| Your 'app' could have been a webpage (so I fixed it for you)(danq.me) | |
| 840 points by MrVandemar 4 days ago | 506 comments | |
tl;dr: Annoyed that a travel agency required installing a 43MB Android app just to view an itinerary that was really just HTML, images, and PDFs, the author reverse-engineered its API traffic using a rooted Android emulator and HTTP Toolkit. They discovered the app authenticates via a URL containing a concatenated username/password and returns JSON containing all content. They wrote a Ruby script to fetch the JSON and generate a lightweight, password-protected webpage—0.05MB instead of 124MB—stripped of tracking and ads, and shared it with their tour group. | |
HN Discussion:
| |