Convert Figma logo to code with AI

google logogoogle-authenticator-android

Open source fork of the Google Authenticator Android app

1,610
472
1,610
41
View on GitHub

Top Related Projects

google's avatar

google-authenticator

5,203

Open source version of Google Authenticator (except the Android app)

andOTP's avatar

andOTP

3,753

[Unmaintained] Open source two-factor authentication for Android

Quick Overview

The Google Authenticator Android app is an open-source project that provides two-factor authentication (2FA) functionality for Android devices. It allows users to generate time-based one-time passwords (TOTP) that can be used to secure their online accounts, adding an extra layer of security beyond just a username and password.

Pros

  • Secure Authentication: The app uses the TOTP standard, which is a widely-accepted and secure method for two-factor authentication.
  • Cross-Platform Compatibility: The Google Authenticator app is compatible with various online services and websites that support the TOTP standard.
  • Open-Source: The project is open-source, allowing for community contributions and transparency.
  • Offline Functionality: The app can generate TOTP codes without an internet connection, making it a reliable 2FA solution.

Cons

  • Limited Features: The app is relatively basic, with a focus on the core 2FA functionality. Some users may desire more advanced features or customization options.
  • Dependency on Google: The app is developed and maintained by Google, which may be a concern for users who prefer more independent or decentralized solutions.
  • Potential Privacy Concerns: As a Google-developed app, there may be some privacy concerns around data collection and usage.
  • Lack of Backup/Restore: The app does not provide a built-in mechanism for backing up or restoring 2FA accounts, which can be a concern if a user's device is lost or replaced.

Code Examples

Adding a New Account

// Create a new account
GoogleAuthenticatorKey key = GoogleAuthenticatorManager.getNewKey("example_account");

// Display the QR code or secret key to the user
String qrCodeUrl = key.getQrCodeUrl();
String secretKey = key.getKey();

Verifying a TOTP Code

// Get the user-provided TOTP code
String userCode = "123456";

// Verify the code against the stored account
boolean isValid = GoogleAuthenticatorManager.verifyCode("example_account", userCode);

Handling Account Deletion

// Remove an account
GoogleAuthenticatorManager.deleteKey("example_account");

Handling Account Backup/Restore

// Export account data
String backupData = GoogleAuthenticatorManager.getQRBarcodeURL("example_account");

// Import account data
GoogleAuthenticatorKey key = GoogleAuthenticatorManager.getKeyFromQRBarcodeURL(backupData);

Getting Started

To use the Google Authenticator Android app, follow these steps:

  1. Install the app from the Google Play Store or download the APK from the project's GitHub repository.
  2. Open the app and tap the "+" button to add a new account.
  3. Scan the QR code or manually enter the secret key provided by the service you want to secure with 2FA.
  4. The app will now display a TOTP code that you can use to authenticate your login.
  5. When logging in to the service, enter the TOTP code displayed in the app to complete the two-factor authentication process.

Note that the app also supports manual entry of account details, allowing you to add accounts without scanning a QR code.

Competitor Comparisons

google logo

google-authenticator

5,203

Open source version of Google Authenticator (except the Android app)

Pros of google/google-authenticator

  • Supports multiple platforms, including iOS and web-based applications, in addition to Android.
  • Provides a more comprehensive set of features and functionality compared to the Android-specific repository.
  • Includes support for multiple authentication methods, such as TOTP and HOTP.

Cons of google/google-authenticator

  • The codebase may be more complex and less focused on the specific needs of Android developers.
  • The documentation and resources may be less tailored to the Android platform compared to the dedicated Android repository.
  • The development and maintenance of the project may be more distributed across multiple platforms, potentially leading to slower response times for Android-specific issues.

Code Comparison

google/google-authenticator:

public static String generateQRCode(String secret, String account, String issuer) {
    String format = "otpauth://totp/%s?secret=%s&issuer=%s";
    return String.format(format, account, secret, issuer);
}

google/google-authenticator-android:

public static String getQRBarcodeURL(String secret, String accountName, String issuerName) {
    String format = "otpauth://totp/%s?secret=%s&issuer=%s";
    return String.format(format, Uri.encode(accountName), secret, Uri.encode(issuerName));
}

The main difference between the two code snippets is the use of Uri.encode() in the google/google-authenticator-android version to handle special characters in the account name and issuer name. This is likely a platform-specific optimization to ensure the QR code URL is properly formatted for the Android platform.

andOTP logo

andOTP

3,753

[Unmaintained] Open source two-factor authentication for Android

Pros of andOTP/andOTP

  • Open-Source: andOTP is an open-source project, allowing for community contributions and transparency.
  • Backup and Restore: andOTP provides the ability to backup and restore your 2FA accounts, ensuring data portability.
  • Biometric Authentication: andOTP supports biometric authentication, such as fingerprint or face recognition, for added security.

Cons of andOTP/andOTP

  • Limited Platform Support: andOTP is primarily focused on Android, while google/google-authenticator-android is available on both Android and iOS.
  • Fewer Integrations: google/google-authenticator-android may have a broader range of service integrations compared to andOTP.

Code Comparison

Here's a brief code comparison between the two projects:

google/google-authenticator-android

public static String getQRBarcodeURL(String secret, String account, String issuer) {
    return "otpauth://totp/"
            + (issuer != null ? issuer + ":" : "")
            + account
            + "?secret="
            + secret
            + "&issuer="
            + (issuer != null ? issuer : "");
}

andOTP/andOTP

fun generateOtpAuthUri(secret: String, accountName: String, issuerName: String?): Uri {
    val builder = Uri.Builder()
        .scheme("otpauth")
        .authority("totp")
        .path("/$accountName")
        .appendQueryParameter("secret", secret)
        .appendQueryParameter("issuer", issuerName)
    return builder.build()
}

Both projects provide similar functionality for generating the QR code URL used to set up 2FA accounts, but the implementation details differ due to the language differences (Java vs. Kotlin) and the specific design choices of each project.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Google Authenticator for Android (Open Source Version)

This project is an open source fork of the Google Authenticator Android app on the Play Store. While this fork is open source, the official version of the app still remains proprietary. There is no guarantee that the open source repository will receive any changes made upstream (or vice versa).

Google Authenticator generates 2-Step Verification codes on your phone.

2-Step Verification provides stronger security for your Google Account by requiring a second step of verification when you sign in. In addition to your password, you’ll also need a code generated by the Google Authenticator app on your phone.

Learn more about 2-Step Verification: https://g.co/2step

Features:

  • Generate verification codes without a data connection
  • Google Authenticator works with many providers & accounts
  • Dark theme available
  • Automatic setup via QR code

Disclaimer: This open source fork of Authenticator is not an officially supported Google product.

Description

The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a Pluggable Authentication Module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth).

  • This project contains the Android app. All other apps and the PAM module are hosted in separate projects.

  • The Android implementation supports the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238.

  • By design, there are no account backups in any of the apps.

Further documentation is available in the Wiki.

Installation

The APKs for the official version and the open source version of Authenticator are hosted separately. Installing the app should be as simple as downloading the APK from your desired source.

Official Google Build

You can install the official (proprietary) version of Google Authenticator from the Google Play Store.

Open Source Version

The easiest way to install the open source flavor of Authenticator is to download the latest version of the APK from the releases page from the GitHub repository. To build the APK from the source code, see the section about building from source.

Developer Guide

Interested in developing with Authenticator? Instructions to get started are below. Please be sure to review the Contributor Guide and the Code of Conduct if you would like to contribute to this repository.

Prerequisites

Google Authenticator is built with Bazel. To install Bazel on your machine, follow the installation instructions provided in the official Bazel documentation. You can download the appropriate versions of the Android SDK and Build Tools via the Android SDK Manager.

Building from Source

  1. Clone the repository.

    git clone https://github.com/google/google-authenticator-android.git
cd google-authenticator-android

  2. Set the ANDROID_HOME environment variable to the path of your Android SDK, or hardcode the value into the WORKSPACE file.

    export ANDROID_HOME="/path/to/sdk"
# or
$EDITOR WORKSPACE

  3. Build the APK with Bazel. The APK build target is at //java/com/google/android/apps/authenticator. If you already have an emulator running or device attached to your machine, you can use the mobile-install Bazel directive to put the app directly on your Android device. Otherwise, build the APK normally and install it on your device via adb.

    bazel mobile-install //java/com/google/android/apps/authenticator
# or
bazel build //java/com/google/android/apps/authenticator \
  && adb install -r -d bazel-bin/java/com/google/android/apps/authenticator/authenticator.apk

Running Tests

Running the tests for Authenticator requires additional prerequisites described in the android_instrumentation_test documentation. Most notably, at the moment, tests can only be run on Linux. There is an open tracking issue for adding test support to other operating systems. Please file Bazel-related issues against the Bazel repository instead of this repository.

Running tests also requires the appropriate Android emulator images to be installed (depending on the specific test target). You can download any necessary images from the AVD Manager.

Test Targets

All test targets can be found under the javatests/ directory.

bazel test //javatests/...

Test Configs

By default, all tests will be run on a headless emulator. To see the Android device running the test, or to run tests on a specific device or emulator, specify the value of the config flag in the Bazel test command to be one of headless, gui, or local_device.

# Run headless tests (default)
bazel test --config=headless //javatests/com/google/android/apps/authenticator:authenticator_instrumentation_tests-19

# Run tests on an ephemeral emulator that displays the GUI
bazel test --config=gui //javatests/com/google/android/apps/authenticator:authenticator_instrumentation_tests-19

# Run tests on an emulator or attached device
bazel test --config=local_device //javatests/com/google/android/apps/authenticator:authenticator_instrumentation_tests-19

WARNING: Running tests on a real device may delete your preexisting OTP seeds. Do it at your own risk. If you must run tests on a real device, it is recommended to use a test device that doesn't hold important data.

License

Copyright 2019 Google LLC

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.