Ask HN: Android intents pass 2SV codes to Play Services, or I just hacked 2SV?
If clarification is needed:
I just signed into a gmail account on an android device without typing in the 2FA code.
Can intents pass on the 2FA code to Play Services, or did I just find a bug?
(Edited title for accuracy based on 1st reply) You probably mean 2SA, not 2FA. Also Google 2SA allows you to 'trust' or 'remember' devices to circumvent multiple queries for a code. Is this what might have occurred ? Upon digging, you're correct, though it seems I found more references to 2SV, but point taken. I am staunchly of the 'don't allow my machines to remember anything' variety, so likely not. If this 'remembering' is flagged in an app default, I'd be happy to clear it out and re-test. I went to retrieve the 2SA/V code, and when attempting to switch back to the dialog, it failed/crashed to the launcher. The dialog was still present in the application switcher, but repeatedly failed. But directly starting gmail bypassed the auth request and logged me in.