Introduce droid guard results into Google sign-in.

jonathanklee · jonathanklee · commit fb87e812cbcc · 2026-03-05T14:09:55.000+01:00
We first try to make a droid guard auth flow. If it fails,
we try a droid guard checkin flow, if it fails, we fallback on
the "null" value.
diff --git a/play-services-core/src/main/java/org/microg/gms/auth/login/LoginActivity.java b/play-services-core/src/main/java/org/microg/gms/auth/login/LoginActivity.java
@@ -40,10 +40,13 @@
 import android.widget.RelativeLayout;
 import android.widget.TextView;
 
+import androidx.annotation.Nullable;
 import androidx.annotation.StringRes;
 import androidx.webkit.WebViewClientCompat;
 
 import com.google.android.gms.R;
+import com.google.android.gms.droidguard.DroidGuardClient;
+import com.google.android.gms.tasks.Tasks;
 
 import org.json.JSONArray;
 import org.microg.gms.auth.AuthConstants;
@@ -54,13 +57,18 @@
 import org.microg.gms.checkin.LastCheckinInfo;
 import org.microg.gms.common.HttpFormClient;
 import org.microg.gms.common.Utils;
+import org.microg.gms.droidguard.core.DroidGuardPreferences;
 import org.microg.gms.people.PeopleManager;
 import org.microg.gms.profile.Build;
 import org.microg.gms.profile.ProfileManager;
 
 import java.io.IOException;
 import java.security.MessageDigest;
+import java.util.HashMap;
 import java.util.Locale;
+import java.util.Map;
+import java.util.Random;
+import java.util.concurrent.TimeUnit;
 
 import static android.accounts.AccountManager.PACKAGE_NAME_KEY_LEGACY_NOT_VISIBLE;
 import static android.accounts.AccountManager.VISIBILITY_USER_MANAGED_VISIBLE;
@@ -100,6 +108,9 @@ public class LoginActivity extends AssistantActivity {
     private InputMethodManager inputMethodManager;
     private ViewGroup authContent;
     private int state = 0;
+    private volatile boolean authDroidGuardResultLoaded = false;
+    @Nullable
+    private volatile String authDroidGuardResult;
 
     @SuppressLint("AddJavascriptInterface")
     @Override
@@ -282,87 +293,95 @@ private void closeWeb(boolean programmaticAuth) {
     }
 
     private void retrieveRtToken(String oAuthToken) {
-        new AuthRequest().fromContext(this)
-                .appIsGms()
-                .callerIsGms()
-                .service("ac2dm")
-                .token(oAuthToken).isAccessToken()
-                .addAccount()
-                .getAccountId()
-                .droidguardResults(null /*TODO*/)
-                .getResponseAsync(new HttpFormClient.Callback<AuthResponse>() {
-                    @Override
-                    public void onResponse(AuthResponse response) {
-                        Account account = new Account(response.email, accountType);
-                        if (accountManager.addAccountExplicitly(account, response.token, null)) {
-                            accountManager.setAuthToken(account, "SID", response.Sid);
-                            accountManager.setAuthToken(account, "LSID", response.LSid);
-                            accountManager.setUserData(account, "flags", "1");
-                            accountManager.setUserData(account, "services", response.services);
-                            accountManager.setUserData(account, "oauthAccessToken", "1");
-                            accountManager.setUserData(account, "firstName", response.firstName);
-                            accountManager.setUserData(account, "lastName", response.lastName);
-                            if (!TextUtils.isEmpty(response.accountId))
-                                accountManager.setUserData(account, "GoogleUserId", response.accountId);
-
-                            retrieveGmsToken(account);
-                            setResult(RESULT_OK);
-                        } else {
-                            Log.w(TAG, "Account NOT created!");
+        new Thread(() -> {
+            String droidGuardResults = getAuthDroidGuardResultOrNullString();
+            Log.i(TAG, "droidGuardResults:" + droidGuardResults);
+            new AuthRequest().fromContext(this)
+                    .appIsGms()
+                    .callerIsGms()
+                    .service("ac2dm")
+                    .token(oAuthToken).isAccessToken()
+                    .addAccount()
+                    .getAccountId()
+                    .droidguardResults(droidGuardResults)
+                    .getResponseAsync(new HttpFormClient.Callback<AuthResponse>() {
+                        @Override
+                        public void onResponse(AuthResponse response) {
+                            Account account = new Account(response.email, accountType);
+                            if (accountManager.addAccountExplicitly(account, response.token, null)) {
+                                accountManager.setAuthToken(account, "SID", response.Sid);
+                                accountManager.setAuthToken(account, "LSID", response.LSid);
+                                accountManager.setUserData(account, "flags", "1");
+                                accountManager.setUserData(account, "services", response.services);
+                                accountManager.setUserData(account, "oauthAccessToken", "1");
+                                accountManager.setUserData(account, "firstName", response.firstName);
+                                accountManager.setUserData(account, "lastName", response.lastName);
+                                if (!TextUtils.isEmpty(response.accountId))
+                                    accountManager.setUserData(account, "GoogleUserId", response.accountId);
+
+                                retrieveGmsToken(account);
+                                setResult(RESULT_OK);
+                            } else {
+                                Log.w(TAG, "Account NOT created!");
+                                runOnUiThread(() -> {
+                                    showError(R.string.auth_general_error_desc);
+                                    setNextButtonText(android.R.string.ok);
+                                });
+                                state = -2;
+                            }
+                        }
+
+                        @Override
+                        public void onException(Exception exception) {
+                            Log.w(TAG, "onException", exception);
                             runOnUiThread(() -> {
                                 showError(R.string.auth_general_error_desc);
                                 setNextButtonText(android.R.string.ok);
                             });
                             state = -2;
                         }
-                    }
-
-                    @Override
-                    public void onException(Exception exception) {
-                        Log.w(TAG, "onException", exception);
-                        runOnUiThread(() -> {
-                            showError(R.string.auth_general_error_desc);
-                            setNextButtonText(android.R.string.ok);
-                        });
-                        state = -2;
-                    }
-                });
+                    });
+        }).start();
     }
 
     private void retrieveGmsToken(final Account account) {
         final AuthManager authManager = new AuthManager(this, account.name, GMS_PACKAGE_NAME, "ac2dm");
         authManager.setPermitted(true);
-        new AuthRequest().fromContext(this)
-                .appIsGms()
-                .callerIsGms()
-                .service(authManager.getService())
-                .email(account.name)
-                .token(AccountManager.get(this).getPassword(account))
-                .systemPartition(true)
-                .hasPermission(true)
-                .addAccount()
-                .getAccountId()
-                .getResponseAsync(new HttpFormClient.Callback<AuthResponse>() {
-                    @Override
-                    public void onResponse(AuthResponse response) {
-                        authManager.storeResponse(response);
-                        String accountId = PeopleManager.loadUserInfo(LoginActivity.this, account);
-                        if (!TextUtils.isEmpty(accountId))
-                            accountManager.setUserData(account, "GoogleUserId", accountId);
-                        checkin(true);
-                        finish();
-                    }
-
-                    @Override
-                    public void onException(Exception exception) {
-                        Log.w(TAG, "onException", exception);
-                        runOnUiThread(() -> {
-                            showError(R.string.auth_general_error_desc);
-                            setNextButtonText(android.R.string.ok);
-                        });
-                        state = -2;
-                    }
-                });
+        new Thread(() -> {
+            String droidGuardResults = getAuthDroidGuardResultOrNullString();
+            new AuthRequest().fromContext(this)
+                    .appIsGms()
+                    .callerIsGms()
+                    .service(authManager.getService())
+                    .email(account.name)
+                    .token(AccountManager.get(this).getPassword(account))
+                    .systemPartition(true)
+                    .hasPermission(true)
+                    .addAccount()
+                    .getAccountId()
+                    .droidguardResults(droidGuardResults)
+                    .getResponseAsync(new HttpFormClient.Callback<AuthResponse>() {
+                        @Override
+                        public void onResponse(AuthResponse response) {
+                            authManager.storeResponse(response);
+                            String accountId = PeopleManager.loadUserInfo(LoginActivity.this, account);
+                            if (!TextUtils.isEmpty(accountId))
+                                accountManager.setUserData(account, "GoogleUserId", accountId);
+                            checkin(true);
+                            finish();
+                        }
+
+                        @Override
+                        public void onException(Exception exception) {
+                            Log.w(TAG, "onException", exception);
+                            runOnUiThread(() -> {
+                                showError(R.string.auth_general_error_desc);
+                                setNextButtonText(android.R.string.ok);
+                            });
+                            state = -2;
+                        }
+                    });
+        }).start();
     }
 
     private boolean checkin(boolean force) {
@@ -396,6 +415,53 @@ private static String buildUrl(String tmpl, Locale locale) {
                 .build().toString();
     }
 
+    private String getAuthDroidGuardResultOrNullString() {
+        String result = getAuthDroidGuardResult();
+        return result != null ? result : "null";
+    }
+
+    @Nullable
+    private synchronized String getAuthDroidGuardResult() {
+        if (authDroidGuardResultLoaded) {
+            return authDroidGuardResult;
+        }
+
+        authDroidGuardResultLoaded = true;
+        if (!DroidGuardPreferences.isAvailable(this)) {
+            return null;
+        }
+
+        Map<String, String> data = buildAuthDroidGuardData();
+        authDroidGuardResult = tryDroidGuardResult("auth", data);
+        if (authDroidGuardResult == null) {
+            authDroidGuardResult = tryDroidGuardResult("checkin", data);
+        }
+        return authDroidGuardResult;
+    }
+
+    @Nullable
+    private String tryDroidGuardResult(String flow, Map<String, String> data) {
+        try {
+            return Tasks.await(DroidGuardClient.getResults(this, flow, data), 15, TimeUnit.SECONDS);
+        } catch (Exception e) {
+            Log.w(TAG, "DroidGuard auth flow failed: " + flow, e);
+            return null;
+        }
+    }
+
+    private Map<String, String> buildAuthDroidGuardData() {
+        Map<String, String> data = new HashMap<>();
+        long androidId = LastCheckinInfo.read(this).getAndroidId();
+        if (androidId != 0 && androidId != -1) {
+            data.put("dg_androidId", Long.toHexString(androidId));
+        }
+
+        data.put("dg_gmsCoreVersion", Integer.toString(GMS_VERSION_CODE));
+        data.put("dg_sdkVersion", Integer.toString(Build.VERSION.SDK_INT));
+        data.put("dg_session", Long.toHexString(new Random().nextLong()));
+        return data;
+    }
+
     private class JsBridge {
 
         @JavascriptInterface
