Skip to content

Cannot Revoke SMS Backup+ Access #369

Closed
arnav7 opened this Issue Sep 9, 2013 · 5 comments

3 participants

@arnav7
arnav7 commented Sep 9, 2013

I used SMS Backup+ to backup SMS from an older phone (thanks!) however I am not able to revoke its access now.

  1. In https://accounts.google.com/IssuedAuthSubTokens I do not see a token listed.
  2. Uninstalling the app and clearing its data is not effective.
  3. Restarting the phone is not effective.

Nexus S 4.04

What gives?

Thanks

@v173k
v173k commented Jan 26, 2014

I am having the same issue. Went to https://accounts.google.com/IssuedAuthSubTokens but I do not see a token listed for SMS Backup.

Infact I revoke all other all other services and apps. An SMS Backup is still able to connect to my account.

Thanks

@v173k
v173k commented Jan 26, 2014

Maybe this explains why this is happening: http://stackoverflow.com/questions/6852256/how-do-you-force-accountmanager-to-show-the-access-request-screen-after-a-user/6852274

Also reinstalling the app doesn't seem to help either.

@v173k
v173k commented Jan 27, 2014

Ok just to document this report a bit better here are my details:
1. Phone Used: Samsung Galaxy S2 - SGH-T989 (Android Jelly bean version 4.1.2 / Baseband version T989UVMC6)
2. SMS Backup+ Version: 1.5.5
3. Authentication method: Gmail XOauth
4. Firewall used: AFWall+ / iptables (granted access to SMS Backup+)

The first time SMS Backup+ I clicked "Connect" and a Application Manager prompt came up asking to confirm access of gmail account by SMS Backup (Note: no browser was brought up for authorization). The prompt is similar to this: (https://developers.google.com/google-apps/tasks/images/Android_Auth_Dialog.png)

Everything works great. SMS Backup is able to backup SMS and call logs.

On checking https://accounts.google.com/IssuedAuthSubTokens I see a number of Revokable apps/services none of which are SMS Backup+

Un-checking and rechecking the "Connect" option in SMS Backup+ does not revoke the permission/token either i.e. it doesn't not request a further re-authorization from Application Manager and already seems to have access to gmail IMAP.

Let me know if further info is needed
Thanks

@v173k
v173k commented Jan 28, 2014

Ok figured out a solution after doing a lot of study and trial and error. Its a pretty UGLY solution/hack and I would not recommend it unless your a little crazy like me :P . Its also a good idea to make a complete backup of your phone (maybe a nandroid backup) before doing this.

I hope this will be usefull to the developer to come up with a better solution. It turn out that at least on my phone the account manager is the one granting permission to apps and so it is not possible to Revoke the permission from https://accounts.google.com/IssuedAuthSubTokens

WARNING!!!: USE THE METHOD BELOW AT YOUR OWN RISK....BAD THINGS MAY HAPPEN!!!

Note: You need ROOT access on your phone for this :(

a. Freeze "Google Account Manager" using Titanium Backup (It maybe possible without doing this but it eliminates the chance of corrupting the accounts database ... maybe)

b. Using a Root File manager (example ES File Explorer) copy the database /data/system/users/0/accounts.db and its journal file "account.db-journal" to SDCard

c. Using a sqlite3 editor (eg: SQlite Debugger from the Google Play Store) search for the entry for the app in the extras table of the account.db. Do this by opening account.db in Sqlite debugger. Then use the following commands:

select * from extras where key like '%mail.google.com%'

That should give you a list of entries like this (I have modified following so they are representative only):

_id,accounts_id,key,value
100,1,'perm.1234567890123456789012345678901234567890.oauth2:https://mail.google.com/','1');
101,1,'EXP:1234567890123456789012345678901234567890:oauth2:https://mail.google.com/','1234567890');
102,1,'perm.com.zegoggles.smssync:1234567890123456789012345678901234567890:oauth2:https://mail.google.com/','1');
103,1,'EXP:com.zegoggles.smssync:1234567890123456789012345678901234567890:oauth2:https://mail.google.com/','1234567890');

d. You need to delete the entries corresponding to sms backup in the "extras" table of account.db so make a note of the _id numbers listed above (i.e. 100, 101, 102 and 103)

e. Now delete the rows using the following commands and then COMMIT changes:

delete from extras where _id = 100
delete from extras where _id = 101
delete from extras where _id = 102
delete from extras where _id = 103

f. Copy and replace the modified account.db and account.db-journal to its original location (Make a note of the permissions on original files first!!!)

g. Change permissions and ownership of the files to original in my case this was as shown:
Change permissions to rw- for "owner" and "group" and --- or none for "other".
Also change "owner" and "group" ownershp to "system".
(This can be done in ES file manager)

h. Restart the android device.

i. Check if the permission were revoked.

@jberkel
Owner
jberkel commented Nov 21, 2014

wow, this is crazy. don't think it's the apps responsiblity though

@jberkel jberkel closed this Nov 21, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.