Security check is needed DisplayUnlockCaptcha

[druphliu]

Hello there!

I'm getting the following error message when I try to download an app from the Google Play Store:

Security check is needed, try to visit https://accounts.google.com/b/0/DisplayUnlockCaptcha to unlock, or setup an app-specific password
I tried the following:

account password without MFA
account password without MFA and "unsecure" connection enabled (or however that is called)
app-specific password (with MFA)

[Arshit007]

Yes,I am also facing the same issue from last day only.When did you start facing this same problem?

[adtimizer]

same here... what a nightmare. tried multiple accounts/app specific but nothing worked. Yesterday google announced some changed to the playstore agreement... maybe its related?

[poseidonsg]

I am also facing the same problem. Did someone figure it out?

[druphliu]

@matlink we need you help

[Arshit007]

I am not able to login in the playstore.It is giving me 'Security check is needed, try to visit https://accounts.google.com/b/0/DisplayUnlockCaptcha to unlock, or setup an app-specific password' again and again

[poseidonsg]

I am still facing this issue.. not sure what is the resolution here.

[minhduyzin]

Now, I am also facing the same problem. Did someone figure it out?

[pnu-s]

Having the same issue, I just tested apkeep (which is still maintained) and it seems to work just fine!

I'm unsure what is the difference which makes it work.
@Hainish Would you have any idea? 🙏

[adtimizer]

great!!!!!! thanks for sharing.
do you know if its possible to get the split option? i can't see it in the USAGE text.

[Hainish]

@pnu-s I'm really not sure, I mostly mimic what this library does, providing the default device configuration of hero2lte, a timezone of UTC, and a locale of en_US.

@adtimizer No split apk support yet. It's on the list.

[therealchjones]

APKeep (and rust gpapi) not working for me now, either. Have tried multiple old and new accounts, signing onto emulator play store first (and accepting terms) or not. No luck. Is it possible Google has disabled app passwords for play store access? (Or gotten even better about identifying unofficial clients?)

[HarryWindsor]

I am having the same issues, https://github.com/EFForg/apkeep is not an option for me as I need a python api :(

[DavidRodriguezTorrado]

This problem seems to be still active. Some moths ago ocurred and the solution was to add a parameter ("droidguard_results": "some_random_string") in function getLoginParams (that is in gpapi/config.py). I guess something similar is happening this time. Google might have updated/changed something about their login.

Did anyone find out news about this issue? (Or has any idea that can feed to find a solution)

[wandamaxm]

There was an issue with the headers to some of the requests, I have created this pull request that fixes it for me: #161

[marty0678]

As mentioned in #162 the above PR doesn't appear to be working any longer.

[Exadra37]

This security check only occurs to me when using a plain text password. To fix it just create an App password on your Google account and use it instead.

Bear in mind that currently this repo doesn't work due to another error, therefore you need to use the code on the branch of this merge request:

marty0678#5 (comment)

[Exadra37]

Nowadays my working setup is to have a dedicated Gmail account for this without 2FA enabled, otherwise authentication with Google will not work, even with app password.

This week I also had to downgrade from Python 3.7 to 3.6 to solve Bad Authentication from Google.

My current Dockerfile that clones a fork of this repo that is more up to date.:

ARG TAG=3.6

FROM python:${TAG}

ARG CONTAINER_USER="developer"
ARG CONTAINER_USER_UID=1000

ARG LANGUAGE_CODE="en"
ARG COUNTRY_CODE="GB"
ARG ENCODING="UTF-8"
ARG CHECKOUT_COMMIT_HASH=aa193ea198ac789f2b7d7a6650174078a93710a5

ARG LOCALE_STRING="${LANGUAGE_CODE}_${COUNTRY_CODE}"
ARG LOCALIZATION="${LOCALE_STRING}.${ENCODING}"

RUN apt update && apt -y upgrade && \
    apt -y install \
        locales \
        git \
        curl \
        inotify-tools && \

        echo "${LOCALIZATION} ${ENCODING}" > /etc/locale.gen && \
        locale-gen "${LOCALIZATION}" && \

        useradd -m -u "${CONTAINER_USER_UID}" -s /bin/bash "${CONTAINER_USER}" && \
        mkdir /home/"${CONTAINER_USER}"/workspace && \
        chown -R "${CONTAINER_USER}":"${CONTAINER_USER}" /home/"${CONTAINER_USER}"

RUN apt install -y protobuf-compiler

ENV USER ${CONTAINER_USER}
ENV LANG "${LOCALIZATION}"
ENV LANGUAGE "${LOCALE_STRING}:${LANGUAGE_CODE}"
ENV PATH=/home/${CONTAINER_USER}/.local/bin:${PATH}
ENV LC_ALL "${LOCALIZATION}"

USER ${CONTAINER_USER}

WORKDIR /home/${CONTAINER_USER}/workspace

RUN git clone https://github.com/Augustin-FL/googleplay-api.git .
RUN git reset --hard "${CHECKOUT_COMMIT_HASH}"

RUN pip3 install -r requirements.txt
RUN python3 setup.py build

RUN pip3 install --upgrade protobuf

CMD ["bash"]

I had to trim down the Dockerfile and haven't tested it, but it should work.

[ghost]

This week I also had to downgrade from Python 3.7 to 3.6 to solve Bad Authentication from Google.

this is a poor fix, as you are just avoiding the underlying issue rather than addressing it. the real problem is that Google uses TLS fingerprinting, which Python 3.6 is part of the whitelist by random chance. A proper fix would be to pass a properly constructed TLS client hello that matches Android API 21-33. I have code that does this in my repos, or for Python you can utilize gpsoauth