[com.google.android.youtube] Video playback fails with HTTP error code 403

[oSumAtrIX]

Affected app

Name: YouTube
Package id: com.google.android.youtube

Update

The issue is worked around by modifying YouTube to spoof the client according to TeamNewPipe/NewPipe#9038 (comment).

Update 2

• The workaround is being patched currently
• POST request GetPoIntegrityTokenRequest returns no GetPoIntegrityTokenResponse body  #2253 likely causes this issue (Modifying the API request that leads to 403 streams by replacing the error message with valid PoIntegrityToken bytes successfully solves the issue)

To Reproduce

1. Make sure you are using the latest version of MicroG on the master branch
2. Install YouTube and login
3. Video fails to buffer after a minute

Expected behavior

The video is expected to load.

System

Android 14, MicroG GmsCore (spoofed correctly)

Outdated/ Unrelated context

Additional context

• Videos fail to play the requested video when POSTing to /videoplayback. This endpoint returns 403. The request itself did not yield anything useful when skimmed over. The payload is protobuf encoded and some data is likely hashed. No helpful information was inferred from the URL queries or request headers. I also imagine this issue's origin can come from a completely unrelated request (for example, for token exchange and use in /videoplayback).

• This issue is ONLY reproducible on certain accounts in certain regions due to A/B testing, but expected to roll out globally. I have been able to reproduce this issue with multiple people's devices and ROMs (by using the same affected account), but many people reported this issue on their own accounts as well. On r/revancedapp some references can be found here: #1, #2.

  Note: The YouTube app including MicroG was altered so they can work on stock ROMs, but the issue does not originate from the changes. because we were able reproduce this on the regular YouTube app and on the regular version of MicroG on different custom ROMs.

  An additional confirmation this issue is unrelated to the modifications on YouTube or MicroG is that when the modified app is altered back to use Google Services instead of MicroG, this issue does not occur. This was achieved by mounting the app with mount and root permissions on top of the regular unmodified app, allowing it to bypass the measurements from GMS to prevent unauthorized apps from using GMS such as the modified YouTube app. To sum up, this issue occurs on unmodified YouTube and upstream MicroG.

  To solve this issue, I am willing to contribute with accounts from my side on which this issue can be fully reproduced.

• This issue can be reproduced as well on older versions of YouTube. It is unlikely the issue originates from the app and in combination with the other additional context it is assumed, the issue is related to MicroG.

• Related exception stack traces from YouTube v17.49.37 when the issue occurs:

  •  OException when handling a request
     cn: Response code: 403
         at bdf.b(PG:37)
         at yte.b(PG:20)
         at zlr.b(PG:1)
         at yso.b(PG:2)
         at mfg.b(PG:16)
         at zlr.b(PG:1)
         at yss.b(PG:22)
         at zlr.b(PG:1)
         at yrg.b(PG:54)
         at bcv.b(PG:48)
         at bcr.b(PG:2)
         at abxf.b(PG:2)
         at bcx.b(PG:1)
         at mda.i(PG:19)
         at mda.b(PG:17)
         at bbw.a(PG:1)
         at bbw.read(PG:5)
         at bbw.read(PG:3)
         at afyw.a(PG:3)
         at abwx.writeTo(PG:3)
         at org.apache.http.impl.entity.EntitySerializer.serialize(EntitySerializer.java:102)
         at org.apache.http.impl.AbstractHttpServerConnection.sendResponseEntity(AbstractHttpServerConnection.java:187)
         at org.apache.http.protocol.HttpService.handleRequest(HttpService.java:214)
         at abxa.run(PG:5)
         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137)
         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637)
         at syj.run(PG:22)
         at java.lang.Thread.run(Thread.java:1012)
    

  •  Given up trying to get FCM Registration Id:
     java.io.IOException: SERVICE_NOT_AVAILABLE
          at ndo.a(PG:11)
          at nne.run(PG:54)
          at rt.execute(PG:6)
          at nso.a(PG:8)
          at abmg.i(PG:5)
          at nsz.s(PG:3)
          at nne.run(PG:59)
          at rt.execute(PG:12)
          at nso.a(PG:8)
          at abmg.i(PG:5)
          at nsz.s(PG:3)
          at ntm.b(PG:1)
          at mut.d(PG:1)
          at muv.a(PG:2)
          at bnp.handleMessage(PG:43)
          at android.os.Handler.dispatchMessage(Handler.java:102)
          at android.os.Looper.loopOnce(Looper.java:201)
          at android.os.Looper.loop(Looper.java:288)
          at android.app.ActivityThread.main(ActivityThread.java:7872)
          at java.lang.reflect.Method.invoke(Native Method)
          at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548)
          at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:936)
    

[kabadisha]

I can confirm from my own testing that this issue is currently influenced by geography.
On my account, I can only reproduce this when in the UK or on a VPN terminating in the UK.
If I switch to a VPN terminating elsewhere e.g. United States, this issue does not occur.

[origamiofficial]

I can confirm from my own testing that this issue is currently influenced by geography. On my account, I can only reproduce this when in the UK or on a VPN terminating in the UK. If I switch to a VPN terminating elsewhere e.g. United States, this issue does not occur.

For me it's not influenced by geography. I've tried different VPNs with different countries & none of them worked.

[oSumAtrIX]

It combines the account you use and the region you are in. Either, or both together can prevent playback.

[Gestrid]

I'm located in the US using a US account and am being affected by this issue.

[CnC-Robert]

But google blocks VPNs playback and tor. It started almost a year ago, that is why 1.1.1.1 app had to remove

They don't

[senposage]

can we not crap all over the issue tracker with useless chatterplease?
github tracker is not the place for you to post whatever issue you are having its for devlopers to resolve know issues

[senposage]

They don't

In fact it started happening on much more private VPN like OctoHide, that still works with Truth Social, nifty, BBC iPlayer (!), but not with youtube. It bypasses geoblock for me still though like on https://youtu.be/sqqhnYAkJjY

Then there is Netflix and last wikipedia editing.

But it does make loading video harder, but not audio.

shutup thats not what this issue is about we don't want to hear about your problems in your country with whatever vpn you are using: its not related to this issue#
thats not what this issue is for. this issue tracker is for problems with gmsCore

[senposage]

as a work around try disabling Push nofications and cloud messaging
I am still testing if this accually works but so far seems good.

it looks like this is how google is detecting the vanced/microgms.

it ALSO seems like there is some kind of timeout on whatever restiction they are using when vanced/microg is detected as well switching accounts and using the other account for awhile seems to unrestrict the other account allowing video to play

[Gestrid]

Seems there's been some sort of change on Google's end. For me, videos no longer stop buffering at exactly the 10-second mark, but they seem to stop buffering within the first minute or two, usually at either 0:39 or 1:39.

[oSumAtrIX]

Videos play on YouTube normally without the use of MicroG. Your theory unfortunately is not correct.

[Kiwiiizzz]

Started affecting me and I live in cali, this sucks

[farline99]

Same here. Youtube Revanced does not work in result :)

[sridharstreaks]

got hit with this today from india. I already had issues with ambient mode not working for me and with this happening today. I changed ROMs unnecessarily. with frustration, In the end, i deleted my entire youtube service data. so far no issues, I found this thread after that. this is sad but even sad is the ambient mode isn't working for me, i can't access my second channel.....this is like a curse on my account

[senposage]

thinking about it some more
its possible and likely youtube has implamented a server-side check to decide if the client is using features for which the account is not entitled for OR if they are authenicated using the offical google play api or not (google may have changed something in the play-services api to check if the authenicated client is using the offical play-servicesor authenicated some other way.

if vidoes play without microg installed this confirms they are doing some kind of check on if the client is using features they aren't entitled too / checking how the client is authenicated

but I can't figure out why this issue is so inconsistent

one day the account will just start working again with no changes / the next day it wont
not using the account for some period of time seems to lift whatever restriction is put in place

[adivish]

Was facing this issue since one month on my secondary device which had my secondary gmail account from india. On my primary device which has my primary mail is working fine.

[ttoups]

Started all of sudden getting this issue when I first started using it this morning. It worked all yesterday and last night. I'm in USA

[holly-hacker]

Please don't post new messages confirming that the problem exists. Some people receive notifications for each new message in this thread and this is not helpful. If you want to state you agree with something, please use reactions rather than making new comments.

[hegi2k]

Was that problem fixed now? I can only watch revanced without microg to this day

[jamonanan]

Changing the youtube handle seems to work but only temporarily as the problem arises again after a couple or a few days.

[trmdi]

@inotia00 probably fixed the issue? https://github.com/inotia00/revanced-patches/releases/tag/v2.164.30

add protobuf-spoof patch (it fixes playback buffer issue
inotia00/revanced-patches@995f6a6

[sridharstreaks]

Yes seems like it. it is pinned by @inotia00 in the office telegram group (https://t.me/revanced_extended_chat/176709). It is also will be coming in the revanced it seems according to the post. it would be helpful if we test it on our affected accounts and let the devs know.

[hegi2k]

How do i add those patches to already installed revanced manager?

[trmdi]

How do i add those patches to already installed revanced manager?

Test and confirm it: https://github.com/inotia00/revanced-documentation/wiki/Method-3.-Using-official-ReVanced-Manager-(Android)

[hegi2k]

Hell yeah it seemed to work for me now.
Only thing is that captions are now shown despite selecting the respected patch for that. But that's a different story.

[mmis1000]

@inotia00 probably fixed the issue? https://github.com/inotia00/revanced-patches/releases/tag/v2.164.30

add protobuf-spoof patch (it fixes playback buffer issue
inotia00/revanced-patches@995f6a6

I think it's more like a workaround from youtube app? We still don't know why using microg makes that signature different.

[trmdi]

I think it's more like a workaround from youtube app? We still don't know why using microg makes that signature different.

Before trying this patch, I tried one of my accounts one more time, which was affected by the bug, I found that the bug no longer happens. So I don't know if that patch works or not. :/

[hegi2k]

Lol
What should I else write? Iam just a dumb user and no expert

[holly-hacker]

Lol What should I else write? Iam just a dumb user and no expert

Nothing. If you have nothing useful to add, please don't post new message. Many people receive notifications from this thread and messages confirming the problem aren't adding value.

[pinguluk]

Lol What should I else write? Iam just a dumb user and no expert

Nothing. If you have nothing useful to add, please don't post new message. Many people receive notifications from this thread and messages confirming the problem aren't adding value.

He said that he patched the app and worked fine until yesterday, when the problem came back. Why isn't useful? We should not report if the patch is not working again?

[MatadorProBr]

Lol What should I else write? Iam just a dumb user and no expert

Nothing. If you have nothing useful to add, please don't post new message. Many people receive notifications from this thread and messages confirming the problem aren't adding value.

He said that he patched the app and worked fine until yesterday, when the problem came back. Why isn't useful? We should not report if the patch is not working again?

You should report it to the ReVanced team in ReVanced GitHub, not here, this issue is only to the microG team fix the issue directly into microG instead of modifying YouTube to make it work properly so if you can, please, don't start reporting if the issue is happening with your ReVanced with the spoof-signature-verification patch here.

I have notifications enabled here and I only want to see when developers/users will answer this issue with something helpful, not random people saying that their ReVanced is not working with such patch in a place that is not designed to ReVanced issues.

[senposage]

unrelated to gms core but it bears repeating
if you are using revanced or its patches you NEED Todo a clean install every time or things will not work properly

I am not sure this is a gmscore issue we are doing things to the client that are not offically supported and outside the scope of gmscore which is intended to provide a open-source alternativeto google services. not bypass there security checks which they are 100% within there rights to implament

[oSumAtrIX]

@senposage

Check the section "Additional context" from OP:

we were able to reproduce this on the regular YouTube app and on the regular version of MicroG on different custom ROMs.

MicroG is intended to spoof GMS, otherwise, apps depending on GMS won't work as intended by MicroG .

[senposage]

yes because people are using microg to bypass restrictions on modded youtube clients for devices without root
so google has taken steps to mitigate the usage of microg and other things that bypass the signature checks

google was letting it slide now they are not.

I would expect a DMCA from google anyday if people keep abusing microg to ahem privateer youtube premium
if they would like to pursue that path then they can fork Microg/GMSCore and maintain there own fork (which already exist)

fixing bugs caused by pirated apps(or patches that ENABLE it to be used for that) puts the entire project in jepordy
and by enable I mean explictly adding fixes for Googles OWN apps when using microg to side-step there security checks

so far thats all this affects. you should not be using microG with offical google apps as that is self defeating
if you want to use GOOGLE(tm) apps such as youtube and play music. and connect to google servers for CONTENT you should be using the standard google play services

[fluorop]

yes because people are using microg to bypass restrictions on modded youtube clients for devices without root so google has taken steps to mitigate the usage of microg and other things that bypass the signature checks

google was letting it slide now they are not.

I would expect a DMCA from google anyday if people keep abusing microg to ahem privateer youtube premium if they would like to pursue that path then they can fork Microg/GMSCore and maintain there own fork (which already exist)

fixing bugs caused by pirated apps(or patches that ENABLE it to be used for that) puts the entire project in jepordy and by enable I mean explictly adding fixes for Googles OWN apps when using microg to side-step there security checks

so far thats all this affects. you should not be using microG with offical google apps as that is self defeating if you want to use GOOGLE(tm) apps such as youtube and play music. and connect to google servers for CONTENT you should be using the standard google play services

I don't know the reason for all the dislikes, but this comment solved the problem for me. However, it should be noted I tested the solution only playing few videos.

"you should not be using microG with offical google apps"

What I did was to modify which apps MicroG could communicate to: in MicroG settings I made unregistered "app.revanced.android.youtube" because it didn't have the Afn Red icon of YouTube Revanced Extended. I was thinking that even if it had "Revanced" in the name, it was actually some application that was linked with google services.

I hope this helps.

[rainman74]

@inotia00 Error is already fixed! No one reports this error in the other ReVanced builds either.

LuanRT/YouTube.js#390
yewtudotbe/invidious-custom#60

[Tthecreator]

I was doing some testing with the stock YouTube app on a clean emulator, with latest dev MicroG.
I can see similar traces and the 403.
I'm not logged into any account.

[tanmaytez]

Can u tell me how do I fix it?

[hegi2k]

Just load the current revanced app. It works for me for several weeks now

[oSumAtrIX]

The issue is related to PoToken. YouTube uses the PoTokenService with the action com.google.android.gms.potokens.service.START. I do not know exactly how it is used, but specific YouTube API requests rely on it. Using GmsCore, the requests include what looks like failure messages instead of whatever is in relation to PoToken, whereas when GMS is used, the requests send two byte arrays with the affected requests. Requests that include the byte array do not lead to playback issues.

The byte arrays change everytime you log into an account on the app or change the account.

PR #2129 is related. The issue is still up to date, even with the merged PR.

What I have noticed though, is that instead of PoTokenConstants.TOKEN_URL a different URL that contains "androidantiabuse" in the path is called leading to DroidGuard being involved. Likely irrelevant.

[oSumAtrIX]

Adding to my previous comment. It seems like a GetPoIntegrityTokenResponse is never returned from the POST request, the body is empty:

Accordingly, the logs also show the following:

03-23 02:34:34.418   907  3961 D ChimeraServiceProvider: serviceIntentCall: com.google.android.gms.potokens.service.START -> Intent { act=com.google.android.gms.potokens.service.START pkg=com.google.android.gms cmp=com.google.android.gms/org.microg.gms.potokens.PoTokensService }
03-23 02:34:34.421   907   907 D PoTokens: onBind: Intent { act=com.google.android.gms.potokens.service.START pkg=com.google.android.gms cmp=com.google.android.gms/org.microg.gms.potokens.PoTokensService }
03-23 02:34:34.447   907   991 D PoTokens: bound by: GetServiceRequest{serviceId=POTOKENS, gmsVersion=240204000, packageName='com.google.android.youtube', extras=Bundle[{}]}
03-23 02:34:34.447   907   991 D PoTokens: PoTokensApiService handleServiceRequest
03-23 02:34:34.492   907   991 D PoTokens: responseStatusToken packageName: com.google.android.youtube
03-23 02:34:34.493   907   907 D PoTokens: responseStatusToken start
03-23 02:34:34.493   907   907 D PoTokens: PoTokenHelper postPoTokenForGms start
03-23 02:34:34.824   907   907 D PoTokens: PoTokenHelper postPoTokenForGms response: GetPoIntegrityTokenResponse{}
03-23 02:34:34.824   907   907 D PoTokens: PoTokenHelper postPoTokenForGms end
03-23 02:34:34.824   907   907 D PoTokens: responseStatusToken end

[bladeSk]

@oSumAtrIX Why close the issue as completed? The required changes are only in the ReVanced fork (which does indeed resolve the problem), but it's still very much an issue in microg/gmscore. The official YouTube app is unusable on MicroG, as it stalls after 30 seconds of video playback.

[mar-v-in]

@bladeSk: PoTokens is implemented in microG. What version are you using and did you enable device attestation?

[bladeSk]

@mar-v-in I just finished installing the latest CalyxOS update and MicroG is at 0.3.0.233515-13 (872a72e). Device attestation is enabled and set to embedded (although YT is not shown in the list of apps using SafetyNet). YouTube videos still stop after 30 seconds.

[mar-v-in]

PoTokens was added in 0.3.1 so CalyxOS version might not have it yet.

[bladeSk]

Just tested the official YouTube app on the latest CalyxOS (5.6.3), which comes with MicroG v0.3.1.240913 (da80579) and the issue persists.

[farag2]

https://github.com/ReVanced/GmsCore/releases

[bladeSk]

https://github.com/ReVanced/GmsCore/releases

I have it installed, but I think it's silly to have two copies of MicroG running side by side, just to be able to watch YouTube.

[mar-v-in]

@bladeSk Do you have device attestation allowed in microG SafetyNet settings?

[bladeSk]

@mar-v-in yes, it's set to embedded (local DroidGuard runtime). Oddly enough, clearing YT's cache and restarting the phone seems to have fixed the issue. 🎉 This is in line with what was required for installing ReVanced, so there was likely some old session data stuck somewhere.