Expected behavior
After clicking on a document through the import feature, I expected the app to load the document.

Actual behavior
After clicking the document to import the app crashes.

How to reproduce
download the FREEOTPPLUS app https://f-droid.org/repo/org.liberty.android.freeotpplus_1.apk
click on the three dots at the top right corner
click on import
click on any data App crashes
Infinix note 4
Operating system: android 7.0
version 1.0

04-22 16:51:54.917 11973 12304 E AndroidRuntime: FATAL EXCEPTION: AsyncTask #1 04-22 16:51:54.917 11973 12304 E AndroidRuntime: Process: org.liberty.android.freeotpplus, PID: 11973 04-22 16:51:54.917 11973 12304 E AndroidRuntime: java.lang.RuntimeException: An error occurred while executing doInBackground() 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at android.os.AsyncTask$3.done(AsyncTask.java:318) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at java.util.concurrent.FutureTask.finishCompletion(FutureTask.java:354) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at java.util.concurrent.FutureTask.setException(FutureTask.java:223) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at java.util.concurrent.FutureTask.run(FutureTask.java:242) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:243) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at java.lang.Thread.run(Thread.java:761) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: Caused by: com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 1 path $ 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:224) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at com.google.gson.Gson.fromJson(Gson.java:887) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at com.google.gson.Gson.fromJson(Gson.java:852) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at com.google.gson.Gson.fromJson(Gson.java:801) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at com.google.gson.Gson.fromJson(Gson.java:773) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at org.fedorahosted.freeotp.TokenPersistence.importFromJSON(TokenPersistence.kt:112) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at org.fedorahosted.freeotp.MainActivity$3.doInBackground(MainActivity.java:324) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at org.fedorahosted.freeotp.MainActivity$3.doInBackground(MainActivity.java:310) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at android.os.AsyncTask$2.call(AsyncTask.java:304) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at java.util.concurrent.FutureTask.run(FutureTask.java:237) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: ... 4 more 04-22 16:51:54.917 11973 12304 E AndroidRuntime: Caused by: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 1 path $ 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at com.google.gson.stream.JsonReader.beginObject(JsonReader.java:385) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:213) 04-22 16:51:54.917 11973 12304 E AndroidRuntime: ... 13 more

On Google Play there is 1.2 version, on F-Droid 1.0. Will You update app on F-Droid?

Scanning a QR code is a common way to add a new token but often I need to add a token when I only have my phone and it's impossible to scan a code on your own phone screen. This app would be much more usable if we could download the QR code image then import it.

FreeOTP doesn't provide a way to export the stored keys. Would it be possible to import the data from FreeOTP into FreeOTP+ using a backup made with Titanium Backup? Any other ways this could be done?

Hey, can anyone help me add steam authy into this? Im using winauth in windows and it works fine there but i want to use freeotp on android, thanks in advance.

NVM, did it

At the moment (at least with 1.4), clicking on an already exposed token just refreshes the time limit before it hides itself again.

Being able to toggle the tokens to display with the same action as exposing would be beneficial security wise, but with still keeping the functionality of refreshing the time-out when exposing the token again.

Hey @helloworld1,
can you contribute those features back to https://github.com/freeotp/freeotp-android?

OnePlus 6's camera, as far as I can tell, defaults to a 4:3 aspect ratio. This seems to confuse this app. Interestingly enough, the original FreeOTP does not have this problem. I've attached a screenshot of what's supposed to be a square.

Hi,
AFAIR there's no black theme in the original app but could you have a look?
Thank you.

Right now I have 21 tokens registered. Finding the one I need can sometimes be tedious. It would be great if I could search/filter them.

When editing an existing OTP entry, the "Edit" dialog displays the underlying secret. While I appreciate that this really helps debugging the application and is very convenient, it is in my opinion a strong security risk. Same potentially applies to exporting (backing up) secrets.

In a scenario where an attacker get's temporary physical access to an unlocked phone, all secrets are compromised.

If the secrets were not displayed, temporary physical access to an unlocked phone would only expose the current (30sec-valid) one-time code.

App crashed while adding a token.
After that, I am unable to add this same token.

Is it also possible to add the Steam Autheticator token to FreeOTP+?
If yes, how?

is it possible to this because what I can se is that freeotp dont have any backup settings

When adding a new camera through QR code, the list should scroll to the top

Hi,

a very nice feature were the syncronisation to a WebDAV directory. This is nice for backup reasons or syncronisation, in you have multiple devices as second authenticator.

I have several entries for two-factor and when I tap the last one to reveal the code, the toast notification pops up in front of it. It's not a huge deal, just a minor annoyance.

Hello!
When in darkmode and low brightness (at night) it's very hard to read the accounts information written in black over dark grey.
Maybe account information should be in brighter color over dark grey background,like the 6 digit code.

Hi, it would be nice to be able to directly import FreeOTP's tokens.
On a rooted phone, one has access to tokens.xml and can copy it to somewhere FreeOTPPlus can read it from. If this step is left to the user, FreeOTPPlus itself would not need root access priviliges.

I was hoping this was a feature but instead I found out the app crashes if you try and import a PNG image.

When having 20+ logins stored in app it's cumbersome to locate correct login.

A folder structure that let users categorise login based on service type would really make life easier

In add token screen the two topmost fields are missing proper labels. In fact they entirely miss labels and the placeholder text does not help much. To the best of my judgement the first field is the account name but "18c5d…" doesn't mean anything to me.

Please relabel those fields to improve UX with this form.

Hi @helloworld1

I found this app on the Google Play Store. This guy just took your source code, added some ads in it and put it on the Store, without warning this is free software...

As you are the owner of the source code, feel free to open a request to google here to remove this copy from the Store, if it's your wish ;)

Don't forget to tell Google that:

• The app is licensed under Apache v2 license and this guy is violating it;
• He is falsely claiming he made the app;
• Provide some screenshots of your own app.

hello thank you for your work with this freeotp fork.
I have a few questions:

1. freeotp/freeotp-android#172 you know something about this bug. It seems to work well with your Plus version, you confirm me
2. Since when do you work with this fork you have plans for the future.
3. The original version has been abandoned or will be further developed.

Thanks again for the fork, just yesterday I was trying out the original version, it was giving me problems with everything (qr images etc...)

I have found this application as I was searching for a way to Export/Import settings to local storage for FreeOTP.

It would be great if this app could write and read to/from a removable SD card in the phone for those security aware not wanting data in the cloud.

Great app otherwise!

If I remember correctly, I backed up the freeotp data via adb. How do I migrate to freeotp+?
Thanks in advance.

Hi,

I would like to switch from Authy to a floss product. However I am worried that if I lose my phone I will be SOL.

I just installed FreeOTP+ on my phone. I added 1 account to it. If I make a backup now, then add 3 more accounts, will my original backup be able to communicate with all 4 accounts? Or do I need to backup each time I add an account?

What is the difference between exporting json and URI format? Does it matter? I see they can both be imported, so maybe it doesn't.

Also what is the function of "Add Token"?

I am not a computer programmer or any related profession so sometimes I miss things that seem obvious to those in the industry.

If you set custom icons for the codes, they will not persist after exiting and relaunching the app.

Perhaps images should be copied into app data folder with built in content provider.

Hello, It's not possible to add a token with and 7 digits codes (used with some services).
Thanks in advance :)

I'm using Nextcloud. Other apps show it in open or save dialogs.
When i select Export there is just Recent, Downloads, Internal Storage and SD card.

I have this happening with the several slack accounts (different teams) where I use the same email address. It seems that if the email address is not the same then you can add multiples with the QR scanner.

Steps to reproduce:

1. Join a slack team with an email address
2. Turn on 2FA for that account and scan the QR code, enter the given code into slack and finish the 2FA process
3. Join another slack team with the same email address
4. Turn on 2FA for that account and scan the QR code

Result:

1. Scanner will close without adding the account

Expected result:

1. Possibility to add multiple slack accounts

Workaround:

1. Manually enter the time-based key in FreeOTP+ generated by slack when clicking the can't scan this barcode link

Version and device:

1. Sony Z5 Compact running Android 7.1.1 with FreeOTP+ version 1.0 from the FDROID store

EDIT: If there's any logs I can provide then please let me know which ones you'd like to see.

Currently if import failed, the app can crash.

Now, transparent background just replaced to black color

Hi, even if there are few strings to translate, it would be an useful feature have localization. I found the strings.xml file under values, but no folder for specific languages (for example values-it for Italian strings).

Can I send a pull request with the translation in Italian?

Would be cool to have something like labled version releases... would make it much more easy to release in the fdroid!

Steps to reproduce:

1. Install app
2. Add a key
3. Import a previous backup

expected result:

the keys imported from backup and the key added in step 2 are available in the app

actual result:

only keys from the backup are available, and the key added in step 2 is missing. What's more, adding keys with QR code doesn't work

Deleting all app data solved the issue. I imported the backup first, and added keys later.

Ladies and Gentlemen,
as part of my master thesis at the TU-Chemnitz (Germany) in Applied Computer Science (Professorship Operating Systems, Supervision Dr. Marcus Hilbrich) I search for design patterns in Open Source Android applications and investigate how they got into the source code. If you don't know what design patterns are, that's no big deal. You can still support me.

One of the applications investigated is the app "FreeOTP+".
Since you are or have been a contributor to this app, I ask you to complete this survey.

If you complete the survey, you will help me to assess how well Android application developers know about design patterns and how they get into the source code.
The questionnaire takes about 15 minutes to complete and is available in English and German.

Please fill out the questionnaire now: https://bildungsportal.sachsen.de/umfragen/limesurvey/index.php/331639?newtest=Y&lang=en

Thank you very much for your support!

Yours sincerely,
Marcel Müller
[email protected]

---- German Version: ---

Sehr geehrte Damen und Herren,
im Rahmen meiner Masterarbeit an der TU-Chemnitz (Deutschland) in Angewandter Informatik (Professur Betriebssysteme, Betreuung Dr. Marcus Hilbrich) suche ich nach Entwurfsmustern in Open Source Android-Anwendungen und untersuche, wie sie in den Quellcode gelangt sind. Sollten Sie nicht wissen, was Entwurfsmuster sind, ist das nicht schlimm. Sie können mich trotzdem unterstützen.

Eine der untersuchten Applikationen ist die App "FreeOTP+".
Da Sie Mitwirkender an dieser App sind oder waren, bitte ich Sie, diese Umfrage auszufüllen.

Wenn Sie die Umfrage ausfüllen, helfen Sie mir einzuschätzen, wie hoch der Bekanntheitsgrad von Entwurfsmustern bei Entwicklern von Android Applikationen ist und wie die Entwurfsmuster in den Quellcode gelangen.
Die Beantwortung des Fragebogens dauert nur ca. 15 Minuten und er ist in Englisch und Deutsch verfügbar.

Bitte füllen Sie jetzt den Fragebogen aus: https://bildungsportal.sachsen.de/umfragen/limesurvey/index.php/331639?newtest=Y&lang=en

Vielen Dank für Ihre Unterstützung!

Mit freundlichem Gruß,
Marcel Müller
[email protected]

I have some questions: How does the app store keys? And how does it export them to external storage (e.g. GDrive)? Do you employ encryption? Thank you!

STR:

1. Find a QR code that isn't properly formatted as an OTP code - Stripe generated an invalid QR code for me but for obvious reasons I don't want to put that up on GitHub; https://duckduckgo.com/?q=!qrcode+strugee.net&t=ffab&ia=answer reproduces this just fine instead
2. Start FreeOTP+ and use the option to scan the QR code
3. Point the camera at the QR code on the screen
4. Crash

Here's the stack trace I pulled from adb:

05-07 03:50:14.354 32075 32075 D AndroidRuntime: Shutting down VM
05-07 03:50:14.355 32075 32075 E AndroidRuntime: FATAL EXCEPTION: main
05-07 03:50:14.355 32075 32075 E AndroidRuntime: Process: org.liberty.android.freeotpplus, PID: 32075
05-07 03:50:14.355 32075 32075 E AndroidRuntime: java.lang.NullPointerException: Attempt to invoke virtual method 'boolean java.lang.String.equals(java.lang.Object)' on a null object reference
05-07 03:50:14.355 32075 32075 E AndroidRuntime: 	at org.fedorahosted.freeotp.Token.<init>(Token.java:60)
05-07 03:50:14.355 32075 32075 E AndroidRuntime: 	at org.fedorahosted.freeotp.Token.<init>(Token.java:190)
05-07 03:50:14.355 32075 32075 E AndroidRuntime: 	at org.fedorahosted.freeotp.Token.<init>(Token.java:194)
05-07 03:50:14.355 32075 32075 E AndroidRuntime: 	at org.fedorahosted.freeotp.TokenPersistence.addWithToast(TokenPersistence.java:38)
05-07 03:50:14.355 32075 32075 E AndroidRuntime: 	at org.fedorahosted.freeotp.add.ScanActivity$1.onPostExecute(ScanActivity.java:101)
05-07 03:50:14.355 32075 32075 E AndroidRuntime: 	at org.fedorahosted.freeotp.add.ScanActivity$1.onPostExecute(ScanActivity.java:97)
05-07 03:50:14.355 32075 32075 E AndroidRuntime: 	at android.os.AsyncTask.finish(AsyncTask.java:695)
05-07 03:50:14.355 32075 32075 E AndroidRuntime: 	at android.os.AsyncTask.-wrap1(Unknown Source:0)
05-07 03:50:14.355 32075 32075 E AndroidRuntime: 	at android.os.AsyncTask$InternalHandler.handleMessage(AsyncTask.java:712)
05-07 03:50:14.355 32075 32075 E AndroidRuntime: 	at android.os.Handler.dispatchMessage(Handler.java:106)
05-07 03:50:14.355 32075 32075 E AndroidRuntime: 	at android.os.Looper.loop(Looper.java:164)
05-07 03:50:14.355 32075 32075 E AndroidRuntime: 	at android.app.ActivityThread.main(ActivityThread.java:6494)
05-07 03:50:14.355 32075 32075 E AndroidRuntime: 	at java.lang.reflect.Method.invoke(Native Method)
05-07 03:50:14.355 32075 32075 E AndroidRuntime: 	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:440)
05-07 03:50:14.355 32075 32075 E AndroidRuntime: 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:807)
05-07 03:50:14.370   894  2453 W ActivityManager:   Force finishing activity org.liberty.android.freeotpplus/org.fedorahosted.freeotp.add.ScanActivity

I don't know how active this project is, but if the developers are still working on it, please consider adding a standard data exchange format.

It would be as simple as:

One otpauth URI per line.

This URI format is already standard (see: https://github.com/google/google-authenticator/wiki/Key-Uri-Format). All the TOTP applications already know how to parse it. So, for data exchange output, simply write one otpauth URI per line to an output file. On input, read one line at a time and parse it as an otpauth URI.

At least one developer may be willing to go along with this if others do: Authenticator-Extension/Authenticator#282 (comment).

Hi Devs and excuse me for the off-topic question.
I'm very newby to 2FA, and I'm searching an application that does not include any subsystem Google.
The matter is very delicate and I would not like to create problems for users during authentication.
Could you simply suggest me the best way using FreeOTPPlus?
I manage some debian (VPS) servers.

Many thanks!

Davide

I've imported a previously exported backup, but when I exit and enter the app again, it's empty.
I've tried importing, exporting with the actual app and then reimporting, but without success.
Version 1.0 installed with F-Droid

Dear developer,
Every time we click on account to view the TOTP, it automatically copies the OTP to clipboard.
There should be option to enable/disable this feature. This will prevent the OTP revealing to clipboard snooping apps running background.

Kindly incorporate this feature.

App is crashing while importing .db file on Android 8.1
This happens every time importing using any file explorer (stock/third party) or any file hosting service app (GDrive, dropbox etc)
Kindly fix the issue.

Some sites only allow you to use your mobile application. If I take a screenshot and save it, they will not notice the difference.

Can you implement it? Thank you

I'm trying to export tokens form one device to import them on another device to have two OTP generators (they should work in parallel, one as a backup of the other). I have github and gitlub tokens active, but when imported (successfully) on the second device the OTP generated by the second device is not valid for login on gitlab.
Am I doing something wrong? Is there some part of seed/secret that is not exported?
Thank you

Now to put the image you have to take a picture. But you can get an image easily using favicon.

For example:
Amazon: https://www.amazon.com/favicon.ico

In some places it may be necessary to look at the html. But it should not be compliant.
https://stackoverflow.com/a/1990487/192389

With asking the URL of the image should be enough.

Is it possible that they implemented it? Thank you

Dear team,

when I take a look in the play store the current version is 1.2, in the F-Droid store the current version is 1.0. What's the reason for this gap? Is there a bug in the build process?

Please fix this.

Kind Regards,

Krawei

While you have great directions here
#11

wouldn't it be great to have an import option for root users who are lazy?