Fixing the “BAD_AUTHENTICATION” Error in Android Apps Using Google Services

  • Technical How To's
  • Fixing the “BAD_AUTHENTICATION” Error in Android Apps Using Google Services

When developing or using Android applications that rely on Google authentication, you might encounter the dreaded error:

[GoogleAccountDataServiceImpl] getToken() -> BAD_AUTHENTICATION
Account: Account {name=example@gmail.com, type=com.google}
App: com.google.android.gms
Service: oauth2:https://www.googleapis.com/auth/login_manager
sry: Long live credential not available

This message often appears in the device logs or the app’s output console and can prevent the application from authenticating properly with Google’s servers. It’s especially common in apps that use OAuth2 tokens for background operations — such as SMS sender applications, backup utilities, or synchronization tools.

🧩 What the Error Means

The error BAD_AUTHENTICATION means the app failed to obtain a valid OAuth2 token from Google’s authentication service. The phrase “Long live credential not available” indicates that a refresh token (long-lived credential) is missing or invalid.

In simpler terms, the app tried to log in on behalf of a Google account but didn’t have — or couldn’t renew — valid credentials.

⚙️ Common Causes

  1. Expired or revoked token
    The access or refresh token previously granted to the app has expired, been revoked, or is no longer valid.
  2. Invalid account session
    The Google account on the device may be out of sync, deleted, or changed since the app was first authorized.
  3. Outdated Google Play Services
    Older versions of Google Play Services can sometimes break authentication.
  4. Incorrect OAuth2 scope or configuration
    The app might be using an incorrect or deprecated OAuth2 scope (for example, the URL in the Service: part of the log).
  5. Account permission issues
    The app no longer has permission to access the requested Google API.
  6. Testing or debug environment mismatch
    If you’re using a debug key or an unverified package name, Google may reject the authentication attempt.

🛠️ Step-by-Step Fix

1. Update Google Play Services

Make sure Google Play Services is up to date. On most Android devices:

  • Open Settings → Apps → Google Play Services
  • Tap App details, and ensure it updates to the latest version.

2. Re-authenticate the Google Account

Remove and re-add the Google account on the device:

  • Go to Settings → Accounts → Google → Remove account
  • Restart the device and re-add the same Google account.

This forces a fresh authentication token to be generated.

3. Clear App Cache and Data

Corrupted authentication caches can cause failures:

  • Go to Settings → Apps → [Your App]
  • Tap Storage → Clear Cache and Clear Data

Also clear cache for Google Play Services and Google Play Store.

4. Verify OAuth2 Scopes

If you’re a developer, check that the app requests the correct OAuth2 scopes.
For instance:

oauth2:https://www.googleapis.com/auth/login_manager

Ensure this scope is still supported and corresponds to the Google API you intend to access.

5. Handle Refresh Tokens Properly

In Android apps using Google Sign-In or GoogleAccountCredential, make sure you handle token refreshes. A valid implementation typically:

  • Detects when a token is invalid.
  • Requests a new token using GoogleAuthUtil.getToken().
  • Catches and handles UserRecoverableAuthException properly.

6. Check Google Cloud Console Configuration

In your project settings:

  • Confirm that the OAuth consent screen is configured.
  • Ensure the SHA-1 fingerprint and package name of the app match the one used to request the token.
  • Verify that the app’s client ID has not been restricted or deleted.

7. Reinstall or Rebuild the App

If the app is in development, uninstall and reinstall it with a fresh build. This clears stored credentials and re-initiates the OAuth flow.

💡 Example Scenario: SMS Sender App

An SMS sender app that uses Google authentication (for example, to synchronize messages with the user’s account or upload logs to Google Drive) may encounter this error when trying to send a message or start a background job.

In this case:

  • The app tries to obtain an OAuth token using the stored credentials.
  • The stored credentials have expired or are no longer valid.
  • The app receives BAD_AUTHENTICATION.

Solution: Force re-authentication. Prompt the user to sign in again using their Google account so a fresh token can be issued.

🔍 Pro Tips for Developers

  • Use short-lived access tokens and handle expiration gracefully.
  • Store refresh tokens securely using Android’s AccountManager or encrypted storage.
  • Always catch and log authentication exceptions, but never expose sensitive tokens in logs.
  • Monitor OAuth client quotas and error rates in the Google Cloud Console.

✅ Final Thoughts

The BAD_AUTHENTICATION error is not uncommon when integrating with Google APIs in Android apps. It’s usually a sign that the app’s authentication state is out of sync with Google’s servers.

By updating services, clearing caches, and re-authenticating properly, you can usually restore functionality quickly.
For developers, handling token expiration and refresh logic correctly is key to preventing these errors in production environments.

This article is inspired by real-world challenges we tackle in our projects. If you're looking for expert solutions or need a team to bring your idea to life,

Let's talk!

    Please fill your details, and we will contact you back

    Related Posts

    In:

    Apple APNs Certificate Update: What OneSignal Users Need to Know

    In:

    Pendo API Key vs Pendo Feedback Integration Key – What’s the Difference and How to Use Them

    In:

    Smart Forms in React: Handling Autocomplete, Focus, and User Experience

      Please fill your details, and we will contact you back