droidconIN 2016

The sixth edition of droidconIN

Creating an aggregator for hyperlocal ecommerce

Submitted by Arnav Gupta (@championswimmer) on Thursday, 21 July 2016

videocam_off

Technical level

Advanced

Section

Full talk (40 minutes)

Status

Submitted

Vote on this proposal

Login to vote

Total votes:  +6

Abstract

Last summer, I and my college mates embarked upon a fun project - “Let us make an app that can search all hyperlocal ecommerce apps”.
The result was Greplr - http://greplr.github.io/greplr.com/
A year down the lane, what could have been possibly a startup, is now just an open source project on Github, with most of us busy in our personal/professional/academmic lives. But the there were many learnings from the project - the biggest of which is that most ecommerce apps are easy to penetrate and sniff data from and deeplink into.

Outline

To start creating an ecommerce aggratator app, the ingredients are these -

  • Access to the APIs of the target apps/services
    • We can get public APIs of apps like Zomato, Uber, Ola
    • We can use the internal APIs of the others, using their own app’s auth keys (MITM)
  • Understanding of the data models received and their meaning
    • Mostly the JSONs should be understandable
    • Studying the model files after decompiling would give a clearer picture
  • Downloading the data without raising suspicion
    • If your server’s IP address downloads truck loads of data, it’ll get IP-banned
    • We can make the API calls straight from users’ phones - i.e. all from different IPs
    • We can use Packet Capturing (Wireshark) to read and emulate headers of vendor’s own app (MITM)
  • Deeplink into the apps
    • So user searches restaurants on your aggregator. Now what ?
    • You want to click on restaurant, and it should open restaurant’s page on Swiggy/Zomato
    • Dig the intent schemas of apps, and find out how to deeplink to their internal pages

Requirements

  • Understanding of Java decompilation process (using JADX or such)
  • Understanding of TCP packet capturing (Wireshark or VPN spoofing)
  • Understanding of deeplinking in apps
  • A good understanding of JSON format (including using Gson to parse unknown schemas)

Speaker bio

Currently I teach Android Application Development at CodingBlocks, a programming bootcamp startup.
I have been a Developer and Device Maintainer at CyanogenMod and AOKP, building latest Android images for Sony Xperia devices, adding awesome usability features that make users fall in love. I have also been a contributor to the Dialer and Phone projects under AOSP.
I have been a Open Source community partner with Sony Mobile for the last two years.
I was part of the team that made many contextually smart UI/UX enhacements for the Micromax Canvas A290, A310, A315 series of phones.
I am also an open source enthusiast with contributions to Linux, GNOME, Arduino, Android and other open source projects, and a Google Summer of Code alumnus.
Have been a speaker at Mobile Developer Summit 2014, and DroidCon 2014, 2015.

Links

Comments

Login with Twitter or Google to leave a comment