Google banned Huawei from using Android?

Now, that’s what I call a bomb to start the week with. Supposedly, existing devices will continue to function, but that’s just a technicality. Google could easily lock them out as well if ordered by Trump to do so (A device will always disclose it’s model and brand, along with a shitton of other sensitive information whenever contacting Play).

The whole clusterfuck is hopefully a wakeup call to everyone. First to the users as a reminder that privacy matters! This is precisely why the “I have nothing to hide…” argument is bullshit: rules can change anytime and with a madman at the top of the government, all bets are off. Second, and more importantly, to the app developers: relying on the Playstore as your sole distribution channel is a already tremendously bad idea (your account can be terminated at any time for any reason). Users can always use Raccoon to download apps from Play if their device does not have the Gapps suite. But if your app to depends on Google Services, you are screwed. Never ever include anything starting with “Google Play” from the Extras section in the Android SDK Manager.

Posted in Android

Bypassing Google Play region blocks via VPN or Proxy

Beware, this is going to be a technical post, containing a lot of speculation.

So, wouldn’t you want to use Raccoon to download region locked Android apps? Good news is, it works, bad news is it’s fickle. You need a proxy in the desired country. Good news is, open proxy lists are a dime a dozen, bad news is, the proxies themselves are typically overrun and short lived. So, how about buying a private proxy then? That’s what I tried with rather surprising results (and curious insights).

The proxy service I chose (and which shall remain unnamed) offers Japan, so I configured to Raccoon to use a (supposedly) Tokyo based IP and tried downloading a Japan only game, just to find myself still geo blocked. Bummer! Did I get scammed? Kinda! I was able to use that proxy to download one of my own apps which is not available in Germany (I deliberately geo fenced it myself for testing purposes). So, either the proxy provider lied about the IP being located in Tokyo or Google thinks that Tokyo is neither in Japan or Germany?

The internet is governed by IANA, an organization that assigns IP address ranges. The problem is, we pretty much ran out of IPv4 addresses a while ago and wherever there’s scarcity, black markets evolve. In theory, when you go out of business, you should return your IP address ranges to IANA. In the real world, going out of business usually means getting liquidated and your IP address ranges becoming part of your bankruptcy assets. If you are a vulture, IP addresses are one of the best things you can invest in. They never go bad, don’t require any maintenance and there’s always someone you can rent them to. Perfect passive income.

What does IP address trading have to do with my proxy problem? Well, naturally I first checked the proxy IP, I was given, against the popular GEO IP databases, just to find that some listed it as being located in Charlotte(USA), others in Tokyo(Japan). Ah, so it must have changed owners recently and some databases aren’t up to date, yet? Google using an old GEO IP database? Not quite! The reality is a bit more complex. As it turns out, the address of my proxy server belongs to an investment firm (since around mid 2018). They rented a whole block the block to an US based ISP. That ISP then split the block and rented a subnet to my proxy server provider, which actually installed the physical machine in a Tokyo based data center, but logically routes all their traffic through an US based ISP. Smart ey? That proxy provider effectively proxied their proxies. Sweet irony!

Now, the interesting question is, why does it take Google so long to catch up with updating their GEO IP database? The answer is: I don’t think, they are using a GEO IP database to begin with. Think about it. Mapping an IPv4 address (4 bytes) to an ISO country code (2 bytes) in a 2^32 address space requires a hashtable of 6*2^32 bytes (roughly 24 GB). That’s already way to big for realtime lookups. Worse yet, the dataset is in constant flux and Google promised their buddies in Hollywood to honor DVD region codes when selling movies. Hollywood has pesky lawyers and it would be rather unfortunate for Google if a movie suddenly became available in a country just because an IP address block changed hands, wouldn’t it?

I’m pretty pretty convinced, that Google’s region restriction sits on the AS (autonomous system) level. They probably just look at the CIDR prefix and map that to a country. Which in my case means, they see the network number of the border gateway router of that American ISP.

What’s the take away from all of this? I guess, that you can build a business on people not understanding internet routing… even you don’t understand it yourself.

Posted in Rants, Tinkering

Is Google Plus shutting down the prelude to something bigger?

Wow, Google is finally retiring it’s social network (well, the one that was publicly called one, Gmail and Youtube are social networks, too). I guess, a lot of SEOs aren’t happy at all right now. After all, Google is not only flushing a lot of their work down the toilet, but also pulling the plug on future contracts as well as work in progress. Best thing about it: Google is burning the money of everyone who ever invested into building a G-Plus profile and nobody can do anything about it. It’s in the fucking TOS: the whole thing can go away at any time for any reason with no compensation. I have been skeptical about social networks for years, endured SEO expert “advice” on how great social media is (and that you should sign up on all of them) and been telling people to read the TOS before signing up to any services. Plus being shut down feels so satisfactory right now.

Read more ›

Posted in Persepective

Error retrieving information from server. [DF-DFERH-01]

Marvelous, DF-DFERH-01 must be one of the most common Google Play errors out there and there’s virtually no documentation of what it means. Shit ton of (steamroller tactic style) advice on how to fix it, though: “reboot device”, “clear cache”, “delete updates”, “wear a funny hat and poke yourself in the eye while doing it”. Gosh, I just love “magic solutions” by people who don’t even understand what the problem is. Read more ›

Posted in Note to self, Tinkering

So long Github and thanks for all the fish

I have to admit, I’m mildly surprised by Microsoft buying Github. I mean, I always expected Github to eventually sell out, but I thought the buyer would be Google. Speaking of which, I wonder how pissed big G currently is, after abandoning Google Code in favour of Github and migrating tons of their own projects there. It’s bittersweet irony, when you consider that Microsoft was the company to pioneer customer lock-in in the software business, Google not only learned the ropes from, but also surpassed them and now the master is teaching the student a new page. Read more ›

Posted in Rants

The GDPR is here! Panic!

Just had this curious question scroll by: “Should I lock European users out of my website because of the GDPR?” Read more ›

Posted in Persepective

GDPR is probably the best piece of legislation of the decade

Sure, everyone is currently moaning and bitching about getting compliant and having to spend money on it, but that is actually a good thing! In the past, collecting data by invading everyone’s privacy came at virtually no cost. Everyone knew it was wrong, but did it nevertheless because consultants told us it was the thing to do (after all, you have to keep up with the competition). As long as you had an exhaustive privacy statement, everything was peachy. Previous legislation simply allowed you to do heinous things on the condition that you openly stated your intentions and got informed consent for them. Of course we all know, that to be legal bullshit, since people tend not to (properly) read the contracts they sign. The end result was raising a whole generation thinking that total loss of privacy was a good thing because it gave them “free” services.

In the past, I used to tell people, that we should probably have a tax on collecting private data, for the same reason, we have a tax on alcohol and tobacco. The idea, of course, was stupid. It’s technically impossible to implement and steering taxes usually backfire anyways, since the state then earns money from a misbehaviour it originally intended to abolish.

The GDPR is something a lot better than a steering tax, as it makes data collection expensive without turning the state into an accomplice! Worse (better), yet, the cost of collecting personal data rides on court orders.  A flat fee can be incorporated in a price calculation. An unpredictable fine can’t. In other words, the GDPR is a genius move that turns personal data collections from asset to liability. This shoots “let’s just take the whole haystack” business model out of the water and companies will have to think twice about what data they collect (and if they need it at all). We are talking about a cultural game changer here and hopefully the next generation(s) will look back at the at the beginning of the 21st century wondering how anybody could think then that keeping a file on everyone was even a remotely good idea.

Posted in Rants

What to do with insanely stupid app reviews on Google Play?

I just had this wonderful brainfart looking through my text adventure app reviews on Google Play. As does everybody, I got a number of insanely stupid one star ratings and by that I don’t mean dumb as in “didn’t bother to read the instructions”, but as in “the phone is 10 times smarter than it’s user!”. Well, not much you can do about those (except maybe use my review browser tool). So wouldn’t it be fun to have a “Hall of Shame” section on the app’s website? Collect screenshots of the most ridiculous reviews and post them there for general amusement? Would be a nice and cheap way to add more content to the website, but unfortunately, it would also incentivize trolls to leave horrible reviews on purpose. So, bad idea!

Well, if anyone has a good idea on what to do shitty reviews in general, I got the code to download them in bulk from any given app.

Posted in Uncategorized

Can’t log into your Google account, even if the password is correct.

It sometimes happens that you can’t log into your Google account with 3rd party clients (e.g. a PC APK downloader). You just get a Bad Authentication error, telling you that your credentials are incorrect (even if they aren’t). What really happened is Google blocking your login attempt because it somehow “looked different” than usual and that triggered the intrusion detection alarm.

Solution: Log into your Google account with a web browser and go to it’s settings page. Check the list of last logins, a security alert should be shown there. Confirm that this was you. Afterwards you can sign in again with your 3rd party client.

Posted in Note to self

SEO and a company, dead for three decades

Infocom was closed down in May 1989. Barely any one still remembers the name, but curiously, I find that most people install the Text Fiction app to play Zork, Infocom’s first and most popular game which lives on in pop culture and is referenced now and then in TV shows like the Big Bang Theory.

Read more ›

Posted in Web