Google is rolling out Google Play services starting today, bringing another of the great developer tools they showcased at Google I/O to the public.
For those of us that aren't developers, it's pretty easy to wrap your head around. If your device runs Froyo or higher and has access to the Google Play store, you'll have a new Google component to download. It's a set of libraries and tools that developers can use to authenticate with your Google account. When an app needs to access your private data from a Google application, they can use the new tool to get that access securely without requiring you to enter the (hopefully) long and secure password you use for your Google account. Version one of the service includes Google+ sign-in and +1 APIs as well as new OAuth 2.0 functionality.
OAuth 2.0 is a pretty big deal. It scales better than previous versions, is more secure, and as Googler Tim Bray notes "especially, because typing your password into a mobile device sucks". Bray has also posted an excellent overview, complete with code samples, using the new OAuth components at the Android Developers blog.
Best of all, this will all be transparent to the end user. Once the required code is installed on your Android phone or tablet, the rest is up to developers. No more typing in your password on a mobile webpage, or getting a one-time password from Google two-step verification, we'll simply be able to choose the account we would like to use and go. We see that now with many of Google's apps, but the new method will bring it all together for a consistent -- and safe -- user experience using open standards.
The developer portion of the service is available now, and you can find all the info you need to start using it at the links below. The client side (what we'll need on out phones) should be rolled out completely in the coming weeks, and we'll start seeing apps use the service once Google announces the rollout is complete.
There are some real problematic issues with Oauth 2.0, so much so that the lead author and editor Eran Hammer washed his hands of the whole process. There is a discussion about it on his blog, but the key points are that an Oauth tokes are very much subject to man-in-the-middle attacks, or purpose-shifting (requesting access for one use, and using that access for a multitude of other things). His final recommendation to potential users is "If you are currently using 1.0 successfully, ignore 2.0. It offers no real value over 1.0".
I was going to post the same thing...except that everyone is switching to OAuth 2.0 anyways (including Facebook who did it last year)...
Confused really didn't know if had 1.0 or not.
What is the abvantage and use of either?
requesting access for one use, and using that access for a multitude of other things As a developer, not android, this is my concern. I am also not a tinfoil hat, just curious
will this auto update?
If you check the allow update box then yes, otherwise no.
How come apps like gReader Pro and Tasks were able to use the built in Google Account authorization? How is this different?
Get the best of Android Central in in your inbox, every day!
Thank you for signing up to Android Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.