The app currently has a backup feature, but it’s not possible to restore from the backup, and some of them seem to even be corrupt. There’s no response at all from the maintainers and no effort in making sure that new users know that they can’t trust the backups.
I believe something must be done by F-Droid, either having an anti-feature or completely removing the app, considering how serious this issue is - users may lose access to their accounts.
opened 07:55AM - 18 Aug 24 UTC
I have a Samsung with root access that I updated for which i formatted data. Ich… backed everything up with Swift. The App restored and I can see the accounts but when I push on an account to get a OTP I get ERROR. I have seen a identical description of this error in closed issues where the solution was to use an older backup because it seemed the backup was compromised. I have tried that but did not get a better result. (The backups of other apps worked fine.)
opened 02:01PM - 10 Aug 24 UTC
As documented in issues many times, If this critical feature doesn't work, the a… pp is dead. Losing access to the app can mean catastrophic loss of login access. The restore/backup features need to be resolved before anyone should use this app.
this is a critical failure and no release with full functionality for backup restore should be pushed.
opened 02:00PM - 07 Jul 24 UTC
I started using version 2.0.2. I added a few tokens to my phone. Exporting backu… ps can be successful. However, I imported it on another phone and entered the correct password. After that, nothing happened (it should have been an error). Therefore, I debugged and found that there was no problem decrypting the masterkey. But when decrypting each token, an error is directly reported.
`javax.crypto.AEADBadTagException: error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT
at java.lang.reflect.Constructor.newInstance0(Native Method)
at java.lang.reflect.Constructor.newInstance(Constructor.java:343)
at com.android.org.conscrypt.OpenSSLAeadCipher.throwAEADBadTagExceptionIfAvailable(OpenSSLAeadCipher.java:320)
at com.android.org.conscrypt.OpenSSLAeadCipher.doFinalInternal(OpenSSLAeadCipher.java:371)
at com.android.org.conscrypt.OpenSSLCipher.engineDoFinal(OpenSSLCipher.java:374)
at javax.crypto.Cipher.doFinal(Cipher.java:2056)
at org.fedorahosted.freeotp.encryptor.EncryptedKey.decrypt(EncryptedKey.java:59)
at org.fedorahosted.freeotp.TokenPersistence.restore(TokenPersistence.java:209)
at org.fedorahosted.freeotp.main.Adapter.restoreTokens(Adapter.java:265)
at org.fedorahosted.freeotp.main.Activity$5.onClick(Activity.java:404)
at androidx.appcompat.app.AlertController$ButtonHandler.handleMessage(AlertController.java:167)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loopOnce(Looper.java:201)
at android.os.Looper.loop(Looper.java:288)
at android.app.ActivityThread.main(ActivityThread.java:7872)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:936)`
![image](https://github.com/freeotp/freeotp-android/assets/78742259/c8ee0202-be18-47e2-8833-139d3f300592)
It is worth noting that. The error reported by entering the wrong password and restoring is the same. May I ask if it is because the key used for encryption during export was incorrect.
Please resolve it as soon as possible. I can debug it on my end. I can provide support.
opened 03:48PM - 14 Feb 24 UTC
I had installed FreeOTP on a new phone a month ago. Had to do a reset now, expor… ted keys, wanted to import after the reset. It doesn't work. Apparently many others face the same problem. I don't understand why the app still suggests to do a backup when it doesn't work? This is not a minor issue.
opened 02:35PM - 01 Feb 24 UTC
1) I have a LOT of entries there and nothing can be sorted.
Either by alphabet … (A-Z, Z-A, etc)
2) I am afraid to back it up, because I don't know if I have set my password when I was setting it up for the first time
3) I am really thinking I should ''transfer'' everything to my Google Auth and stay away from this app
4) Some entries can not be added
5) There are a lof of other bugs, but I don't remember them now
Thanks for the help but I could find my recovery key. I just hope some sort of warning is added to FreeOTP’s page for their failure in dealing with this issue for months, so that less people get to have problems with it.
linsui
September 1, 2024, 3:11pm
4
Can this bug be reproduced with only one phone?
I tried right now and couldn’t, so I guess it’s something related to the format of the backup being dependent on the phone architecture or android version
vdbhb59
September 1, 2024, 4:12pm
6
This is a case with FreeOTP & FreeOTP+ as well on A13, A14 Vivo, OP, and LG Wing as well (A11)
linsui
September 2, 2024, 5:02am
7
What’s the last working version?
vdbhb59:
& FreeOTP+
in my testing the plus app one worked fine, even when authenticate was ON
vdbhb59
September 2, 2024, 12:03pm
9
3 versions back. On one Infinix it works oob. On my own Vivo it will only work if it is 3 versions old. On my old OP5, it works on LOS flawlessly, but on any other OS it does not work properly.
which apps exactly, both original and plus? with or without authenticate?
vdbhb59
September 2, 2024, 12:13pm
11
Both of them. With authentication works perfectly on Infinix and as stated above.
1 Like
So we need to add a note to the Description? “check backup first”
might be related? Import file does not work · Issue #273 · helloworld1/FreeOTPPlus · GitHub
Can’t it be considered into the “Known Vulnerability” anti-feature? It’s not exactly a “security” issue, but it may cause damage anyway
1 Like
open a MR to add a description note maybe?
I thought this was the place for this kind of request. Where can I open a “MR”?
on Gitlab…
can we get a recheck of dev answers first? they know? they care?
It seems like there’s been no activity from the maintainers for around two months