Google yanks its token-eating iOS authentication app from App Store

Google yanks its token-eating iOS authentication app from App Store

Summary: A buggy update to Google Authenticator is breaking two-factor logins.

TOPICS: Security

Google has removed its Authenticator app from Apple's App Store after reports that the freshly updated version wiped stored tokens tied to online accounts, preventing users from authenticating them.

Google updated the app on Tuesday to support Apple's iPhone 5 and Retina displays, but shortly after complaints surfaced on Hacker News revealing the update caused a user to lose access to accounts requiring passcodes generated by the app.

Google's Authenticator App for iOS allows people to use their iPhone in two-factor authentication logins. The app issues a rolling cycle of random six-digit one time passcodes, and through a token, can be tied to the login process for numerous online services, including DropBox, Amazon Web Services and, as of yesterday, GitHub. 

Amazon Web Services issued an alert shortly after advising customers not to install the update after customer reports indicated that it was inadvertently deleting all authentication tokens from the smartphone, which in turn would prevent them from authentication to the account.

Google is reportedly working on a fix, but in the meantime has withdrawn the app from the App Store. We've asked Google for comment, and we'll update the story is any is forthcoming.

Further reading

Topic: Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • It zorched mine

    I had a series of accounts and as soon as I updated, all those were gone. I'm hoping the update restores them. Still haven't investigated how to set up an authenticator on another device. This is the trap of authenticators as apps, rather than devices.
    David Gewirtz