Dragon*Con Android App Internals

I took it upon myself to root my phone and run a packet capture to figure out why the Android app seemed so slow on my phone. Here is what happens when you start it. All data transfers are in unencrypted JSON unless otherwise noted. I was connected via 4G at the time, and data transfer at the actual convention will likely be much, much slower.

To capture this data, I used shark for root and viewed the resulting data with Wireshark.

Version check

It checks if there is new data by downloading (GET) http://m.core-apps.com/dragoncon12/data/currentVersion (0.5 seconds, just a number string, which as of this writing was 13392)

Database download

It downloads (GET) an entire set of data, about 375 kb: http://m.core-apps.com/dragoncon12/data/db.sqlite3.gz (1.8 seconds) To view this file, you may want to use the SQLite Database Browser.


It downloads (GET) http://m.core-apps.com/dragoncon12/settings/json (very small, has basic app settings)

Updates information about you

It POSTs the information you have entered into the application (1.6k) to http://m.core-apps.com/dragoncon12/android/update?si=(number string)&ei=0&fmid=(long hex string)

This POSTS screens, device ID, device brand, device model, the events that you have put onto your calendar (I think…), install_id, some other number, your contact info as entered into the profile, and the version of android that you’re running.

Updates friend list

I selected friends and it posted my current friend list to http://m.core-apps.com/dragoncon12/android/friends?device_id=(hex number)&ts=(dec number)&iinstall_id=(guid)

This POSTSs your friends in the app in JSON array, each with a timestamp, an ID, and a publish_schedule_to field.

That returns an array of information about your friend with {id, first_name, last_name, title, company, email, phone, profile_image_url, profile_thumb_url, twitter_profile, status, status_exhibitor_id, status_date, sharing_schedule, sending_schedule, [their schedule, an array of: {id, schedule_id, start date, minutes_long, title, location_description, description, timestamp, exhibitor, deleted}]}

Downloads ad information

It downloads (GET) http://api.coreapps.net/dragoncon12/ads/android.json … that consists of a small JSON file with urls and meta-data for a small banner ad and a full-screen ad.

Requesting a friend token

When you request a friend token, it downloads (GET) http://m.core-apps.com/dragoncon12/newFriendToken?device_id=(hex string)&install_id=(guid)&format=json ; the result is in JSON, in the form: {“token”:”282278″}

Sending a friend request

When you add someone else as a friend, it downloads (GET) http://m.core-apps.com/dragoncon12/acceptFriend?device_id=(hex string)&token=(friend token)&install_id=(guid)

This returns a text result; when I attempted it with a valid friend code, it returned the string: OK
When I tried to add that same token again, it returned the string: Token not found

Andrew Guyton

Leave a Reply