Prototype cheat ASO promotion

Hello!

I’ll say right away that none of my applications have been popular yet, so my personal judgments about the uselessness of setting up key phrases and describing the application on Google Play are more likely to be incorrect. But you know, the first desire after the publication of the long-awaited application, so that users finally began to install and use it. What a disappointment when this does not happen and after a long time, I think many people know. It seems that it makes no sense to create something worthwhile, if all the same, his fate is stored in the dump of the market.

Over the past six months, I have twice met orders for developing an application for automatic downloading of applications on Google Play on freelance. I took the first time because of interest, but I didn’t have enough experience to finish, I didn’t take it a second time, because it turned out to be not at all a simple matter (even more in terms of practical testing). Honestly, I am not sure that in the end something can turn out to be worthwhile, since it did not reach the final stage.

As you already understood, the idea is simple: the more downloads, the higher the rating of the application.

The technical side of the issue

First, we need root rights on the device. From ui I think there is nothing to create to ensure the work itself.

You also need, for example, one foreground service with a timer and several receivers for system events (Internet, screen, etc.), if necessary.

What is the actual algorithm? Sign in to the account — open the application page — download the application — finish the application installation — remove the application — exit the account, i.e. change account.

As for opening the application page, everything is simple:

startActivity(new Intent(Intent.ACTION_VIEW, Uri.parse("market://details?id=" + pckg))); 

With the removal, too, there are no difficulties (line by line commands to perform)

 "rm -rf /data/app/" + packageName + "*" "rm -rf /data/data/" + packageName "am broadcast -a " + Intent.ACTION_PACKAGE_REMOVED + " -d \"package:" + packageName + "\"" + " --ez android.intent.extra.REMOVED_FOR_ALL_USERS true" + " --ez " + Intent.EXTRA_DATA_REMOVED + " true" + " --ez " + Intent.EXTRA_DONT_KILL_APP + " false" + " --ei " + Intent.EXTRA_UID + " " + applicationInfo.uid + " --ei android.intent.extra.user_handle 0" 

If you do not send a message about deletion, the icon in the menu will not disappear.

How do I know when the installation of the downloaded application is complete? To do this, inherit NotificationListenerService and listen to the appearance of a notification about the end of the installation. And with root rights, it's easier to give yourself permission for this:

 //  "settings get secure enabled_notification_listeners" //  "settings put secure enabled_notification_listeners " + packageWithClassName //   ,       

To exit from your account, you can try to delete the system database (maybe in different places) accounts.db . I have not tried it, so I don’t know for sure whether it will work. In general, in any case, there is a more difficult alternative for this.

Also, to control the change of accounts should use the OnAccountsUpdateListener interface.

The most difficult thing remains: logging into the account and downloading the application (and logging out of the account, if the removal of the database fails). What is easiest for the user is harder for the application. At first, I was thinking about emulating clicks on the screen, but I quickly realized that it was extremely difficult (or impossible). It turned out to be much easier to emulate keystrokes (enter, tab, menu, up, left, and so on). You need to know their codes accordingly.

 public static final int CODE_UP = 19; public static final int CODE_DOWN = 20; public static final int CODE_LEFT = 21; public static final int CODE_RIGHT = 22; public static final int CODE_POWER = 26; public static final int CODE_TAB = 61; public static final int CODE_ENTER = 66; public static final int CODE_MENU = 82; 

And the commands to call them:

 "input keyevent " + code //    (,   ) "input text " + text 

Everything is good, but how do you know that clicking on the desired window occurs? For this there is a command dumpsys window windows . Grepim is the right data and should handle this. I also tried to make a start from the current screen layout (widget hierarchy, identifiers), but I didn’t find a simple solution for this (there was some, but you don’t even have to try there, because it’s just a giant and incomprehensible output).

There was also the question of how to control that, for example, Google Play (by the way, login also applies; in fact, the system application is responsible for authorization, that is, no magic) uploaded the data (pictures, description, reviews), otherwise it’s just not going to be pressed to go. First, find out the uid of the required application:

 "dumpsys package " + packageName + " | grep -E 'userId'" 

Then we listen to whether the sizes of received and transmitted packets are changing (rather increasing) (by timer). If there is no change for a while and the connection is stable, then everything is loaded. I thought to analyze the traffic almost at the wireshark level, but why complicate things. But, unfortunately, there is no absolute guarantee (even if all requests with responsiveness were controlled).

 "cat proc/uid_stat/" + uid + "/" + (rcvIf ? "tcp_rcv" : "tcp_snd") 

Like all of this part.

The economic side of the issue

- Why do you need human souls?
- With the current economy? Yes, this is the only worthwhile thing!
Balthazar

As you can already understand, for this purpose requires a lot of "Google souls." Well, you can buy them (or create, until you get tired of the most economical). On average, the price of a single Google account is 10 rubles. Simple arithmetic, I need 1k installations => pay 10k rubles.

In my opinion, sad numbers. From my experience of such purchases I will say that you can easily lose all of them at any time (in other words, Google will ban). It’s not even a matter of resale of accounts, as much as in errors of use, although this may be the result of the first one. I don’t know for sure what are the ways of Google’s struggle with this. Most likely, they determine such activity according to ip addresses (I do not think that the proxy is a good helper here), the frequency of using the account (including entering and leaving it), and so on. In general, the whole garden probably does not justify itself.

PS Do not substitute a work account, because everything described above violates the policy of using Google Play services, it can also simply be banned.

PPS Regarding the survey, if it wins, yes, it’s likely to publish the groundwork here .

PPPS Posted