'Coon Cave

Patrick’s blog about Android, apps and everything in betweent. May contain traces of rambling. Feedback and subscriptions welcome!
Wednesday, July 1, 2020

Android app development: Be forced to use an excessively complex build system that tries to squeeze every byte out of your compiled code like it’s 1980, then adds a compat library that’s 10 times the size of the actual app.

sigh

Just because I need to probe devices with DummyDroid. Currently, I gather the needed information d by pushing a tiny DEX file (~50kb) to the device and talk directly to the various system services via IBinder (that’s what shell tools like pm do, too). But of course, for some strange reason, the AIDL files are not standardized, so this solution is unstable. I really need a Context, a Context can only be build by an ActivityThread and there’s no way to start one directly from ADB - the whole system was designed by lunatics.

Tuesday, June 30, 2020

Aww shit! Following up on yesterdays post, there are actually quite a number of optional URL parameters that can be specified when making a HTTP request to the FDFE API. So far, I found:

  • ipCountryOverride
  • mccmncOverride
  • skipCache
  • showStagingData
  • p13n

Their values are configured globally in the playstore app. When set, they are appended to the URL in the order above on every HTTP GET or POST request to the DFE API. The later three take a true or false as a value. Not sure what they are suppose to do, though.

I should probably add support for adding arbitrary URL parameters in the coon-mothership library.

Monday, June 29, 2020

The (F)DFE API supports an URL parameter called “ipCountryOverride”. It can be enabled in a “secret” developer dialog. I always suspected that this is somehow used by Google engineers when they need to bypass geo blocking, but I could never figure out what to pass as a value. Booleans as well as locales don’t work and obviously, you cannot use an IP address to represent a country. What’s even more curious is that dialog loads data from a CSV file (which, of course, isn’t publicly available)!

You connect to a host called android.clients.google.com, when talking to the Playstore. That’s actually a DNS CNAME and can resolve to a number of different IP addresses. The Playstore is not a single/central server system! Google likely runs a separate instance of it in a local datacenter in every country in the world.

So, maybe the value for the ipCountryOvveride parameter is the IP address of the (country) instance behind the load balancer then?

Sunday, June 28, 2020

OK Google, why is my third grader so bad at reading and writing?

Hello $NAME, children learn from their parents. You have shown your child how to use Google Now. Voice search is a feature that enables you ask a question and get a spoken answer. There’s no more reason to read or write yourself!

(True story, actually - the part about bringing kids up to be lazy)

I’m always stunned when watching a movie/TV show in which a criminal makes a final call, then breaks the phone and throws it away in order to get rid of incriminating evidence. Yeah, sure, burner phones exist to be disposed of, but why break them? Your telco has a record of the phone call and if the police found the wreckage (your telco also knows which radio mast you have been connected to, when making that final call), they could desolder the internal storage from the mainboard - NAND flash chips can be quite resilient. They are also very bad at actually erasing data (when you delete a file, the operating system just marks the storage space as available again. If you truly want to get rid of a file, then you would first have to overwrite it with random garbage. However, writing to NAND flash is slow and wears the chip down - the controller tries to avoid that).

Yeah ok, that’s a problem for criminals, not law abiding citizens. You have nothing to hide - except maybe the credentials for your Google account, online banking…

Something, one should probably keep in mind when selling a used phone: doing a factory reset means all data on the phone is lost — unless the new owner has specialized equipment.

Tuesday, June 16, 2020

Whenever I see MS Office and Open Office fanboys argue which is the better product, I always picture a scene in a hardware store where two guys argue which hammer to buy in order to drive screws into the wall.

When you want to print your writing, use LaTeX, just saying.

Saturday, June 13, 2020

Hrmpf! I started working on bringing app reviews to Raccoon. I’d rather not implement this. The more you dig into the API, the more you realize that this is nothing but a dark pattern to keep users engaged. It helps no one, but harms everyone.

  • You can’t really write a meaningful review of a product on a mobile device. Anything that’s longer than 2-3 sentences takes a lot of effort.
  • In case you feel so strongly about the app that spent the effort, you are probably thwarted by the character limit.
  • Even if you manage to write an actually useful review, no one will read it, as it gets pushed down by newer reviews and eventually drowns in drivel.
  • The only thing that may have a lasting effect is your star rating, but even that is utterly useless as it only contributes to an average based on vastly different rating criteria.
  • App developers are given every incentive to game the system by boosting their rankings with fake reviews.

So yes, you won’t make a difference by reviewing an app and you don’t gain any insight from reading reviews either.

Tuesday, June 9, 2020

A bit of research on the GSF ID and the elusive DF-DFERH-01 error

Huh, just discovered a couple of things about the GSF ID.

Monday, June 8, 2020

DummyDroid 2.2

  • Added File > New to reset the workspace
  • Show a message dialog if a device cannot be fully probed
  • Better feedback when communication with Play fails.
Sunday, May 31, 2020

DummyDroid 2.1

  • Bugfix: don’t send the device’s brand as its carrier
  • Bugfix: save the screenLayout field.
  • Bugfix: save the contents of the “Locale” tab, not the list of languages, supported by Java.
  • Bugfix: correctly report the ABI when probing SDK 21+ devices.
  • Added MNCMCC Carrier spoofing ( Viev > Carrier menu ).
  • Use the enter key for focus traversal between the username and password field.
  • Added Hotkeys for copy&pasting device specifications
  • Removed File > Close (was redundant).
  • Changed the Keybinding for File > Submit from F5 to CTRL-Enter
  • Username, password, testapp and proxyurl now automatically select the text when gaining focus.
  • Added File > Save
  • Switched toolbar icons for device probing and Playstore communication.
  • Bumped the timeout when registering a device to 8 seconds. If Play doesn’t get enough time to settle, it may report the testapp as incompatible.