My phone's OS got messed up, and after reloading a the LineageOS ROM while preserving my files, Android Token no longer sees its database/list of secret keys, so I have lost access to my tokens. I searched but can't find documentation to aid users like me to find what data directory holds the secret keys.

Please add documentation of where on an Android device the secret keys are stored.

Please also add a method for importing a key library into a new installation of Android Token.

Thanks!

What steps will reproduce the problem?
1. HTC One uses ICS which means the menu button is not available.
2.
3.

What is the expected output? What do you see instead?
The UI pattern for the application needs to be updated to included for this 
issue.
http://blog.gsmarena.com/google-urges-developers-to-remove-the-menu-button-from-
android-apps-suggests-using-the-action-bar-instead/

Please use labels and text to provide additional information.

Original issue reported on code.google.com by [email protected] on 24 Jan 2013 at 2:54

Going into landscape mode and back to portrait makes it appear again

Hello.
I'm trying to use Android Token to secure access on some things, but if I want to scan a qrcode, it says I need Barcode Scanner, which is logical.
But it doesn't seem to be available on F-Droid anymore.
Can another app do the job?

When pin is required, we have to focus on the text field even if no other action is possible.

1. Trying to generate appropriate TOTP for the following URL, for example:

otpauth://totp/android?secret=VPGRENCWPA======

The base32 encoded 'secret' in the above URL had to be padded, and the original 
secret was "abcd12345678" in this example.

2. The 'secret' after parsing the URL will be VPGRENCWPA (i.e the '=' signs in 
the 'secret' are skipped as the '=' sign is used as a token to split the 
parameters in TokenList.java).

3.  Because of that, and because the default padding used in Base32.java is '=' 
sign, the decoded secret will be 'abcd1234563448d159e0' instead of the correct 
value of 'abcdef12345678'.

I was trying to use the androidtoken 2.0.2 on Samsung Galaxy phone, running 
Android 4.2.2, and it was generating wrong TOTP codes.  So, I downloaded the 
androidtoken sources on to Windows machine, and tried it out (after 
retrofitting it for commandline usage) using JDK 1.7 and found the above cause.

I changed the default padding in the Base32.java to use '.' instead of '=' and 
then, it works fine.

Original issue reported on code.google.com by [email protected] on 25 Feb 2014 at 12:32

Hey there, here comes another suggestion for your great app! Actually it is not my intention to file so many Issues here, but there simply is no other token app out there that is not only published on F-Droid, but also under active development. So you'redefinately collecting plus points there. Thanks for improving! ;-)

I very much like the design of FreeOTP, which features an easy navigation below the navigation bar:

It would be great to be able to copy the otp by a long press to past it in the author field on the service requesting this otp.

What steps will reproduce the problem?
1. Long click the PIN dialog
2. Notice the lack of clipboard copying
3. Make sad face :(

What is the expected output? What do you see instead?
Would expect long pressing to copy the generated pin to the system clipboard.

What version of the product are you using? On what operating system?
Latest.

Please provide any additional information below.

I've created a patch to add this functionality (attached). I've really changed 
3 things:

1. Bump minSdkVersion to "4", this was actually need in the unpatched version 
for the largeScreens... etc android params in the manifest.

2. Removed the 10 second time out (annoyed me that I had to memorize the pin in 
10 seconds and then it's gone forever.

3. Added setOnLongClickListener to the PIN dialog TextView so long pressing the 
PIN copies it to the clipboard (and displays a toast notification that it did 
so).

Not sure if anyone is actively developing this project anymore...

Original issue reported on code.google.com by timekillerj on 25 Aug 2011 at 6:42

Attachments:

• longclick.diff

Hello all,
I really like the app and it works fine on several accounts.
But on amazon.de I scan the token - it gets added (time is correct) but the code is wrong and gets rejected.
Tried on two devices - no difference.
Tried with Google Authenticator - which I don't like - it works.
Please advise what I could try.
I'm using Version 2.10 from F-DROID

I have this on 2 devices. The first one I installed the token directly from a QR code. It works.
The second one I created using the "new token" interface.
This thing warns that there are only 80 bytes of randomness in the seed value.
I took the seed value directly from the same source as the QR code.

But these generate completely different codes and frankly I'm at a loss as to what to do.
The only way to get the QR code back at the source would be to cancel the existing 2fa. That's not an option because they revoke all API keys and then lock the account down for 2 weeks following such a change and all I'm really doing is changing the device I use for 2fa.

Is there a recommended way to view whatever settings the good device is using to generate these codes? Thanks!

Good evening @markmcavoy, first of all: Huge thanks for putting your heart-blood into this neat app! I've been tinkering with sevaral Token Generators for Android, yours simply worked as it should with GitHub. But would you please change the low-resolution Icon to a much more beautiful high-resolution Icon? ;-)

Widget showing actual OTP

Original issue reported on code.google.com by [email protected] on 29 Jan 2012 at 2:55

I expect TOTP applications to encrypt their storage.

sqlite3 /data/data/uk.co.bitethebullet.android.token/databases/androidtoken.db 'select * from token' as root reveals seed values and they do not change when I change the PIN.

Google authenticator takes the tokename and unescapes it for the token name it stores it as. So I would like to see androidtoken doing the same thing.

If no one else takes up this issue I may try my hand and modifying the code to include this feature once I get brave enough.

on a fresh install, i am greeted with a "no tokens defined" message that kind of looks squeezed in the corner. it could be way nicer, with a bit of spacing around it.

Usage of NTP to correct time within calculation of time based OTPs

Original issue reported on code.google.com by [email protected] on 29 Jan 2012 at 2:56

Hi, to simplify provisioning of a token, it would be great if you implemented a 
web-based provisioning through a custom URL format. Bonus points if you get to 
reuse the same format as implemented by the iPhone OATH token open-source 
application:
http://code.google.com/p/oathtoken/wiki/WebProvisioning

Original issue reported on code.google.com by [email protected] on 2 May 2011 at 9:09

The label (issuer, account) has to be URL-encoded according to RFC 3986. The app should display the decoded label instead displaying an encoded hard to read label.

For example Big%20Corporation:alice%40bigco.com is not decoded and displayed as Big Corporation:[email protected].

See also https://github.com/google/google-authenticator/wiki/Key-Uri-Format#label

Platform

App version: 2.10
Android version: 5.1
Device name: LGE LG-H815 (lge)

Steps to reproduce

Select 'Add Token'
Type in Name, Serial No
Press Next to go to next screen (Token Seed Method)
Press 'Back'; keyboard disappears
Press 'Back' again and we are on the Main screen which shows 'No tokens defined'

What steps will reproduce the problem?
1. when displaying the pin keyboard we are showing a general keyboard when we 
should just display the numerical input keyboard.
2.
3.

What is the expected output? What do you see instead?
Digits keyboard

What version of the product are you using? On what operating system?


Please provide any additional information below.

Original issue reported on code.google.com by [email protected] on 28 Nov 2011 at 3:44

When I tried using it for github 2FA, the generated keys don't work. Google Authenticator works though.

I am using the f-droid build. I was migrating my setup from Google 
Authenticator's database file.

When manually importing seeds in base32, I have encountered that 
16-character-long seeds work correctly, but 26-character-long ones (e.g., 
mt.gox) do not. The tokens displayed are different to those of Google 
Authenticator (those expected by the website).

Workaround: I converted the code to hex using the base32tohex function from
http://gauth.apps.gbraad.nl/ in a JS console. When importing the hex seed to 
androidtoken, the right codes get displayed.

Simplified example: Test the base32 seeds:
ABABABABABABABAB
vs
ABABABABABABABABAB
The first one (16 bytes) works, while the second one does not.

Original issue reported on code.google.com by [email protected] on 20 Aug 2014 at 6:00

In order to build the project I'd like to have a build file,

Why isn't the application in android market?
Since I'm an android developer, if you want, i could publish the app (for free 
obviously) :)
Let me know if you're interested! :)

Cheers!

Original issue reported on code.google.com by [email protected] on 8 Feb 2011 at 10:09

With a list of tokens that's long enough to require scrolling, I'm unable to keep the app actually scrolled down; every time it decrements the progress bar to indicate when the codes expire, it pops back up to the top of the list. This makes reading and using codes at the end of the list excruciatingly difficult.

Potentially-relevant info about the phone:

• Model number: Nexus 6P
• Android version: 7.0
• ROM: CopperheadOS
• App installed from: F-Droid (latest as of filing this report)

Good evening @markmcavoy, I am having an Issue with Android Token when wanting to use it for GitHub Two-factor Authentication (2FA): I always have to wait until the second Token appears after I've opened the app, even though enough time is left until a new one is generated. The first Token seems to never work. Please tell me which data you need to fix this Issue. Thank you for improving your app!

It would be great to be able to edit the token title.

What steps will reproduce the problem?
1. I am not a geek guy
2. But I always go on doing something geeky
3. I want use androidtoken for Google 2 step verfication

What is the expected output? What do you see instead?
IMP: THERE MUST BE DEFAULT BARCODE SCANNER APP FOR ANDROID. I HAVE INSTALLED 
BARCODE SCANNER APP OF ZXing Team. No problem it is of GOOGLE.........BUT....IT 
MUST BE ABLE TO DO ALL FUNCTIONS OF QR DROID APP....SO THAT EVERYTHING IS 
POSSIBLY...AS I SPECIALLY INSTALLED IT FOR GOOGLE AUTH AND ANDROID 
TOKEN..OTHERWISE NO USE OF IT..

What version of the product are you using? On what operating system?
Android IceCreamSandwich 4.0.4

Please provide any additional information below.

Original issue reported on code.google.com by [email protected] on 28 Oct 2013 at 6:36

Hi Mark,

thank you for this useful utility! Would you be so kind and place it under some kind of open source license so that I can contribute to it (namely a build script and a backup option)

Cheers
Jens

At the moment we only allow numerical values in the token serial number field. 
This should be changed so that we can allow letters and numbers.

Original issue reported on code.google.com by [email protected] on 22 Mar 2012 at 10:02

The OTPs are calculated incorrectly, when base32-encoded seeds are entered in 
lowercase instead of uppercase.

This is also an issue when using QR Codes.

Used Version: androidtoken 2.02 on CM11.

Original issue reported on code.google.com by [email protected] on 29 Jan 2014 at 1:36