Quoting from Google’s signup page:
One Google Account for everything Google
And directly below you find the logos of eight services (there are actually more): Search, Gmail, Maps, Youtube, Drive, Picasa, Play and Chrome. Use Android and you find all of them neatly integrated in your OS. Most of the time you are now even aware that you are logged into one of them, because you are coerced into creating one account when booting up your phone for the first time and are never ever bothered with it again afterwards.Of course, there’s method to the madness. If Google would ask you to sign up for every service individually, you’d probably think twice if you really want to use it. After all, it’s a real hassle to find a free username, come up with a secure, but easy to remember password and finally read through the Terms and Services and accept them. Just having to do that once is way more convenient. And that’s where we have a teensy, tiny little problem!
Let’s say, you don’t own an Android phone and sign up via the Youtube website, you are only interested in publishing your videos and blissfully unaware of the remaining seven services (or just really don’t care about using them). Does that also mean that you implicitly agree to the Gmail TOS (giving Google the right to scan your email)? After all, one account gives access to all services and obviously, you cannot use a service without accepting it’s terms. Legally, that’s quite a tricky question, technically, even more so. Some court of law somewhere in the world might rule that such a package deal is not ok. Here’s another problem: assume I signed up for Gmail in order to use my account as a spam relay. Google would then be within their rights to kick me out. But what if I used the same account to buy apps on Play? If they simply banned the account, I would loose access to my purchases, license checks would fail and overall my smartphone would deteriorate into a feature phone. I would be within my rights to sue for damage.
I’m not a lawyer, but it becomes quite obvious that “one account for everything” is legally spoken a dangerous thing. Hence, it is not implemented this way. A Google account is first and foremost just that: an account to which you can bind services (or remove them again). Here’s what a login response looks like, directly after you create an account on your phone:
curl --data "Email=REDACTED@gmail.com&Passwd=SUPERSECRET&has_permission=1& \
Auth=<REDACTED AUTH TOKEN>
Token=<REDACTED OAUTH TOKEN>
Notice the strange absence of “googleplay” here? The above is actually just a Gmail Account that agreed to web tracking (“hist”) and personalized ads (“doritos”). There isn’t really a situation in which you could have the Google Service Framework without the Play app on your phone (with the only exception of you disabling it manually). Nevertheless, the Google Login Service only creates a base account, then broadcasts the fact via an Intent. If the Play app is installed (and enabled), it will add “googleplay” to the services. Without it, the account can’t be used for downloading apps.
Why am I blogging about this? Consider a third party apk downloader like Raccoon (or any other third party client for a Google service for that matter). Most users are able to use the software without problems, but then there’s this handful of people who can’t log in, no matter. what. Of course, you go through the list of the obvious culprits:
- Did you doublecheck username and password?
- Is Capslock enabled?
- Is “allow less secure apps” enabled in your account settings (otherwise Google only accepts OAUTH2)?
- Is two factor auth enabled for the account?
But in the end, it turns out, that the user registered the account through a different service than the one s/he actually wants to use (e.g. the user wants to use Play, but signed up via Gmail). DUH!
The solution is simple, by the way: just log into your Google Account with your browser from the website of the desired service (make sure you are completely logged out first). Google understands that as an agreement to the TOS of that service and silently adds it to your account.