Mobile Authenticator back in the App Store
by Mike Schramm 
Oct 1st 2009 at 4:00PM
Unfortunately, the issue that originally got the app pulled off the store hasn't actually been fixed: the official blurb is now saying that you should definitely remove the authenticator from your account before you upgrade, and then re-apply it again to your account after you've upgraded (and presumably gotten a new key installed). If you install this new version of the app and then try to access your account, it won't work (and you'll have to call Blizzard support at 1-949-955-1382 to help them remove the old authenticator).
Small hassle to go through, however, to have an account protected against hacking. If you have an iPhone or an iPod touch and haven't picked up this application yet, now's the time to do so for sure.
[Thanks to everyone who sent this in, especially Eric!]
Filed under: Blizzard, Account Security
Reader Comments (Page 1 of 2)
BigBadGooz Oct 1st 2009 4:09PM
Hasent this been on the launcher for like a week or two. I use the app dunno what made it go bad cause I've had it since it was launched.
CimAdx46 Oct 1st 2009 4:17PM
The new version 1.0.2 was not a patch of the old 1.0, it was a complete replacement.
The authenticator ID was different on the new version, so it appeared to battlenet as the wrong ID, in theory anyone updating the old version was screwed and locked out of WOW.
Alpaca Oct 1st 2009 4:12PM
"now's the time to do so for sure, if you want an authenticator shackling your account."
There.. I fixed it for you.
mikejl Oct 1st 2009 4:16PM
Even worth upgrading? App description says "better interface." My v1.0 has worked just fine and really see no issue with the current interface.
Might hold off few weeks.
norcallights Oct 1st 2009 4:24PM
I'm going to update just so it's done. I don't want to accidentally click "update all" 5 weeks from now, forgetting that I have to disassociate my current Auth serial number before I upgrade.
That would be sad.
mikejl Oct 1st 2009 4:42PM
Good point. I may just go ahead I run the update tonight.
paperbull Oct 1st 2009 4:33PM
I made sure to follow Blizzards instructions and the update went smoothly. It's somewhat annoying that we will probably have to follow the same process in future updates, but it takes less then 5 minutes to do so it's not THAT big of a hassle. The interface is definitely more slick then it was in the release and it does seem to launch just a bit faster on my 3g.
malaika Oct 1st 2009 7:21PM
So it feels "snappier"?
Furydeath Oct 1st 2009 4:47PM
Can i get a free iphone now blizz to use the app I'm sure you can sapre some money.
dontknow Oct 1st 2009 5:04PM
So, I can run this on my phone, but not on my desktop computer? Is that to avoid hacking the authenticator code or something? I mean, the iPhone is running OS X, more or less, using the pretty much the same Mac UI APIs as on the desktop. Not that the UI would be hard to port to any platform.
I guess in theory someone could run it in the iPhone simulator on a Mac, although it would probably require some hackery to get it working there.
Itchy Oct 1st 2009 5:35PM
Thats the exact reason, no need to make it easy for people to hack something like this, the way the app store works puts up some extra barriers in order to stop people tinkering with the source code. This does not make it it unhackable if somebody is determined but it does make it slightly more "protected"
Nazgûl Oct 1st 2009 6:01PM
Actually it is for all intents and purposes unhackable. They may be able to discern the algorithm for their own authenticator, but they will be unable to tell from source code alone the algorithm for any given account.
DarkWalker Oct 2nd 2009 2:06PM
The algorithm is the easy part, I believe even I, though mostly ignorant of Java, could plug the mobile authenticator to a debugger and reverse it. The one thing that protects you is the 320-bit key Blizzard uses inside the mobile authenticator, and the fact that only Blizzard knows how to translate your authenticator code into the corresponding 320-bit key.
(This also means any security flaw on the iPhone, or any other phone running Blizzard's mobile authenticators, would allow a cracker to clone your mobile authenticator quite easily. If your phone also have access to the email you used to create your Battle.net account the cracker might be able to get your password changed, clone your mobile authenticator and get access to your account.)
DarkWalker Oct 2nd 2009 2:07PM
BTW, forgot to add, but you can use the instructions at http://deathcoil.net/authguide.html to download the java authenticator to your computer, where it will happily run inside J2ME or KEmulator. I have even cloned my authenticator key across my mobile and my computer, so if I lose my mobile (or if it's stolen) I can use the backup on my computer to remove that key from my account.
Britannic Oct 1st 2009 5:38PM
Downloaded it. All I get are network errors. Into the trash it goes.
Horris Oct 1st 2009 5:44PM
Where is my authenticator app for Android?
BigBadGooz Oct 1st 2009 6:59PM
It's comeing soon(tm) might as well buy a iPod touch instead and those iPhones like the one I'm useing to post here woorks great
Daedhir Oct 1st 2009 6:13PM
Just to add -- I removed the authenticator, upgraded the app, and re-associated the new one to my account, and the serial number was the same as it was before. I'm fairly confident I'd have been able to upgrade it without removing it, but I'm sure this is just a CYA move after the last version on the AppStore borked some people's accounts.
So I'm not sure it's necessary to go through the procedure, but it won't hurt to do it anyway, unless you think somebody's going to hack your account inside the minute it takes you to go through the whole procedure. :)
On another note, the app seems to load a bit faster. Other than that, the improvements seem mostly cosmetic, likely to go better with the improved battle.net service once it gets up and running.
paperbull Oct 1st 2009 7:24PM
Only a little bit. I've become use to launching the app then typing in my password so it doesn't really make much of a difference in how quickly I can log into the game.
paperbull Oct 1st 2009 7:25PM
Oops... apologies. This was meant to be a reply to the reply on my previous comment.