September 4, 2013
iOS User Data Cleaned Out Thanks To Faulty Google Authenticator App
Michael Harper for redOrbit.com - Your Universe Online
iPhone users who downloaded the latest update to the Google Authenticator app this morning had their stored user data wiped from their devices. The app is used in connection with Google’s two-step verification process, a system meant to add an extra level of security to Google accounts and other services.
Users claim the faulty update removes all existing accounts stored on the device that use Authenticator to unlock access. According to TechCrunch, some of its readers said they’ve had their tokens for Dropbox, DreamHost, Evernote and Twilio deleted from their iPhones. Some users are even being locked out of their accounts without the proper authentication codes, forcing them to call support desks and ask to have their service restored.
In other words, it’s best to wait to update this app on your iPhone until after Google releases a fix. As a response, Google has pulled the app from the App Store until it can squash this bug and push out a clean update.
“Not the first time Google Authenticator has wiped my accounts. To re-set up you just have to 'move to a new phone'," wrote John Bergmayer on his Twitter account.
Issues such as this are likely to continue to be a bother for iPhone users. Apple’s newest version of its mobile OS -- iOS 7 -- boasts auto-updating apps. If users have the setting ticked in their phones, the app store will automatically push the latest updates directly to the user’s phone. Though millions of customers (including Arizona senator John McCain) have been clamoring for this feature since the App Store first debuted in 2008, it could also cripple devices when faulty updates are pushed to the store. Indeed, those developers who have been beta testing iOS 7 and running Google’s Authenticator app had their existing data deleted even before they knew the app was faulty.
In March Google pushed out a new version of Authenticator for Android separate from any other existing versions. Users were forced to download the new version, give it all the permissions, and remove the old version. In a bit of irony, it was rumored the development team responsible for the app lost their signing key and were therefore locked out of the account and could not submit any updates.