Tag Archives: play store
Several users have contacted me regarding problems connecting to Google Play “My apps”. The problem involves a well documented “Authentication is required. You need to sign into your Google Account.” This is a bug. It occurs if you have more than one Google account. The problem happens if your primary account isn’t authenticating, and the Google Play app decides the other account(s) are primary. This causes an authentication conflict.
You have two options to fix this problem.
- Remove the non-primary account linked to your Google Play account – tap and hold and tap > Remove account
- Remove all accounts in > Settings > Accounts > Google – as above
- Once you remove the accounts, reboot the device
- Once device has re-booted add your primary Google account (you will need your email and password)
You might also experience the above problem if you have one Google account. If you do, you can choose to remove the offending account as above and add the primary account after reboot. Various forum comments suggest using the “Stop” function in running apps (this is meant to clear the cached background process) > tap “SHOW CACHED PROCESSES” for Google Play Store (his was done on a Nexus 5 running 4.4.2) but this will not work.
Google developer accounts have long been a focus of attention for the cyber community for some time now. It’s little surprise that one of my security colleagues Brian Krebs recently identified the Google Play Store as a major hunting ground for these cyber criminals. Given all the well documented security issues surrounding Android, it’s little wonder we haven’t heard about this underground tactic sooner.
His research found that malware authors were prepared to pay $100 for a genuine Google Play account, so that they could engineer their malcode (SMS malware – see below) to work inside a legitimate app. This information is being shared on the dark web, IRC chat rooms and some invitation only forums. Google only charges just $25 for Android developers to sell their apps through the Play Store, however Google also requires accounts to be approved and linked to a specific web domain. Don’t mention the fact that Google Android allows developers to self sign code here folks!
Why are malware authors purchasing developer accounts?