Android Setup API

The Android Setup API is an API that is used on an Android device's first boot to create a Google account and link it to the device.

Check if username is available

URL: https://android.clients.google.com/setup/checkavail

Request

  • username: (Example: john.smith@gmail.com)
  • firstName: (Example: John)
  • lastName: (Example: Smith)

Response

On success

  • status: (Example: SUCCESS)

On error

  • detail: (Example: ADDRESS_NOT_AVAILABLE)
  • status: (Example: USERNAME_UNAVAILABLE)
  • suggestions: array

Check password strength

URL: https://android.clients.google.com/setup/ratepw

Request

  • username: (Example: john.smith@gmail.com)
  • password
  • firstName
  • lastName

Response

On success

  • detail: (Examples: strong / good / fair / weak )
  • status: (Example: SUCCESS)
  • strength: (Examples: 3 / 2 / 1 / 0)

Notes

  • detail = fair is returned for the password lul
  • detail = good is returned for the password lulz
  • detail = strong is returned for the password lulzy

Creating the account

URL: https://android.clients.google.com/setup/create

Request

  • sdkVersion: (Example: 19)
  • gmsCoreVersion: (Example: 7329036)
  • androidId: (Example: 3ee3d61cdb8b1868)
  • username
  • version: (Example: 3)
  • firstName
  • lastName
  • password
  • agreeWebHistory: true
  • droidguard_results: (Example: Pastebin)
  • sdkVersion: (Example: 19)
  • gmsCoreVersion: (Example: 7329036)
  • locale: (Example: en_US)
  • operatorCountry: (Example: us)
  • simCountry: (Example: us)

Response

On captcha

  • captchaData: (Example: Pastebin)
  • captchaMime: (Example: image/jpeg)
  • captchaToken: (Example: ALXfmJoL-Tpite0mCitSEoU45CnaSw3dhPDR7Cfey8Df1bRdcmPyZi1x39AFRor9Obg1DvqDxYfKow6u2MywaE5U3gP92rK_7_6NUn-CfGCI_SSKv-2dmL7xSHvgzc26KIqbGMlxPI2ff7EjeOsj1crOxPoHU1ELvvGcshAU2TTsLO2MoLOch_N-wVUE4Cs9wApD-8Hp0sRU)
  • status: CAPTCHA

On success

  • SID: (Example: Pastebin)
  • status: SUCCESS

On error

  • detail: (Example: ADDRESS_NOT_AVAILABLE)
  • status: (Example: USERNAME_UNAVAILABLE)

Notes

sdkVersion and gmsCoreVersion are intentionally repeated in the request parameters for some reason.

agreeWebHistory is always true, I was never given the option to disable web history during the setup.

When faced with a captcha the original request is resent with the following two parameters added: captchaAnswer and captchaToken