been running in redhat "cloud" this whole time. "Cloud" is not a technical term, it is a marketing term. It is just a bunch of servers doing stuff they've been doing for several decades now.

yalp-users who have access to their own servers.

This would help (technically), but trust is a big issue for Yalp Store users. They are not going to like random requests to random unknown servers. For the user it would be easier to just register a throwaway account than bother with learning what a token dispenser is.

[Yetangitu]

Ah, that link in the post above, I missed it when I posted my previous message.

If 'cloud' wasn't buzzwordy enough may I suggest handing out tokens through a blockchain? Add that feature and VC's will be knocking on your door with fat wads of (traditional) cash in their hands.

Trust might be an issue but from what I gather all this token dispenser does is, well, dispense tokens for 'fake' Google accounts so Yalp can download apks. As long as Yalp is able to handle whatever a site throws at it when it requests a token the only potential problem would be that the user gets a non-functional token. Active token dispensers could be announced through a distributed hashtable.

Or maybe those token dispensers could be replaced altogether by a DHT, it is a key/value store after all.

[tkosamja]

Working after upgrade.

[onyxbits]

@yeriomin
I never understood why you implemented this token dispenser in the first place. I had the same idea for Raccoon, but dropped it immediately:

• It can't be done legally. The TOS doesn't allow account sharing and you generally can't accept contracts on other people's behalf to begin with. Google also has every interest of enforcing the one "person per account" rule since their (ad) business rides on learning people's habbits/preferences.
• The token grants access to way more than just app search/download. Basically you provided an infrastructure, spammers could take advantage of, in addition to enabling the whole world to mess with your accounts. There's plenty of opportunity here to bring the banhammer down on your accounts.
• The dispenser gives tokens to anyone who asks. That means the same account might be used from america, europe, asia and australia at the same time. It follows that the account is going to be flagged for theft and gets disabled.

[yeriomin]

@onyxbits

It can't be done legally.

Since any access to Play Store using a non-official client is illegal, it doesn't matter.

bring the banhammer down on your accounts
the account is going to be flagged for theft and gets disabled.

Doesn't matter either. Token dispenser's goal is to give out tokens without sharing passwords with the world. Those accounts are expendable.

infrastructure, spammers could take advantage of

The target is too small to overtake them manually and too specific to do it automatically. Not worth the effort.

Token dispenser has two advantages:

1. For people who just want to search and download apps quickly: it lets them skip typing their account info.
2. For people who don't trust apps which ask for their account info or people who want to be (a bit more) anonymous: it lets them use another persons account.

@Yetangitu

handing out tokens through a blockchain
DHT

There is no problem with transmission, the problem is with generation. Also, token dispenser is supposed to be simple wrapper around the play store api library.

[onyxbits]

@yeriomin

Since any access to Play Store using a non-official client is illegal, it doesn't matter.

Ouch!

• First of all, something is illegal if it breaks a law, not a contract.
• Whether or not the use of non-official clients is allowed depends on the definition of the word "interface" in the Play TOS. The only reasonable understanding of the word is "ProtoBuf via HTTPS" (the official client is not an interface, it is the implementation of an interface. "Interface" always means an abstract definition, a standard, that can have multiple implementations - mind that the TOS uses the term "interface" in the singular, but you can access Play via web and app).
• Stating that it doesn't matter that you do illegal thing B, because you already do illegal thing A is a poor justification. It's like saying: "I already stole this car, it doesn't matter if I run over someone with it now". As far as the justice system is concerned, you'll be tried for two different crimes, not for being a bad person overall.
• Reread the previous two points I made. Your problem is that Google will have a hard time taking legal actions against you for developing Yalp Store. With the token dispenser, however, you cannot reasonably deny that you created the accounts and therefore accepted the TOS with the intent to violate it in potentially hundreds of cases (Google will have no trouble finding all the accounts. All the have to do is ask the dispenser repeatedly).
• The difference between offering an APK downloader and a Token dispenser is that the first helps Google's business interests (gets people back into the platform which are otherwise barred for marketing reasons). The second runs counter to Google's business interest (shared accounts can't be profiled).

What I'm saying here is that legally, you are leaving yourself wide open and giving Google a reason to come after you. It's probably not a big risk, naturally your choice, but I wouldn't do it. At least not without putting an Ltd. as a legal shield between me and Google.

The target is too small to overtake them manually and too specific to do it automatically. Not worth the effort.

Ouch (again)!

• "I'm too small to be a target" really is not the right approach towards system security (trust me on this, I have seen it going wrong too many times).
• The token is a session cookie, not a per request permission. It can be reused multiple times.
• Spammers taking advantage is just one example for why accounts might get disabled. And this whole thread is about the fact that you have problems with accounts getting shut off. What you are dismissing so easily here is an analysis of potential causes.

[matlink]

@yeriomin I found something interesting. using application password for your built-in accounts seems to handle this server error. to use application password from google settings, you have to first enable 2FA

[yeriomin]

@onyxbits

Ouch!

...What kind of emotion is that supposed to convey? =)

Anyway, thank you for your concern.

something is illegal if it breaks a law, not a contract.

That means there is nothing to worry about. I don't value my google account that much. It's not a crime to break a TOS. Even if it suddenly becomes a crime, I am not in "jurisdiction of the courts located within the county of Santa Clara" or anywhere close. If I was in the US or EU I wouldn't even be developing Yalp Store or at least would not link my real name to it.

Whether or not the use of non-official clients is allowed depends on the definition of the word "interface" in the Play TOS.

I don't think the technical meaning of the word "interface" would be used in a legal document. So, "interface that is provided by Google" refers to the Play Store app and the Play Store web site.

Actually, the reason Yalp Store (or Raccoon) breaks ToS (in my opinion) is the next sentence in that paragraph:

You specifically agree not to access (or attempt to access) Google Play through any automated means (including use of scripts, crawlers, or similar technologies)

I already stole this car, it doesn't matter if I run over someone with it now

That's accurate. But when I steal a car I go to jail and when I break Google ToS I lose the ability to upload my app to Play Store and lose my account at most.

APK downloader ... helps Google's business interests

Since it does not let people buy anything and doesn't show ads (aka "Similar apps" and so on) I wouldn't say it is any better or worse than a token dispenser. Token dispenser also gets people back into the platform by the same logic. Both are breaking ToS.

The main purpose of ToS is to be very clear about what and when the user can demand. The ToS ensures that if the user uses a third-party client, that user cannot hold Google accountable if anything doesn't work. ToS does not say anything about prosecuting the user.

you are leaving yourself wide open and giving Google a reason to come after you

For breaking which law? Going against Google's business interests or breaking ToS does not translate into a crime.

Ltd.

My country does not have anything similar.

"I'm too small to be a target" really is not the right approach towards system security

Since there is almost nothing to protect, security is not important. The only thing token dispenser is supposed to protect is my time. Without it I would have to put username/password pairs into Yalp Store code. It would work. But it would be vulnerable to pranks - people would change the password just because they can.

Spammers taking advantage is just one example for why accounts might get disabled.

This is not the reason.

this whole thread is about the fact that you have problems with accounts getting shut off

I'm not dismissing anything. Since token dispensers deployed on different hostings either work or do not, the problem is with the address, not individual accounts. Tokens are generated properly for the same accounts on other addresses.

@matlink That's interesting. I found a different solution, but will definitely try out yours. Thank you.

[yeriomin]

Judging by the amount of bug reports, this issue appears to be mostly fixed. The token dispensers are working.