'Coon Cave

A blog about software development, Google Play and Android in general. May contain traces of rambling. Feedback and subscriptions welcome!
Thursday, December 10, 2020

ADB push file permissions

Things that can drive you nuts needlessly.

Sunday, December 6, 2020

Why I won't use Github for any new projects (and you probably shouldn't either)

There are these two sayings that go so horribly well hand in hand, 'those who do not remember history are doomed to repeat it' and 'fool me once, shame on you, fool me twice, shame on me'. Let's keep that in mind and add a 'told you so'.

Monday, November 16, 2020
Saturday, November 14, 2020
Friday, November 6, 2020

A reader asks:

Can Google delete apps from my Android smartphone?

Eh, yes, of course! There’s a push message and a mechanism for that implemented in the Playstore app. In case you find that surprising: how did you think Play would handle a cancelled payment for paid content? Return the money and let you keep the item?

In case the question was if you could buy an app, use Raccoon to download the APK to your PC, then refund, the answer is: yes you can do that (shame on you), most paid apps safeguard against this by performing an online license check.

Wednesday, November 4, 2020

Getting more emails from Indians these days wanting to sell me 5 star app reviews on Google Play. Curiously they are all using Gmail addresses for contacting me.

If you are offering to cheat the system (in particular one that’s known for scanning your communication), shouldn’t you use a communication channel that’s outside of the system?


Wednesday, October 28, 2020

A test account just produced a HTTP 404 - Unauthorized while requesting an apk download from Google Play. Turns out, its session cookie had expired. The session in question was created May 30 01:15 (I need to stop pulling these all- nighters) and lasted till today(ish - pretty sure, it was in use yesterday). So, the session TTL for Google accounts seems to be around 150 days.

Not sure if there’s a renewal mechanism, other than running through the login process again (highly doubt it, though). Android users typically won’t notice when their session expires. The system’s account manager just automatically logs in again.

Wednesday, October 21, 2020

Protocol buffers, Google’s own data exchange format, love em or hate em. They don’t work particularly well on Android because the proto compiler spits out enormous blobs of Java code. Even empty messages will already result in around 15Kb of source and declare more than four dozen methods. Raccoon needs to implement 75 message types in order to talk to the Playstore. That comes down to a bit more than 3 Mb of uncompressed bytecode, scattered across 310 class files with more than 70k methods.

When they came up with Dalvik and the DEX format, they pulled a Bill gates: 65k methods should be enough for everyone. Surprise! Who’d ever think that there would be apps including giant blobs of generated parser code.

So, I don’t want to build a multi DEX APK. Luckily, there’s a protobuf-javalite runtime, promising a smaller footprint (it’s actually what the Playstore APK uses as well). Surprise! I still exceed the 65k limit, plus the normal and the lite runtime don’t seem to be API compatible, so I can’t make a raccoon library that works out of the box on PC and Android. Thanks Google! You really put an effort into making Android a compatibility hell on every level!

Thursday, October 15, 2020


(fucking critter)

It’s dark outside, you are doing some late night coding in a bright lit room and suddenly you become aware of two yellow slitted eyes silently staring at you from an arms length away through the basement window…

Saturday, October 10, 2020

Looking at a VPN provider for a client. Their website informs me that my status is currently “unprotected” and my online activities can be spied upon!

checks the HTML code of that page

drum roll

Google Fucking Analytics!