ElcomSoft blog

«…Everything you wanted to know about password recovery, data decryption,
mobile & cloud forensics…»

Extracting Text Messages from Google Accounts

April 26th, 2017 by Oleg Afonin
  • 11

Elcomsoft Cloud Explorer 1.30 can now pull SMS (text) messages straight off the cloud, and offers enhanced location processing with support for Routes and Places. In this article, we’ll have a close look at the new features and get detailed instructions on how to use them. The first article will discuss the text messages, while enhanced location data will be covered in the one that follows.

Text Messages: Part of Android Backups (sort of)

Before we begin extracting text messages, let us check where they come from. As you may know, Android 6.0 has finally brought automated data backups. While Android backups are not nearly as complete or as comprehensive as iOS backups, they still manage to save the most important things such as device settings, the list of installed apps and app data into the cloud. Being a Google OS, Android makes use of the user’s Google Account to store backups. Unlike Apple, Google does not count the space taken by these backups towards your Google Drive allotment. At the same time, Google allows for a very limited data set to be saved into the cloud, so you can forget about multi-gigabyte backups you have probably seen in iOS.

While device settings, Wi-Fi passwords, the list of installed apps and application data are now backed up on most smartphones running Android 6 and newer, some devices have an additional element to save. We’re talking about text messages (SMS) sent and received by the users. Text messages can be stored in the user’s Google Account as parts of device backups. However, up to these days, this wonderful feature was available exclusively on Google Pixel and Pixel XL.

Things are beginning to change as Google works its way through Android updates. According to Google development team, “SMS messages are currently only backed up through the Google Backup Transport (GMSBackupTransport) on Pixel devices, as listed here: https://support.google.com/pixelphone/answer/7179901

SMS backup will also be supported on all devices starting in O, which is now available for preview”.

In simple words, it means that automatic SMS backups are coming to Android O, and currently available on all Pixel and Pixel XL handsets even if they run Android 7.

Unlike call logs, text messages don’t get the nearly real-time syncing across devices; instead, they are included into cloud backups that are updated daily at most. If more than one device is registered with the same Google Account, each device backup may contain text messages. This in turn means that extracting those text messages from the cloud could potentially return more data compared to logical or physical acquisition of a single device.

We updated Elcomsoft Cloud Explorer to be able to pull SMS communication history from online backups created by smartphones running Android 6 and newer. Let’s have a look at how this works.

Extracting Text Messages with Elcomsoft Cloud Explorer

Elcomsoft Cloud Explorer 1.30 or newer is required to extract text messages from the Google Account. In order to download text messages, do the following:

  1. Launch Elcomsoft Cloud Explorer 1.30 (or newer)
  2. Click File – Add Google Snapshot
  3. Authenticate into the Google Account by providing the user name and password
  4. If Two-Factor Authentication is enabled, you will be prompted for a secondary authentication code.
    Note: Elcomsoft Cloud Explorer 1.30 has a known issue authenticating with 6-digit authentication codes generated by the Authenticator app if Google Prompt is enabled. If Google Prompt is activated as a 2FA method of choice on a given Google Account, you will have to manually generate a set of backup codes for that Google Account. You will have to then use one of those 8-digit codes to complete authentication.
  5. Once the authentication is completed, select Messages.
  6. Elcomsoft Cloud Explorer will download the data from the Google Account. This may take a few minutes depending on the number of Android backups stored in that Google Account.
  7. Once the download is finished, you’ll be able to review the messages.
  8. If more than one device backup with text messages is available, you’ll be able to specify which device(s) to include by enabling a filter on the navigation panel on the right side of the screen. If more than one device is selected, you’ll be able to use searching and filtering through all messages obtained from multiple devices.

  • 11

Tags: , , , ,

Sign up for free ElcomSoft Password Recovery Software newsletter

21 Responses to “Extracting Text Messages from Google Accounts”

  1. Andy says:

    EPPB and Whatsapp Explorer not working AGAIN.
    Fix it. For what are we even paying?

    • Jonas says:

      No need to be rude.

      But to Elcomsoft, can we please have an update because EPB is definitely broken for downloading icloud data.

      • Marco says:

        I agree. No need to be rude, they have been very quick in the past to workaround Apple “fixes”

        However, an update would be nice. Just to know they’re aware of the situation and working on it.

        • Pete says:

          A progress report would be appreciated as I’ve been without the use of EPB and EXWA for at least 5 days.

          • Peter poyle says:

            So my licence expired 4 weeks ago. And now i cant use eppb anymore because of that fix? Its the same like 2 months ago. So elcomsoft builds in “errors” so customers have to update the software and users who had their lizence recently expired cant use the software anymore?

            Not a cool move from this company. It seems like elcomsoft now builds in fake errors every few months because they are loosing costumers because of 2fa.

            And not even a statement from them……

            • John says:

              Whatsapp explorer still not fixed.
              Credentials error?

            • chaz says:

              it’s not the company.
              It’s Apple patching all the backdoors.
              Give them time, I’m hoping they’re able to fix it.

              • Peter poyle says:

                2 Months ago EPPB was also not working. Its suspicious that ALL other Software to download icloud backup worked back then, and are also working today. Why would Apple only patch Elcomsoft backdoors and not the other ones?

                Its save to say that Elcomsoft fakes this error messages because they are loosing alot costumers because they cant find a backdoor for 2fa.

                And all costumers who paid lots of money for the software cant use it anymore because they have a expired lizence. Pretty big scam from elcomsoft.

              • Billy says:

                With respect I don’t think it’s in Elcomsoft’s interest in any way to lose customers, why would they invent errors, it would make people even less likely to purchase their product. Apple are constantly upping their game so it’s always a case of playing chase with them. It’s a pain for us but that’s the nature of this business. Out of interest which software works better than Elcomsoft’s, I cannot think of any?

              • Doyle says:

                Wondershare works perfectly, reincubate too

              • chaz says:

                reincubate doesn’t work for me. I haven’t tried wondershare.

  2. Paulie says:

    This is all bad now. Any account is automatically locked within 24 hours of using EPB regardless of changing IP in between accounts, so reuse of any account is effectively over. EXWA not working and EPB barely working. It’s not looking good folks, I very much doubt I will be renewing any licenses now. It seems Apple have won this game.

    • Paulie says:

      Thanks for the article explaining the difficulties, I will be renewing my licenses as long as you can keep one step ahead but I realise it’s probably a total nightmare trying to work around these constant Apple updates. EXWA works great for now thankyou.

  3. Ceasar says:

    Hi, can anyone post what works? some Q?
    -Still locking Accounts After use of EPPB? or EXWA?
    -Different IP different Accounts doesn’t matter?
    -Same happening with the MAC version?
    -Use or Avoid? for now.
    -Which SW works, that you know?

    As an Idea why not have a beacon at the front page,
    .Green … use it
    .Orange … Avoid for now, only use it if is life or dead 🙂 (we are working on a patch)
    .Red – Avoid totally ( just received a report of problems)

    then it will look less than a victory to apple when hundreds of soft stop working that they can see in their logs … as soon as is reported people will not go to apple server, and leave their info in their logs and they will start to wonder because they are seeing less stoppages .. 🙂

    • John says:

      Backups are no longer appearing under the new Apple update and any attempt to download via the photo option will lock the account.

  4. Harry says:

    Backups are no longer appearing in EPPB! Please fix it quick i really need it!

  5. Vladimir Katalov says:

    Updated EXWA version (2.02.19416) is now online, sorry for the delay.