After purchasing new chinese Android phone I needed to install Google Authenticator. But had no luck. The application worked fine but ... generated codes did not work. I tried other phones and came to a strange conclusion. The other Doogee DG800 I had show she same codes. Bud all other Android phones shown different codes. For sure all the phones shared the same secret. The strange thing was the codes were different in some digits only. Typical difference looked like this 605678 - 604356.
As the authenticator codes are derived using hash function (RFC 6238 - TOTP), in case of an error there should be completely different results.
Fortunately - authenticator is an open source software. I cloned the repository and built my own version for debugging.
And here is the source of difference. During the computation a piece of a hash value is taken, converted to integer and then divided by a power of 10 and the remainder is the code:
int code = truncatedHas % (int)Math.pow(10, codeLength);
On the problematic phone the result of power computation was this:
Math.pow(10, codeLength): 999999,99999999
After cast to integer the result was 999999.
This is the answer - wrong result from system runtime library because the Math.pow function computes doubles which can be not so precise.
It is rare but it happens.
I'm going to send a patch which does not uses double computation.
UPDATE: Issue was discussed at Stack Overflow. The main cause is a bug in the phone platform library.