Just learned something new today that feels like I should have known it for years (probably even did once, but then forgot): did you ever have the “page 99” problem? You know exactly what app you want, how the name is spelled, what the icon looks like, but now matter what you type into the search field, the app in question is always buried on page 99 (or later) in the search results. The answer to this problem, of course, is not to search for the app, but locate it by package name. On the Play website that means fiddling around with URL parameters, in Raccoon, you’d (currently) have to go through the commandline. Neither is particularly user friendly. Read more ›
Looks like I spoke to soon in yesterday’s post, announcing that Raccoon v4.1.3 would solve the “Error on download issue”. It does, kinda, but it’s not a final solution, as it requires an annoying workaround (see below). Read more ›
Just a quick heads up. Raccoon v4.1.3 should fix the “app not downloading” issue that has arisen yesterday. However, I’m currently in a rush and don’t have time for a proper, tested release.
PS: If you haven’t done so already, now would be a really good time to buy a premium key. Your money is what keeps the project alive.
Well folks, we need to talk. Today, I opened my mail client and was greeted with a “Raccoon is broken, fix it!” message. Most of the time that’s the result of a handling error, but once in a while, usually twice a year, Google actually changes something, causing Raccoon to stop working. Figuring out what what that something is, can easily take several days of research. Read more ›
I had this discussion with a friend the other day, who is now the proud owner of a fingerprint protected front door and smartphone, but since fingerprint scanners are creeping into more and more security appliances, it is worth repeating it here. Read more ›
People ask (me) fairly often, how Raccoon handles their Google account (and if it’s safe to trust the software with their passwords). From my point of view, that’s a funny question. I’m always tempted to answer: “if the idea of loosing your account sounds scary to you, then maybe you already trusted Google too much!”. But that’s a discussion for another day. Read more ›
The question came up in a support request, but is probably interesting enough to blog about: “How do I write a script to copy apps from Raccoon‘s own repository to some place else?” Read more ›
The plan was to rewrite DummyDroid from scratch, get rid of the ugly code and make it more userfriendly (ideally let it clone a device via USB) while I’m at it. Unfortunately, that would have taken several weeks (yes, the code rot is that bad) and in the meantime, no one would have been able to generate GSF IDs for mock devices (there are/were alternatives to DummyDroid, but I don’t think their respective authors bothered adapting to Google’s changed login procedure, yet). So, hack job time!
DummyDroid v1.2 is a case of “it compiles, ship it”. Cobbled together by merging in some code from Raccoon, compiled by guessing how the build process was suppose to work, using a source tree that’s in disarray. I’m not proud of it. I probably won’t bother cleaning things up, so no source code at the moment, either. This is only a temporary solution anyways.
Sometimes you find really funny stuff in your junkmail folder…
We are the Team Xball and we have chosen your website/network as target for our next DDoS attack.
Unfortunately your data was leaked in the recent hacking of the web site and we now have your information.
We have DataBase tax forms, DOB, Names, Addresses, Credit card details, bank account full details and more sensitive data.
Now, we can publish your details and your clients online who would damage the rating of the company
and would create many problems for you.
On Friday 16_06_2017_7:00p.m. GMT !!! We begin to attack your network servers and computers
We will produce a powerful DDoS attack – up to 250 Gbps
All data will be encrypted on computers Crypto-Ransomware
You can stop the attack beginning, if payment 1 bitcoin (2900 $).
Do you have time to pay. If you do not pay before the attack 1 bitcoin the price will increase to 10 bitcoins
Please send the bitcoin to the following Bitcoin address:
Once you have paid we will automatically get informed that it was your payment.
What if I don’t pay?
If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there’s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers and make sure your website will remain offline until you pay. We can publish your DataBase.
This is not a hoax, do not reply to this email, don’t try to reason or negotiate, we will not read any replies. Once you have paid we won’t start the attack and you will never hear from us again!
Please note that Bitcoin is anonymous and no one will find out that you have complied.
The noteworthy thing: this went to a burner address I used years ago. So I’m not particularly worried about team goofball following up on their threat (or even being capable of operating anything more complicated than their junkmail script for that matter).
Today I log into Play to check on my apps. I am greeted by an updated design, twice as slow as the previous one, but hey, at least it’s material design now and I can waste some additional time on getting my bearings. What do I find after stumbling around for a bit? A menu item named Release Management|App Signing, where I can upload my APK signing key! Are you freaking kidding me?!
APK signing is already utterly broken with Android. The only reason for still bothering with it was so that no government could tell Google: “We want to wiretap user X. We know he uses app Y for communication. Here is a trojaned version of Y, push it to him as an update.” As long as Google didn’t have the signing key, they could simply tell any government: “not possible” and that would be it. Now they can (at least for those apps, where developers are stupid enough to relinquish their keys).
I can kinda see why Google added that feature to Play. Key management is a hassle and most Android “developers” are gold diggers with inferior technical skill who don’t understand cryptography. Those developers who actually do understand how app signing works, rather don’t want to bother with a broken by design system. The sensible solution here would have been to slowly phase out app signing, not to break the system even more!