Life360 Device Tracker Platform

As an FYI, removing that folder is really not a “solution”. It is removing a previous workaround. Normally these folders do not exist:

/config/lif360
/config/custom_components/life360
1 Like

I guess I don’t know if that’s possible, and if so, how to do it.

In the future (if there is a future for this integration), I don’t think I’ll post or support any “workarounds”. Sure, they might help some people get things working again sooner, but they wreak all kinds of havoc later. I was warned not to do it. I should have listened. :laughing:

8 Likes

Sure did… Found it in spam today.
(BTW when they bumped HA into the suspect list, I just removed my life360 account from my 2 instances, no trying to fix it…)

Here it is…

Life360 [email protected] Unsubscribe Dec 29, 2023, 3:25 PM (4 days ago)

to me

Dear Valued Member,

At Life360, the security of our products and services has always been among our top priorities. We are continuously monitoring and implementing features designed to enhance the security of our products and security for our members.

Recently, we identified suspicious activity in which an unauthorized person used credentials (email address and password) obtained from outside sources to attempt to access your account. Based on our investigation to date, we have no evidence of unauthorized access to Life360 user location information, payment card information, or physical addresses. To safeguard against further suspicious activity, we took the precaution of resetting your password.

Life360 has introduced a new way to further safeguard your account by using one-time-passcodes delivered to your verified phone number when logging into your account, instead of passwords. Enrolling in passwordless login is the best way to prevent password misuse and protect your personal information, so please take a few minutes to enroll now.

Take action to further safeguard your account now:

In the Life360 App, visit Settings → Account → Phone Number and verify the phone number associated with your account. Afterwards, you’ll log in by receiving a code delivered directly to your phone instead of using a password.

In addition to enabling passwordless login on Life360, we encourage you to change the password on any online service for which you have used the same or similar credentials at Life360 or elsewhere.

Security is an important part of our commitment to keep families safe online and in the real world. Thank you for taking the time to read this message and taking steps to protect your account.

Best regards,
Chris Hulls, CEO

Life360 Inc. 1900 S. Norfolk Street, Suite 310
San Mateo, CA 94403


I tried to reply, but of course they didn’t want to listen to me and it bounced…
It was going to say this.

—>

No, it wasn’t unauthorized. It was me accessing my data in an alternate way.

(Yes, MY DATA)

I am Very upset about you interfering with that data stream and am currently taking steps to remove that datastream from All my devices. I will also be recommending all my family and friends and social media companions do the same.

Thank You, but no Thank You…

1 Like

This part is interesting wording. That almost looks like they had a disclosure of leaked credentials and are proactively resetting passwords and the passwordless enforcement is CYA.

@pnbruckner Hi, I have been following this thread as I have the same issue. I’m not a HA User (Sorry) but I have a bash script that uses curl to access the Life360 API to get the needed data. Would you be able to share the technical information about your fix to see if I can apply this to my bash script?

Thanks
Ray

Update: I can confirm the 2023.12.4 Update worked for me.
My case was, I thought, completely useless, as I had previously ‘Verified’ my phone number, and struggled for weeks to no avail.

For those that are still having trouble authenticating, these are the steps I took to resolve this
[I had previously verified my phone number, so in the account section of the app, there was NO mention of password anywhere. No way to reset it etc.]

Ensure ALL traces of existing life360 patches are removed from HA. You will need to search around here for instructions on how to do this, and don’t forget to restart HA.

log out of the Life360 app on your phone.

Go to the Life360 Password reset tool here: Life360 : Reset Password. Click Search by Email
image

This will then ‘Send a Text to your mobile Phone’. Within the text (amongst other stuff), is a link to Reset your password. Click on the link, and reset your password. What this automatically does is to un-verify your phone number. This is what you want.

When you log back into your app (It again didn’t ask for a password, it texts a number to your phone which you then provision), you should notice your account is now set to unverified - This is our goal. DONT verify it!
Screenshot_20240103-090456

From that point, in HA, discover the official life360 integration, and re-provision. This worked for me.

4 Likes

Glad you got it working! And thanks for the details of how you “unverified” your phone number. I’ll add this to my summary above.

See the life360 package on PyPI, specifically, this change.

So, I just got “kicked out”, too…

2024-01-03 09:24:53.447 DEBUG (MainThread) [life360.api] Error GET(https://api-cloudfront.life360.com/v4/circles), attempt 1: ClientResponseError(RequestInfo(url=URL('https://api-cloudfront.life360.com/v4/circles'), method='GET', headers=<CIMultiDictProxy('Host': 'api-cloudfront.life360.com', 'user-agent': 'com.life360.android.safetymapd/KOKO/23.49.0 android/13', ...
2024-01-03 09:24:53.447 DEBUG (MainThread) [homeassistant.components.life360] Login error: ClientResponseError: 403, message='Forbidden', url=URL('https://api-cloudfront.life360.com/v4/circles')
2024-01-03 09:24:53.447 WARNING (MainThread) [homeassistant.config_entries] Config entry REDACTED for life360 integration could not authenticate: ClientResponseError: 403, message='Forbidden', url=URL('https://api-cloudfront.life360.com/v4/circles')
2024-01-03 09:24:53.512 DEBUG (MainThread) [life360.api] Error while getting authorization token, attempt 1: ClientResponseError(RequestInfo(url=URL('https://api-cloudfront.life360.com/v3/oauth2/token'), method='POST', headers=<CIMultiDictProxy('Host': 'api-cloudfront.life360.com', 'user-agent': 'com.life360.android.safetymapd/KOKO/23.49.0 android/13', 'Accept': 'application/json', 'cache-control': 'no-cache', 'Authorization': 'Basic Y2F0aGFwYWNyQVBoZUtVc3RlOGV2ZXZldnVjSGFmZVRydVl1ZnJhYzpkOEM5ZVlVdkE2dUZ1YnJ1SmVnZXRyZVZ1dFJlQ1JVWQ==', ...
2024-01-03 09:24:53.512 DEBUG (MainThread) [homeassistant.components.life360] Login error: ClientResponseError: 403, message='Forbidden', url=URL('https://api-cloudfront.life360.com/v3/oauth2/token')

So far no “security” email from Life360. Haven’t tried changing password again…

2 Likes

Did I miss something? My Life360 just broke again. About an hour ago it now shows as unavailable.

I just went through the summary above and updated HA to 12.4 (Docker installation). Using the standard Life360 integration. Had to reset my password again on Life360.com but still would not accept it.

I deleted the integration and re-added using another account in the circle with a still unverified phone number and won’t accept that account/password either.

Thanks!

-Tim

3 Likes

Yep, got this working again with 2023.12.4 and was greeted a bit ago with the “reconfigure” box. No dice on trying to reauthenticate.

Logger: homeassistant.components.life360
Source: helpers/update_coordinator.py:353
Integration: Life360 (documentation, issues)
First occurred: 9:21:00 AM (1 occurrences)
Last logged: 9:21:00 AM

Authentication failed while fetching life360 ([email protected]) data: ClientResponseError: 403, message=‘Forbidden’, url=URL(‘https://api-cloudfront.life360.com/v4/circles’)

Broken for me again this morning. It’s getting to the point where it’s almost not worth messing with it. I have had a gold membership for a decade, I’m “this” close to cancelling it.

1 Like

Same here. Stopped working 30m ago. HA 2023.12.4

Stopped working for me as well :frowning:
I am traveling now and will have a major issues with my wife when all geofencing automations will go to shit…
Do you think Life360 folks are doing it on purpose?

2 Likes

Never assume malice when simple incompetence will suffice.

4 Likes

You know…sometimes both comes together

2 Likes

Yes, although this has a very strong garage-door-opener smell to it… Still, got my fingers crossed and I’ve resubscribed to this thread again to watch for updates.

(yes, mine has broken too)

1 Like

Did not work for me…

Broken for me today too. I was able to un-verify my phone (shows as unverified in the account settings), but still can’t log in.

2 Likes

I would not be surprised. I won’t go into all the details, but it does appear they’ve at least made things more difficult, if not near impossible on purpose. I think it’s time for me to throw in the towel.

4 Likes