Why does the Google Authenticator app have "obsolete" in its title on Play Store?
Does it work? Can I still use it for two-factor authentication? Is there a preferred method?
Answer
Looks like Google has released a new version of Authenticator (as of March 21, 2012) under a new package name: com.google.android.apps.authenticator2.
Old version: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator
New version: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
Different package names means that you can have them both installed simultaneously, but my guess is that Google will eventually remove the old version from the Play Store.
Installing Authenticator 2 without uninstalling Authenticator allows Authenticator 2 to import your currently configured sites.
I've read a few posts from people claiming that Google lost their signing key, and this why they have to release a new app under a new package name. I want to emphasize that there is no evidence to support this claim. While it is true that signing keys cannot be changed with app updates and therefore require a completely new app/package name, a more plausible explanation could be that Google wants to integrate Authenticator more tightly (e.g., shared UIDs, signature permissions) with other apps (see below).
Additional info for those interested:
The signing key used on the old version of Google Authenticator (SHA1 fingerprint: 24:BB:24:C0:5E:47:E0:AE:FA:68:A5:8A:76:61:79:D9:B6:13:A6:00) is also used to sign: Scoreboard, Goggles, Finance, Google Voice, Shopper, Transalte, Chrometophone, Earth, Reader, and a few others.
The signing key used on the new version of Google Authenticator (SHA1 fingerprint: 38:91:8A:45:3D:07:19:93:54:F8:B1:9A:F0:5E:C6:56:2C:ED:57:88) is used to sign: Google Maps, Google Play Store, Gmail, Google+, Google Chrome and Google Music.
Update: Google has put up a blog post talking about the new up as well as the upgrade procedure.
No comments:
Post a Comment