Android User Locked Out Of Google Accounts After Moving To A New City

Slashdot reader troublemaker_23 shares a post from ITWire An Android user has been locked out of his Google account apparently because he moved... The explanation offered by Google support staff was that since his address details differed, billing information with Google wasn't current and hence the user's purchases could look fraudulent... During his interactions with Google support to find out why he had been locked out, he was told that "It is our policy to not discuss the specific reasons for an account closure"...

He was initially directed by Google staff to a site where he had to scan his driver's license and credit card and told that he would have to wait 24 hours to get his account unlocked. But after this time passed, he was told that the account would not be unlocked and Google would not tell him why. He was advised to abandon his old account and start a fresh one. However, this meant he could not use the credit card that he had used on the old account...
The affected user called this "a warning to others not to put all your eggs in one basket, because these days, you have no rights over that basket whatsoever." But Friday the user posted an update on Reddit, quoting a Google staffer as saying "we routinely monitor account behavior on Google Play and take action on potentially suspicious activity. Unfortunately, in your case, your account was wrongly flagged and suspended. I have just reopened your account... I sincerely apologize for the stress and inconvenience this has caused you."

I think he just got scammed .

he scanned his dl and credit card into a google site ??

yeah .. i think he may be in for a bit more inconvenience other than being locked out of google

Re:I think he just got scammed .

[Mitreya]

he scanned his dl and credit card into a google site ??

No, it just looks like scam, but companies are that brazen nowdays.

Both eBay and PayPal have, at various points, requested a copy of credit card and driver license sent to them because of some verification they made up. My electricity provider and my dentist even wanted my SSN! Of course I told them off.
Someone I know had been locked out of the eBay account because eBay would not even accept a European DL instead of US one.

Re:I think he just got scammed .

[_KiTA_]

Blizzard demands your Driver's license if you make the mistake of installing their 2 stage auth app on a mobile device and need to remove it without access to the device.

I hear trying to get your Guild Wars 2 account back if you lose access to the original email involves a copy of your Social Security Card, Birth Certificate, 2 Photo IDs, the original box + receipt, and a phone call to India.

Re:I think he just got scammed .

[taustin]

My electricity provider and my dentist even wanted my SSN!A

No problem, as soon as you sign this, which indemnifies me without limit for any misuse if this identify theft qualify information. In other words, if someone breaks into your computer and steal this, you pay all costs related to straightening it out, including, but not limited to, costs of credit score monitoring, all actual costs due to fraud, any increased interest I might have to pay on loans as a result of damage to my credit score, legal fees, lost wages, etc.

What's that? You're not willing to accept responsibility for this information that you require but have absolutely no use for? Then I guess we won't be doing business.

Re:I think he just got scammed .

[Schind]

Been there with PayPal.

Moved to another city and PayPal decided to freeze my wallet. First of all: there wasn't any kind of continuity in discussions I started to regain my account since one could only message via some feedback form on their site - not by mail. The answer was given in a mail that couldn't be replied so all I was left with was to fill another form and paste the past discussion to the form since everytime a different person was answering each of the feedback. Just frustrating.

Only way to regain the control of the accoung (and my money) was to scan a passport and a fresh bank statement and I refused to do so since this was just dealing with a "toy bank" PayPal. Instead; I decided to wait for my credit card to expire because then all the money gets transferred to my bank account. Avoided PayPal since then.

Re:I think he just got scammed .

[Geeky]

That's more or less the law in the UK - if a company stores personal information about you they are legally obliged to keep it secure and therefore may be liable for damages if they don't (although proving it would be the challenge). You are also entitled to know what information they are storing for no more than a nominal processing fee.

Re:I think he just got scammed .

[tburkhol]

You might to keep up on whether they have your SSN. I refused. five years later, I get a new job and new insurance. The insurance company got my SSN from my employer and they in turn gave it to my eye doctor. I have tried to get them to get rid of my SSN, but every time they submit a payment, the SSN comes back to them.

This is to make sure you're not cheating your government out of medicare, medicaid, insurance supplements, or tax benefits. It may only be a legal requirement for medicare recipients, but they are a large enough fraction of health care customers that they dictate process for all the rest of us.

Re:I think he just got scammed .

[AmiMoJo]

Can you just use a fake SSN? Do they actually use it for purpose that requires it to match the one the government has on file?

Re:I think he just got scammed .

[Geoffrey.landis]

After that... use a gmail account which you also pull down via IMAP to a local server ...

The discussion here is about people losing access to their gmail account without notice and with no way to get it back.

never gave them credit card number

[iggymanz]

I have android phone, use google mail for some things (monitoring alerts) and of course google play for free apps..but I won't give them credit card number.

Guess I won't have this particular problem

Re:never gave them credit card number

[AmiMoJo]

I have a Google phone, they have my credit card info for occasional billing. I move frequently between the UK and Japan, changing my registered address and phone number, and it's never a problem. This guy seems have been the victim of a genuine mistake.

If anything it's been getting easier to do this over the years. It used to be that it would look at your locale, see you had apps installed from a different locale's Play store and uninstall them for you. Now it just updates them properly, even if your current local repo doesn't list them.

Re:never gave them credit card number

> apparently they didn't like the change in my IP address.

This did not happen.

Re:never gave them credit card number

Don't bet on it. I've lost access to at least four google accounts when I've moved, apparently they didn't like the change in my IP address. No credit card involved.

That's really insightful. With that logic, the tens of millions who travel for work or vacation everyday, use public WiFi, or connect via their mobile company's randomly and usually short lived DHCP IP address must have terrible problems using their Google accounts.

Or it wasn't an IP address change at all that Google didn't like, but other activity that got you banned not once, not twice, but four times?! Maybe you should examine what exactly you're doing. You're a click-bait headline in waiting. "Google banned account of 9 years for changing IP Address!" and then not revealing that you were spamming the shit out of rec.autos.bitchin.camaro and have a dozen chargebacks on the Google Play store.

Re:never gave them credit card number

[TheRaven64]

And this is why I won't buy anything via Google Play (or the Apple App Store) and most of the apps on my phone come from F-Droid. I won't buy anything that comes with a built-in revocation mechanism for my purchase over which the seller has total control. Would you buy a phone with a contract that said that at any point the seller could require you to give it back (but they keep the money) without providing any justification and at their sole discretion? Of course not, yet people are quite happy to do the same thing with software.

Re:never gave them credit card number

[kbg]

Well thank god no one knows my IP address is 127.0.0.1

Re:never gave them credit card number

[jetkust]

How do you know "This did not happen"? IP address is not just a random number, there is a lot of other information google associates with it. But most importantly, google pretty much does what they want for any reason when it comes to their accounts and doesn't tell you why. So unless you wrote all of the algorithms that flag peoples google accounts, you're making things up just as much as the person you quoted.

Re: never gave them credit card number

[_merlin]

Google seems to be completely random. When I travel internationally I get locked out of Google talk until I log in to Gmail to "verify" myself.

Time to make our own cell phone OS?

[elcor]

Something minimalist and ultra performant like the beOS + bitcoin of cell phone, decentralized, no user account.

This is kind of ridiculous...

[ZorinLynx]

It's frustrating that you pretty much have to go to the media/public and embarrass a company before they will fix issues like this. Not everyone has the time to do this, and not everyone will be able to get enough people to listen to raise a big enough fuss to get the company's attention. I wonder how many situations like this happen that we never hear about and never get resolved?

"he was told that the account would not be unlocked and Google would not tell him why."

If your account is disabled you should have every right to know why and there should always be a path to correct it. What the hell?

I'm an Apple user; if they pulled this crap with my Apple ID it would be extremely irritating; you can have a lot of money wrapped up in these accounts in the form of purchases!

Re: This is kind of ridiculous...

[blibbo]

You make fair points, but as devil's advocate...saying when something goes wrong and it gets in the news means there must be more going on that doesn't get in the news is the pessimist's perspective.

The flip side is, it's a big world. If I see murders and rapes on the news, it doesn't mean I necessarily need to be afraid in my own neighborhood.

So far, this kind of thing that Google has done hasn't affected me or my friends or my family. So one misunderstanding won't represent all of Google for all people.

Re:This is kind of ridiculous...

[AK+Marc]

If your account is disabled because they suspect you are actually an identity thief who stole the account, they probably don't want to tell you what gave you away.

"We flagged you for fraud because you bought 10% more than normal within 24 hours of changing your billing address" is not required. "Fraud alert" would be infinitely more than this guy claims he was told, and would give away nothing.

There was a path to correct it. The story is newsworthy because for some reason the normal way to correct the problem wasn't working.

If the path to correct it is blocked, one could argue that the path no longer exists.

Move to another city and it might look like you are an identity thief; then, one Apple employee screws up and you might be rejected in the appeal.

I have three accounts loaded on my phone right now, each of them from a different country, two of them with the same payment, only one of the accounts has a payment from the same country as the account. Apple has never complained.

Re: This is kind of ridiculous...

[lucm]

The guy went from Google to Amazon? That's like trading a fully loaded Honda Accord for a Honda Civic with no A/C.

Re:This is kind of ridiculous...

[taustin]

I'm an Apple user; if they pulled this crap with my Apple ID it would be extremely irritating; you can have a lot of money wrapped up in these accounts in the form of purchases!

With Apple, you're the customer. With Google, you're the product, and they really don't care, because eyeballs are fungible.

One of the very few things Apple gets right.

Re:This is kind of ridiculous...

[AmiMoJo]

With Google, you're the product, and they really don't care, because eyeballs are fungible.

This is of course complete bollocks. Otherwise why would they even try to make a good user experience?

Google sells advertising. You can use their services for free, or choose someone else's, or pay to have the ads removed and get some extra features. Some services don't even have ads at all, like Docs, because they make their money from business users. And of course, some of their products are not free, like their phones, and some are just there to provide a gateway to other services like Chrome OS.

Notice how Chrome OS doesn't have ads baked in, unlike say Windows 10 or Ubuntu. Microsoft make you pay and look at ads. Are you not Microsoft's customer, even though you paid for Windows? Do you think they don't care if you use someone else's OS?

Re:This is kind of ridiculous...

[TheRaven64]

Even without that, if you have an issue with your Apple ID then you can go to the web site and schedule a time when they will telephone you. I got an iPad from work a few months ago, set a PIN, used Touch ID enough that I forgot the PIN, and managed to lock myself out of both the device and my Apple ID (which had some security questions that I'd set over 10 years ago when it was just for the Apple online store and not tied to anything else). Two minutes on the web site to schedule the call, they called me back at a time convenient for me, unlocked the account, and helped me factory reset the device.

Re:This is kind of ridiculous...

[Bongo]

That's the important thing. Whether we "buy" or "rent" or "license" or whatever, isn't the point. What matters is that companies make the effort to treat people properly. For example, at any time the power company could just cut me off and leave me freezing in the dark on a cold winter, and buying a generator shouldn't really be the "answer" to that, rather, companies which provide "critical" infrastructure shouldn't be allowed to just go cutting things off at the first sign of inconvenience to them.

And of course regulations can go too far to the other extreme.

But it isn't about market freedom or personal responsibility or socialism or whatever, it is about the film Brazil and an innocent man named Buttle who was the victim of bureaucratic error.

If we are using CPUs and SSDs as glorified desks and filing cabinets, the "bureau" in bureaucracy -- if we are simply building an even dumber and colder bureaucracy in silicon, then WE ARE DOING IT WRONG.

Re:This is kind of ridiculous...

[Geoffrey.landis]

They can, but it would be a PR nightmare and would be splattered all over the news within a day of it happening.

No.

It appears that when this kind of thing happens it's "splattered all over the news", but that's because when it doesn't make the news, you never hear about it. It's a perception error.

rights

[phantomfive]

"warning to others not to put all your eggs in one basket, because these days, you have no rights over that basket whatsoever."

This can not be repeated enough.

Re:rights

This can not be repeated enough.

I concur. Google has a history of completely shutting people down like this. This week we saw them apply the "internet death penalty" to people who (admittedly through their own negligence) violated a policy on ordering Pixel phones. Now there's this guy who did nothing wrong at all, and there are plenty more like him. It's been a real problem for Android developers. Accrue a random/arbitrary TOS violation against any one Google service, and they wipe out your _entire_ Google existence, including your Play Store developer account and all apps it owns. Google Play, GMail and calendars, Google Drive, Docs, Voice, Wallet, AdSense, Hangouts... _All_ of it is shut down for allegedly violating the TOS of any one service, and the only avenue for appeal results in either radio silence or a canned autoresponse.

This mirrors Google's abysmal track record at handling YouTube complaints. Anyone can file a "strike" against any other user for any reason/bogus reason. A single user can generate multiple strikes against one target. If your YouTube account gets locked out, and you aren't famous enough to generate a big public backlash (h3h3 ETC) against Google, you're screwed.

Savvy developers are now essentially minting a new identity from which to publish apps. New burner Android phone with a cheapo plan and clean number not tied to any other Google service. New GMail account activated with the burner phone. Google Play developer and merchant accounts registered to a family member's address. Install Android SDK and Chrome into one VM configured with a VPN, and never run SDK or Chrome anywhere else. ETC... At least this way if someone registers a bogus complaint against your app, you might lose your app but you don't lose access to your entire personal Google world and all of _your_data_ stored therein.

As Google continues to automate away the burden of interacting with their users, it will only keep getting worse. I'm honestly surprised this guy got in touch with a human being.

Re:rights

[tlhIngan]

This week we saw them apply the "internet death penalty" to people who (admittedly through their own negligence) violated a policy on ordering Pixel phones.

There was no negligence involved. The people who violated the ToS did so to make a buck. They didn't order Pixel phones for their own use, they ordered them for the explicit purpose of resell.

Perhaps they got there because the company in Delaware said they'd make a few extra bucks, but either way, it was done on purpose.

The only negligence is in the company's for failing to tell the "buyers" that this may be against their terms of service. The buyers all saw $$$ and decided to participate. I'm guessing Project Fi phones are cheaper or something so the company can sell them for list price and make a few hundred bucks for both parties.

Re:rights

[drinkypoo]

"warning to others not to put all your eggs in one basket, because these days, you have no rights over that basket whatsoever."

This can not be repeated enough.

You effectively have no rights over any basket. The FBI can invent charges, come into your house, take your server, and return it in pieces.

This is a problem that has to be solved at a much higher level than google. A legal one.

Re:rights

[peragrin]

It is why I have an iPhone, MacBook and a nexus tablet. It is why I have my own Nas and went to the trouble of setting up my own backup system on it. It is why I have Gmail, but also download all my history into a pop account once z month.

I learned from the early 2,000"s with the major windows viruses rampaging across the net. Do not lock your self into just one set of things.

Re:rights

[houghi]

The real issue is that they are allowed to hide behind the "but it was in the AUP" and be able to change that AUP as they seem fit.
What should happen is that you have a fixed set of rules, called the law. As long as you follow the standard rule, you do not need to let your customer click on "accept". The only way that is needed is if there are exceptions that have to be in favour of the customer. e.g. the company is obliged to never sell the data. It is not allowed to make exeption on it, even if you sign a contract.
Prices cqn not be chqnged, even if the customer signs, unless the price will be lower and/or service is extended.

As these changes will be in disadvantage of the company, you will never see them happen. If there is a change that needs to be done (e.g. Google stops with a certain service) the customer ,ust be informed 6 months in advance.

All this would most likely not have helped in this case, but it would solve a lot of issues.

Re:Google

[ShanghaiBill]

Eroding trust one step at a time.

There is no excuse for Google's behavior. I have been "locked out" by my bank a few times when I had suspicious transactions, and each time I was able to call the number on the back of my card, answer a few security questions, and get it unlocked. It never took more than two minutes to resolve ... and the transactions really were suspicious. The first time was in a bar in Lijiang when I lost a wager, and had to buy a round for the house, and the second time I was buying some prescription drugs in Tijuana.

Similar to my phone problems

[Mishotaki]

It's kinda similar on how my credit card declared my card stolen... when I ran out of money on my phone and refilled it, it was flagged by my credit card company, therefore they declared it stolen and I couldn't do any transactions on it... off course, they tried calling me, but it wouldn't work because there was no money left on the phone for me to receive calls... I need money to make calls, I need to make a call to put money on it... so ridiculous...

Social media saves the day

[fustakrakich]

He had to go public to correct the situation. Just like with security flaws, full disclosure is the only way, or it won't get fixed.

Too big to fail

[nikkipolya]

Now a days tech companies are all about creating too big to fail entities. Be it Uber, Amazon, Google, Facebook... The amount of trust we are placing on them, our dependency on them, can turn out to be dangerous in the long run.

Re: Google

Banks are regulated with heavy consumer protection, google is not a bank.

Do No Evil

[Excelcia]

I reached the end of my love affair with Google long before now. "Do No Evil" sounded sincere 20 years ago, but it's pretty hollow today. It doesn't matter whether this was an accident or not. Not owning my own data is just bad medicine by any account. I won't do it.

I've wondered, instead of funding the Googles/Microsofts/Dropboxes of the world, we need to work on easily deployable mini-personal-cloud-server-in-a-box distributions. Email/webmail, iCal, rsync, with your own blog thrown in for good measure on personally controlled virtual servers is eminently doable. I mean, sure, I'm savvy enough to do this all with Debian, I've been doing mine for years. But it's got to be able to be made far more push-button that it is now. Something where you pay your $20, feed in a domain name, and you get your own personally owned cloud services. It won't keep the NSA out of your business, but it will keep people's data more firmly in their control.

Re:Do No Evil

[NotAPK]

"easily deployable mini-personal-cloud-server-in-a-box distributions"

I love the sound of this, but the problem is maintenance and security.

Right now: yes, we could sit down and spec out an appropriate PC, choose from FOSS and put together a gnarly software distribution that does what we want and we could start selling these things.

But what happens in 12 months? 24 months? The distribution needs to be maintained and updated and that takes resources and costs money. The business model will become stretched to include that indefinitely, so the only practical way is to use subscriptions, which many don't like. The fundamental problem is, however: anyone savvy enough to want this is also smart/capable enough to roll their own, while everyone else doesn't give a shit and will stick with "free" Google services. The customer is a relatively experienced privacy conscious professional who is too busy to maintain their own. Sure, there's a market there, but I worry it's too small to allow for any scaling that the product will need to reach a reasonable price point.

We need legislation to stop this sort of shit.

Too many Internet giants have this mentality, that they don't need to give you an explanation if they close your account. You may say that the account is on their service. I say that if they want to be so central to modern life, they have a responsibility they're trying to avoid.

They've had plenty of time to come up with their own solutions, internally or as part of associations. It's time the government stepped in.

Re:We need legislation to stop this sort of shit.

Too bad that ain't gonna happen for at least the next two, likely four, or possibly even eight years.

We've elected a very anti-regulatory executive and legislature. Not only will regulations like you suggest not even be considered, there is going to be a flurry of Deregulation coming soon.

Good time to be a Corporate Citizen, I suppose.

Re:Google should use the USPS Change Of Address db

[Khyber]

Please. Out of any company I can imagine (even including Microsoft) there is no other company that suffers from NIH than Google.

They don't care about false positives

[DNS-and-BIND]

Google gets its fraud detection software up and running, and assumes everyone it finds is a fraudster. Hooray! Of course you don't give fraudsters any information about how you detected them, they'll use it against you in the future! Just a blank wall...let them eat THAT! So satisfying for the millennial developers at Google.

The idea that false positives might occur...well maybe, but it's not a problem. Locking people out of their accounts? Someone else at Google will resolve it. Google offers these accounts for free and you want quality! How about we give you a full refund instead? Cue scornful laughter. Screw anyone who sets off the detector, it's their fault for having a non-standard life.

This is another "handle things yourself"

[Zombie+Ryushu]

This is another "handle things yourself" situation. I have an Android Phone. No Google Account is attached to it. Google Can't lock my Phone. Google can't track my Phone. Google can't bill me, Google doesn't know my Phone number. My phone, and the apps I have installed on it, are my business, my Contacts are stored in my OwnCloud on my system. As are my Calendar events, as are my places. I don't use Google's Location services, I use Passive GSM Beaconing and GPS. and I get my Maps from Osmand Open Street maps.

Re:Shit happens

[Shadow+of+Eternity]

Google doesn't even HAVE support in any meaningful way. If something gets fucked up with any of the usual google services (gmail, calendar, etc) you're screwed and that's all there is to it. Short of having a friend who works for google or being a big enough public figure to shitstir there's no way to contact a human and no way to resolve the problem.

Re:Google

[ShanghaiBill]

...and the second time I was buying some "prescription drugs" in Tijuana.

If you go to Tijuana, or Juarez, or any other Mexican border towns, you will find drug stores selling name-brand prescription drugs within one block of the border. The prices are far lower than in America, because the Mexican government negotiates lower prices with pharmaceutical companies, and because of the different litigation systems. You can also buy far more stuff without a doctor's prescription. It is legal to buy most drugs and bring them into America so long as they are not for resale.

Phone crashing without a Google Account

[Guppy]

This is another "handle things yourself" situation. I have an Android Phone. No Google Account is attached to it.

I had a supervisor who started having problems with his Verizon android phone crashing frequently. Couldn't figure out why at first, but it turned out there was some aspect of the phone that would crash with no Google Account attached. He barely had any apps installed, so it was likely something that came in the ROM. No Google Account for him of course, he never made one not being a tech savvy person (he didn't even have his own e-mail address, his work e-mails went to his secretary, and any personal emails you had to send to his wife).

I doubt he would have wanted to root his phone to get rid of whatever crap was crashing (it would have been difficult to explain to him what "rooting" was in the first place), so I just showed him how to set up a Google Account (with everything turned off or forwarded elsewhere), and that fixed the problem.

Re:Google

[cant_get_a_good_nick]

Bush #43 specifically passed legislation outlawing negotiating with drug companies. There's your Capitalist free market.