GmsCore: [com.google.android.youtube] Video playback fails with HTTP error code 403
Affected app
Name: YouTube Package id: com.google.android.youtube
Update
The issue is partially solved by modifying YouTube to spoof the client according to https://github.com/TeamNewPipe/NewPipe/issues/9038#issuecomment-1289756816.
To Reproduce
- Make sure you are using the latest version of MicroG
- Install the latest version of YouTube
- Use an affected account and region (via a VPN for example) (Explanation below)
- Play some videos; make sure you get one with an ad
- Expect the video not to load
Expected behavior
It is expected for the video to load.
Screenshots
System
Android Version: [e.g. 10] Custom ROM: [e.g. LineageOS 17.1]
microG
microG Core version: v0.2.27.223616 microG Self-Check results: All ticked
Additional context
-
Videos fail to play the requested video when POSTing to
/videoplayback. This endpoint returns 403. The request itself did not yield anything useful when skimmed over. The payload is protobuf encoded and some data is likely hashed. No helpful information was inferred from the URL queries or request headers. I also imagine this issue’s origin can come from a completely unrelated request (for example, for token exchange and use in/videoplayback). -
This issue is ONLY reproducible on certain accounts in certain regions due to A/B testing, but expected to roll out globally. I have been able to reproduce this issue with multiple people’s devices and ROMs (by using the same affected account), but many people reported this issue on their own accounts as well. On r/revancedapp some references can be found here: #1, #2.
Note: The YouTube app including MicroG was altered so they can work on stock ROMs, but the issue does not originate from the changes. because we were able reproduce this on the regular YouTube app and on the regular version of MicroG on different custom ROMs.
An additional confirmation this issue is unrelated to the modifications on YouTube or MicroG is that when the modified app is altered back to use Google Services instead of MicroG, this issue does not occur. This was achieved by mounting the app with
mountand root permissions on top of the regular unmodified app, allowing it to bypass the measurements from GMS to prevent unauthorized apps from using GMS such as the modified YouTube app. To sum up, this issue occurs on unmodified YouTube and upstream MicroG.To solve this issue, I am willing to contribute with accounts from my side on which this issue can be fully reproduced.
-
This issue can be reproduced as well on older versions of YouTube. It is unlikely the issue originates from the app and in combination with the other additional context it is assumed, the issue is related to MicroG.
-
Related exception stack traces from YouTube v17.49.37 when the issue occurs:
-
OException when handling a request cn: Response code: 403 at bdf.b(PG:37) at yte.b(PG:20) at zlr.b(PG:1) at yso.b(PG:2) at mfg.b(PG:16) at zlr.b(PG:1) at yss.b(PG:22) at zlr.b(PG:1) at yrg.b(PG:54) at bcv.b(PG:48) at bcr.b(PG:2) at abxf.b(PG:2) at bcx.b(PG:1) at mda.i(PG:19) at mda.b(PG:17) at bbw.a(PG:1) at bbw.read(PG:5) at bbw.read(PG:3) at afyw.a(PG:3) at abwx.writeTo(PG:3) at org.apache.http.impl.entity.EntitySerializer.serialize(EntitySerializer.java:102) at org.apache.http.impl.AbstractHttpServerConnection.sendResponseEntity(AbstractHttpServerConnection.java:187) at org.apache.http.protocol.HttpService.handleRequest(HttpService.java:214) at abxa.run(PG:5) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637) at syj.run(PG:22) at java.lang.Thread.run(Thread.java:1012) -
Given up trying to get FCM Registration Id: java.io.IOException: SERVICE_NOT_AVAILABLE at ndo.a(PG:11) at nne.run(PG:54) at rt.execute(PG:6) at nso.a(PG:8) at abmg.i(PG:5) at nsz.s(PG:3) at nne.run(PG:59) at rt.execute(PG:12) at nso.a(PG:8) at abmg.i(PG:5) at nsz.s(PG:3) at ntm.b(PG:1) at mut.d(PG:1) at muv.a(PG:2) at bnp.handleMessage(PG:43) at android.os.Handler.dispatchMessage(Handler.java:102) at android.os.Looper.loopOnce(Looper.java:201) at android.os.Looper.loop(Looper.java:288) at android.app.ActivityThread.main(ActivityThread.java:7872) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:936)
-
About this issue
- Original URL
- State: open
- Created a year ago
- Reactions: 328
- Comments: 41
Please don’t post new messages confirming that the problem exists. Some people receive notifications for each new message in this thread and this is not helpful. If you want to state you agree with something, please use reactions rather than making new comments.
Was that problem fixed now? I can only watch revanced without microg to this day
can we not crap all over the issue tracker with useless chatterplease? github tracker is not the place for you to post whatever issue you are having its for devlopers to resolve know issues
shutup thats not what this issue is about we don’t want to hear about your problems in your country with whatever vpn you are using: its not related to this issue# thats not what this issue is for. this issue tracker is for problems with gmsCore
yes because people are using microg to bypass restrictions on modded youtube clients for devices without root so google has taken steps to mitigate the usage of microg and other things that bypass the signature checks
google was letting it slide now they are not.
I would expect a DMCA from google anyday if people keep abusing microg to ahem privateer youtube premium if they would like to pursue that path then they can fork Microg/GMSCore and maintain there own fork (which already exist)
fixing bugs caused by pirated apps(or patches that ENABLE it to be used for that) puts the entire project in jepordy and by enable I mean explictly adding fixes for Googles OWN apps when using microg to side-step there security checks
so far thats all this affects. you should not be using microG with offical google apps as that is self defeating if you want to use GOOGLE™ apps such as youtube and play music. and connect to google servers for CONTENT you should be using the standard google play services
He said that he patched the app and worked fine until yesterday, when the problem came back. Why isn’t useful? We should not report if the patch is not working again?
Changing the youtube handle seems to work but only temporarily as the problem arises again after a couple or a few days.
They don’t
Nothing. If you have nothing useful to add, please don’t post new message. Many people receive notifications from this thread and messages confirming the problem aren’t adding value.
You should report it to the ReVanced team in ReVanced GitHub, not here, this issue is only to the microG team fix the issue directly into microG instead of modifying YouTube to make it work properly so if you can, please, don’t start reporting if the issue is happening with your ReVanced with the
spoof-signature-verificationpatch here.I have notifications enabled here and I only want to see when developers/users will answer this issue with something helpful, not random people saying that their ReVanced is not working with such patch in a place that is not designed to ReVanced issues.
It worked till yesterday fine, today the bug is there again.
as a work around try disabling Push nofications and cloud messaging I am still testing if this accually works but so far seems good.
it looks like this is how google is detecting the vanced/microgms.
it ALSO seems like there is some kind of timeout on whatever restiction they are using when vanced/microg is detected as well switching accounts and using the other account for awhile seems to unrestrict the other account allowing video to play
Lol What should I else write? Iam just a dumb user and no expert
This isn’t helpful info
thinking about it some more its possible and likely youtube has implamented a server-side check to decide if the client is using features for which the account is not entitled for OR if they are authenicated using the offical google play api or not (google may have changed something in the play-services api to check if the authenicated client is using the offical play-servicesor authenicated some other way.
if vidoes play without microg installed this confirms they are doing some kind of check on if the client is using features they aren’t entitled too / checking how the client is authenicated
but I can’t figure out why this issue is so inconsistent
one day the account will just start working again with no changes / the next day it wont not using the account for some period of time seems to lift whatever restriction is put in place
Test and confirm it: https://github.com/inotia00/revanced-documentation/wiki/Method-3.-Using-official-ReVanced-Manager-(Android)
Videos play on YouTube normally without the use of MicroG. Your theory unfortunately is not correct.
Yes seems like it. it is pinned by @inotia00 in the office telegram group (https://t.me/revanced_extended_chat/176709). It is also will be coming in the revanced it seems according to the post. it would be helpful if we test it on our affected accounts and let the devs know.
@inotia00 probably fixed the issue? https://github.com/inotia00/revanced-patches/releases/tag/v2.164.30
@inotia00 Error is already fixed! No one reports this error in the other ReVanced builds either.
https://github.com/LuanRT/YouTube.js/pull/390 https://github.com/yewtudotbe/invidious-custom/issues/60
I don’t know the reason for all the dislikes, but this comment solved the problem for me. However, it should be noted I tested the solution only playing few videos.
“you should not be using microG with offical google apps”
What I did was to modify which apps MicroG could communicate to: in MicroG settings I made unregistered “app.revanced.android.youtube” because it didn’t have the Afn Red icon of YouTube Revanced Extended. I was thinking that even if it had “Revanced” in the name, it was actually some application that was linked with google services.
I hope this helps.