Just unblocked a Google account without submitting a telephone number.

I hate heuristics.

Interesting observation: A unit test simply failed to log in to two test accounts. In both cases an internet connection was required, in an attempt to force me to enter a phone number (it should be illegal to use phone numbers for 2FA !!!), which indicated that I was connecting from an unknown device and Google wanted to make sure it was really me (I still do not understand the logic there. I would steal this account and put in a phone number, how would that prove I was the legitimate owner ?!).

For one of the two accounts, I had a raccoon profile lying with a confirmation token and a GSF ID still valid. After browsing the Playstore with him for a while, Google seemed to be convinced that it was me and allowed me to log in again. The second account continued to receive the “Traffic Entry Required” error.

To the best of my knowledge, both accounts used the same hardware profile all the time (so it was not about me using a weird device and never seen before). The only thing that might have changed was my IP address (I had some issues with ISP recently, so it could be that my DSL line has been assigned to another subnet).

I’m pretty sure the Google Playstore team is not allowed to deal directly with the account database, beyond using the OAUTH2 interface. So that probably means that thanks to the certificate token that is still valid, I can access FDFE (also known as Playstore Rest API). (F) DFE requires a GSF ID for almost anything and transfers it to something that can measure activity and tell the account manager to catch a cold.




Please enter your comment!
Please enter your name here