| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by voltagex_ 3420 days ago
	No idea what Yalp is doing with your email here: https://github.com/yeriomin/YalpStore/blob/23503d639034d68b8... I find Android code really hard to read - there's so many levels of indirection here I can't find where it's actually calling whatever.google.com to grab the APK

1 comments

jay-anderson 3420 days ago

This particular code looks fairly straightforward (could definitely be clearer). It's building a url and including the email as a path segment. What the remote service (http://tokendispenser-yeriomin.rhcloud.com/) is doing with that email is harder to determine.

link

problems 3420 days ago

That part is open source too: https://github.com/yeriomin/token-dispenser

That said, if you're sketched out by it, don't use it on a Google account with any data on it. Just make a new empty account for apk downloading.

link

voltagex_ 3419 days ago

"Stores email-password pairs, gives out Google Play Store tokens"

I couldn't tell if it was encrypting the password but even if it was... yuck!

link