So recently I’ve been having quiet an experience with downloading apk files from the android market and through the ADC2 review application. The ADC2 application actually just uses the same downloader that the market does — so that’s a quick reason as to why so many other people are also having this trouble.

Anyway the fix that I have been using is the downloading snippet I posted previously in conjunction with the authtoken snippet.

The one thing I needed to find was the assetId, which conviently was located in an xml file of the currently being reviewed application. This makes it so you don’t have to fire up wireshark or tcpdump to grab the assetId.

Simple load up adb or the terminal on your phone and navigate to, /data/data/com.google.android.challenge/shared_prefs and view the file com.google.android.challenge.xml, the contents will look something like this:

<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<int name="adc.status" value="1" />
<boolean name="accepted.tos" value="true" />
<string name="current.developer.name">United Swe</string>
<string name="current.size">430k</string>
<string name="current.description">Send money to a friend with just their phone number. Get money too. Or create an IOU. Same as cash but with phone numbers and phone messages. Easy to track. Convenient. And rewarding too! Test mode allows working with &quot;play money&quot; to try out all the features. Even works with legacy text messaging phones. Feedback?</string>
<string name="install.target.packagename">com.fonepays</string>
<string name="current.package.name">com.fonepays</string>
<string name="current.asset.id">-7878887740798669019</string>
<long name="last.nag.time" value="1254261597127" />
<string name="current.permissions">android.permission.ACCESS_WIFI_STATE|android.permission.ACCESS_NETWORK_STATE|android.permission.CHANGE_NETWORK_STATE|android.permission.INTERNET|android.permission.STATUS_BAR|android.permission.VIBRATE|android.permission.READ_CONTACTS|android.permission.READ_PHONE_STATE|android.permission.RECEIVE_SMS|android.permission.SEND_SMS|android.permission.TELEPHONY_SERVICE</string>
<string name="current.label">FonaPays - The Easy Way to Pay</string>
</map>

We can easily see above that the string value of current.asset.id is the assetId we need. This will let you easily download the apk files to your computer and install them to your phone in no time :) Hopefully this will help some people who are having the same trouble I was!

Also, just a little note - this will let you obviously save the apk files opposed to not retaining them after submitting a review. This could also be accomplished by doing the old method of a pull from /data/app used for backing up normal applications - since the ADC2 apps are saved to the same location. Enjoy!

Vending Assets Database; /data/data/com.android.vending/databases/assets.db

CREATE TABLE assets(
_id INTEGER PRIMARY KEY AUTOINCREMENT,
server_id INTEGER UNIQUE,
content_uri TEXT,
state TEXT,
download_pending_time INTEGER,
download_start_time INTEGER,
install_time INTEGER,
uninstall_time INTEGER,
size INTEGER,
type TEXT,
package_name TEXT,
is_forward_locked TEXT,
signature TEXT,
refund_timeout INTEGER,
version_code INTEGER,
server_string_id TEXT);

Here is an example entry:

_id: 173
server_id: -8619153599380214487
content_uri: content://downloads/download/240
state: UNINSTALLED
download_pending_time: 1233920808560
download_start_time: 1233920811792
install_time: 1233920833173
uninstall_time: 1233936584707
size: 498702
type: 1 (1 = app, 4 = game?)
package_name: com.netdragon
is_forward_locked: false
signature: 7LARjEsYODOYdkX2eWj8yP0Ye-M#498702
refund_timeout: NULL
version_code: NULL
server_string_id: -8619153599380214487

Didn’t have much time as of lately to post, so I figured I’d drop this schema and an example entry on the blog. It shows how the Vending application stores “assets”. I’m still doing more research, but it looks like the previous “DRM” that we’ve mentioned isn’t the only security measure that will be in place. As you can see “is_forward_locked” is a field, though all applications I’ve run across have this disabled (both protected and unprotected). The “version_code” and “refund_timeout” also seem to not be used.

So I’m not sure why I didn’t think to try to get live market data? For some reason I just *figured* it would be done with SSL or something so I just didn’t try it. Long story short, after building a market-cache parser - I realized, DOH! You can just get the market data live using certain requests! Luckily the parser I made worked fine with the data that I was getting sent back.

It took a little reversing of Vending.apk to see exactly what type of encoding was being used - I sort of guessed right just by looking at what the phone was sending via a Cain&Abel and Wireshark dump. Though google just happened to have some data in there that would through errors if you tried decoding the data directly or certain ways.

I’ll post come up some of the reversing I did on Vending.apk - more specifically the .buildPostParameters routine which is where everything was created for post. It’s actually pretty interesting stuff, and it helped find some routines online that google has publicly available through apache… Though I didn’t find them in the Android libraries :) (nice of them, no? haha)

Anyway, tournament tomorrow followed by a snowboarding trip tomorrow - so I’ll probably post that data on monday!