Problems Logging into Google Account in Apple Mail for Mac, After macOS 10.4.4 Update

Update: This issue has been fixed.

I updated my iMac to macOS 10.4.4 yesterday. This morning, when I went into my home office to work, I found that I needed to log into my Google account (I have my personal domain hosted on a Gsuite account) in order to get email.

Email

I clicked Open Safari, and Safari opened a private browsing window with a login page for Google. I entered my email address and password, then a one-time code, and it bounced me back to Mail, but all I saw was this:

Login

Something wasn’t sending the appropriate token back to Mail to allow the login. (I later tried creating an app-specific password for Mail on Google, but that was refused; it looked like the login it was requesting was not specific to Mail, but to the Google account in general.)

This was only happening on my iMac, which I had updated to macOS 10.4.4; not my MacBook Pro which hadn’t been updated, nor my iPhone. I called AppleCare, and they had me create a new user account on the iMac, where the same thing happened, confirming that the problem has something to do with this Mac, rather than my user account.

One thing that surprises me is this authentication procedure via Safari. In the past, I’m sure I entered my Google password in Mail, or in the Internet Accounts pane of System Preferences, and this Apple support document shows that you enter your password in Mail. So I’m not sure if this new process is causing the problem, or, as the Apple Care senior support person said, it has something to do with a certificate.

This is, of course, quite problematic. If you rely on email for your work, and can’t get your email, you are hindered. I can get the email on my other devices, or I can use the Gmail web interface, so I’m not totally locked out, but still; I manage my email in the Mail app, and don’t like using the web.

This sort of issue raises the question of whether it’s really safe to use an email system that does not work with standard username/password authentication. For some reason, the login requires transiting via a web browser, which means there is a weak link that can break.

In any case, I’m throwing this out in case anyone else has this problem. The Apple Care technician said that he was sending this to engineering as a high-priority issue, and doesn’t think that a macOS update would be required, that he thinks it’s most likely a certificate that may simply need to be updated. I’ll post more info when I get it.

Update: There’s an Apple forum thread about this issue, so it’s clearly a problem affecting a lot of people. Some users are reporting that this was a bug in the beta version of macOS 10.4.4, which was duly reported by many testers. If so, Apple really messed up, because so many people use Google for their email.

Some users are able to get their accounts to work by deleting the existing Google account, then re-creating it as an IMAP account, but this means that it isn’t recognized as a full Google account, which is problematic for those who use Google for calendars and other services.

Intego Mac Podcast, Episode 67: FaceTime, Facebook, Google, Shortcuts, Steganography, and More

Apple had a mean FaceTime bug; then they slapped down Facebook, and Google, for some underhanded app distribution. There are security risks using iOS Shortcuts, and there’s new malware using steganography.

Check out the latest episode of The Intego Mac Podcast, which I co-host with Josh Long. We talk about Macs and iOS devices, and how to keep them secure.

Facebook, Google Caught Deploying Invasive Apps; Apple Shuts Them Down

Facebook was found to have deployed apps to track user data and usage on iOS and Android, using a VPN app called “Facebook Research.” As TechCrunch reports, this app—which paid teenagers up to $20 a month to be surveilled—had root access to network traffic to be able to track all of the users’ activity. The app could collect private messages, emails, web browsing history, search history, and more as part of what Facebook calls Project Atlas, which was created with the goal of learning about new trends.

This app wasn’t available on the iOS App Store, however; it used a system called the Apple Developer Enterprise Program, which allows companies and developers to deploy apps privately. Users would download a profile to their devices which would allow the app to be installed. This is not uncommon, as many companies create apps for internal use, and don’t want to distribute them on the App Store. But in order to function on iOS devices, these apps still need to be installed with a developer certificate, which in this case was Facebook’s internal enterprise certificate.

When Apple discovered what Facebook had done—which is a clear violation of Apple’s developer account rules—Apple cancelled that certificate, effectively operating a kill switch to shut down the app. (Apple’s iOS devices check whether an app developer’s certificate has been revoked, and if it has, the app will no longer run.)

Read the rest of the article on The Mac Security Blog.

Book Review – The Four: The Hidden DNA of Amazon, Apple, Facebook and Google

Four companies are at the top of the pyramid for technology and digital media: Amazon, Apple, Facebook, and Google. Each one is very different, but there are many similarities that have helped these companies become so dominant.

Amazon’s reach is extraordinary, with 64 percent of people in the United States being subscribers to Amazon Prime. Apple, while far from being the leader in smartphones, commands one of the highest profit margins in the tech sector, currently around 38 percent. Facebook has two billion users, and four of the five most popular mobile apps are owned by the company. And Google owns 92 percent of the search market.

Much has been written about the successes of these companies, and of the unique qualities of their founders: Jeff Bezos, Steve Jobs, Mark Zuckerberg, and Google’s Sergey Brin and Larry Page. And much has also been written about how these companies strategically created or took advantage of sectors where they could disrupt existing companies.

Scott Galloway, professor at the New York University Stern School of Business, and longtime entrepreneur, looks at these “four horsemen,” as he calls them, in his book The Four: The Hidden DNA of Amazon, Apple, Facebook, and Google. In his book, he highlights many of the negative aspects of their business models, and their effects on society.

Read the rest of the article on The Startup Finance Blog.

Google Tracks Your Movements — Can You Stop It?

You know that Google knows a lot about you. The company’s business model is based on its ability to target Internet users precisely, and this targeting is possible because of the vast store of data that Google has on billions of users, including you. It knows where you’ve been, what you’ve searched for, which websites you’ve visited, what you’ve bought, and much more.

In a recent story on The Mac Security Blog, we how you can find out what Google knows about you, and how to slim down the profile they store. But in some cases, Google makes it difficult—and confusing—to turn off their virtual panopticon.

Read the rest of the article on The Mac Security Blog.

Everything Google Knows about You (and How to Search Privately)

“Why don’t you just Google it?”

You have probably said this when people asked you questions, and you’ve certainly heard other people suggest this method of finding out information. You may use Google to get sports scores, to find how to do something on your Mac, to search for information on a vacation destination, to find recipes, and much more. After all, Google is the world’s most popular go-to tool for accessing information.

But Google is not your only search engine option, and certainly not the most private. Have you ever wondered what Google knows about you? You might be surprised by how much Google knows about you, and you may want to change that. Want to search more privately? Of course you do!

Read on and we’ll show you how to find out everything Google knows about you, as well as how to change some search settings. And if you don’t like what you see, we also offer suggestions for two other search engines that aren’t as creepy as Google.

Read the rest of the article on The Mac Security Blog.