Image: @lukastresch on Twitter
According to multiple threads on Reddit and the TMC forums, Tesla owners can no longer sign in to YouTube (or any other Google service, for that matter), running the 2020.48.35.5 software update, as one example.
Whenever users try to log in, they get an error message telling them their “browser or app may not be secure”.
Many theorized that the latest firmware update for Tesla vehicles, version 2020.48.35.5, was responsible for breaking the Google sign-in functionality. However, that is not the case.
Thanks to the superb sleuthing skills of the Tesla community, we now know that Google itself disabled logins to Google accounts from embedded browser frameworks, and unfortunately for Tesla owners, their vehicles’ onboard Chrome variants fall under that umbrella.
Google made the change in an attempt to increase account security, but the move has adversely affected many.
The built-in Tesla browser identifies itself to Google’s servers as a debugging build of Chrome, which is where the root of the problem lies. As things stand, the situation can only be remedied by Tesla it appears.
Google announced this change was coming last August:
We are always working to improve security protections of Google accounts. Our security systems automatically detect, alert and help protect our users against a range of security threats. One form of phishing, known as “man-in-the-middle”, is hard to detect when an embedded browser framework (e.g., Chromium Embedded Framework – CEF) or another automation platform is being used for authentication. MITM presents an authentication flow on these platforms and intercepts the communications between a user and Google to gather the user’s credentials (including the second factor in some cases) and sign in. To protect our users from these types of attacks Google Account sign-ins from all embedded frameworks will be blocked starting on January 4, 2021. This block affects CEF-based apps and other non-supported browsers.
As of this writing, there are no known workarounds for the problem — the old Plex workaround and even allowing less secure apps access to your Google account don’t seem to work.
We’ll just have to wait for Tesla to address the problem, but while we do, it is recommended that any users already signed in to YouTube or other Google services don’t sign out as they won’t be able to sign back in.
