Life360 Device Tracker Platform

Two people said the same on the github.com issue.

1 Like

Thanks. Just wanted to make sure it was a false alarm!

Thanks @pnbruckner ! I tried to delete my life360 folder but it said it wasnā€™t empty. I deleted all the files in the folder and still was unable to delete the folder. I rebooted HA anyway and tried the life360 integration. It worked! Thank you very much for the step by step instructions.

Not that Iā€™m trying to say you should put anymore time into this than you already have butā€¦

If you want to try to figure out how to do the 2FA auth then you might be able to get inspiration from the Alexa Media Player custom integration. Iā€™m pretty sure that they handle that auth style in their config. Maybe the same method will work here.

Or just tell me to pound sand. :laughing:

Either way is fine with me and I appreciate your effort. :slightly_smiling_face:

@11harveyj has already been working on 2FA. But as of right now, Iā€™m not sure how it can be used in HA, because my understanding is, Life360 has a new ā€œfeatureā€ whereby they only allow one login per account, which I think only applies when using 2FA. So, if your phone was logged in that way, and then HA ā€œlogs inā€ that way, I think that means your phone would get automatically logged out, which would not be good.

Honestly, I donā€™t have a lot of ā€œwarm fuzziesā€ that this integration will live much longer. It seems Life360 has been actively changing the way their stuff works. Could be theyā€™re just trying to improve things, but there are at least some indications that they have no intention of supporting HA. The only question is, if they will take steps to lock us out, or just make enough changes that indirectly make it near impossible for us to ā€œkeep up.ā€

2 Likes

Their support leads have clearly said they intend to continue being hostile towards any UI/use case but their own.

Iā€™ve moved to OwnTracks for HA (I got a refund on Life360 and am now using the free version of Life360, and am not looking backā€¦

You pushed me too far, Life360.

1 Like

Just managed to get this working. If you have an existing life360 folder at the same level as the custom_components folder you need to delete it and restart before adding the new integration.

1 Like

Thanks Steve, this is the only working solution for me that works.

Yes, this has been stated many times. I know this topic is very long so it can be hard to find to right information. As a reminder, please see my summary above. What you did is step 1. :wink:

Thanks @pnbruckner. Maybe worth pinning the summary to the top if possible.

1 Like

As an FYI, removing that folder is really not a ā€œsolutionā€. It is removing a previous workaround. Normally these folders do not exist:

/config/lif360
/config/custom_components/life360
1 Like

I guess I donā€™t know if thatā€™s possible, and if so, how to do it.

In the future (if there is a future for this integration), I donā€™t think Iā€™ll post or support any ā€œworkaroundsā€. Sure, they might help some people get things working again sooner, but they wreak all kinds of havoc later. I was warned not to do it. I should have listened. :laughing:

8 Likes

Sure didā€¦ Found it in spam today.
(BTW when they bumped HA into the suspect list, I just removed my life360 account from my 2 instances, no trying to fix itā€¦)

Here it isā€¦

Life360 [email protected] Unsubscribe Dec 29, 2023, 3:25 PM (4 days ago)

to me

Dear Valued Member,

At Life360, the security of our products and services has always been among our top priorities. We are continuously monitoring and implementing features designed to enhance the security of our products and security for our members.

Recently, we identified suspicious activity in which an unauthorized person used credentials (email address and password) obtained from outside sources to attempt to access your account. Based on our investigation to date, we have no evidence of unauthorized access to Life360 user location information, payment card information, or physical addresses. To safeguard against further suspicious activity, we took the precaution of resetting your password.

Life360 has introduced a new way to further safeguard your account by using one-time-passcodes delivered to your verified phone number when logging into your account, instead of passwords. Enrolling in passwordless login is the best way to prevent password misuse and protect your personal information, so please take a few minutes to enroll now.

Take action to further safeguard your account now:

In the Life360 App, visit Settings ā†’ Account ā†’ Phone Number and verify the phone number associated with your account. Afterwards, youā€™ll log in by receiving a code delivered directly to your phone instead of using a password.

In addition to enabling passwordless login on Life360, we encourage you to change the password on any online service for which you have used the same or similar credentials at Life360 or elsewhere.

Security is an important part of our commitment to keep families safe online and in the real world. Thank you for taking the time to read this message and taking steps to protect your account.

Best regards,
Chris Hulls, CEO

Life360 Inc. 1900 S. Norfolk Street, Suite 310
San Mateo, CA 94403


I tried to reply, but of course they didnā€™t want to listen to me and it bouncedā€¦
It was going to say this.

ā€”>

No, it wasnā€™t unauthorized. It was me accessing my data in an alternate way.

(Yes, MY DATA)

I am Very upset about you interfering with that data stream and am currently taking steps to remove that datastream from All my devices. I will also be recommending all my family and friends and social media companions do the same.

Thank You, but no Thank Youā€¦

1 Like

This part is interesting wording. That almost looks like they had a disclosure of leaked credentials and are proactively resetting passwords and the passwordless enforcement is CYA.

@pnbruckner Hi, I have been following this thread as I have the same issue. Iā€™m not a HA User (Sorry) but I have a bash script that uses curl to access the Life360 API to get the needed data. Would you be able to share the technical information about your fix to see if I can apply this to my bash script?

Thanks
Ray

Update: I can confirm the 2023.12.4 Update worked for me.
My case was, I thought, completely useless, as I had previously ā€˜Verifiedā€™ my phone number, and struggled for weeks to no avail.

For those that are still having trouble authenticating, these are the steps I took to resolve this
[I had previously verified my phone number, so in the account section of the app, there was NO mention of password anywhere. No way to reset it etc.]

Ensure ALL traces of existing life360 patches are removed from HA. You will need to search around here for instructions on how to do this, and donā€™t forget to restart HA.

log out of the Life360 app on your phone.

Go to the Life360 Password reset tool here: Life360 : Reset Password. Click Search by Email
image

This will then ā€˜Send a Text to your mobile Phoneā€™. Within the text (amongst other stuff), is a link to Reset your password. Click on the link, and reset your password. What this automatically does is to un-verify your phone number. This is what you want.

When you log back into your app (It again didnā€™t ask for a password, it texts a number to your phone which you then provision), you should notice your account is now set to unverified - This is our goal. DONT verify it!
Screenshot_20240103-090456

From that point, in HA, discover the official life360 integration, and re-provision. This worked for me.

4 Likes

Glad you got it working! And thanks for the details of how you ā€œunverifiedā€ your phone number. Iā€™ll add this to my summary above.

See the life360 package on PyPI, specifically, this change.

So, I just got ā€œkicked outā€, tooā€¦

2024-01-03 09:24:53.447 DEBUG (MainThread) [life360.api] Error GET(https://api-cloudfront.life360.com/v4/circles), attempt 1: ClientResponseError(RequestInfo(url=URL('https://api-cloudfront.life360.com/v4/circles'), method='GET', headers=<CIMultiDictProxy('Host': 'api-cloudfront.life360.com', 'user-agent': 'com.life360.android.safetymapd/KOKO/23.49.0 android/13', ...
2024-01-03 09:24:53.447 DEBUG (MainThread) [homeassistant.components.life360] Login error: ClientResponseError: 403, message='Forbidden', url=URL('https://api-cloudfront.life360.com/v4/circles')
2024-01-03 09:24:53.447 WARNING (MainThread) [homeassistant.config_entries] Config entry REDACTED for life360 integration could not authenticate: ClientResponseError: 403, message='Forbidden', url=URL('https://api-cloudfront.life360.com/v4/circles')
2024-01-03 09:24:53.512 DEBUG (MainThread) [life360.api] Error while getting authorization token, attempt 1: ClientResponseError(RequestInfo(url=URL('https://api-cloudfront.life360.com/v3/oauth2/token'), method='POST', headers=<CIMultiDictProxy('Host': 'api-cloudfront.life360.com', 'user-agent': 'com.life360.android.safetymapd/KOKO/23.49.0 android/13', 'Accept': 'application/json', 'cache-control': 'no-cache', 'Authorization': 'Basic Y2F0aGFwYWNyQVBoZUtVc3RlOGV2ZXZldnVjSGFmZVRydVl1ZnJhYzpkOEM5ZVlVdkE2dUZ1YnJ1SmVnZXRyZVZ1dFJlQ1JVWQ==', ...
2024-01-03 09:24:53.512 DEBUG (MainThread) [homeassistant.components.life360] Login error: ClientResponseError: 403, message='Forbidden', url=URL('https://api-cloudfront.life360.com/v3/oauth2/token')

So far no ā€œsecurityā€ email from Life360. Havenā€™t tried changing password againā€¦

2 Likes

Did I miss something? My Life360 just broke again. About an hour ago it now shows as unavailable.

I just went through the summary above and updated HA to 12.4 (Docker installation). Using the standard Life360 integration. Had to reset my password again on Life360.com but still would not accept it.

I deleted the integration and re-added using another account in the circle with a still unverified phone number and wonā€™t accept that account/password either.

Thanks!

-Tim

3 Likes