My Google Play API

Christopher Bleckmann-Dreher -

Today it finally happened,
after more than a decade of mobile app pentests and security reviews I was so fucking bored of how complicated it could be to just get the latest APK of a certain Android App without using a real Android device or a proper Emulator with all GPlay services in place.

Quite sure I am aware of all the great services out there like APKMirror, APKCombo, APKPure, AuroraOSS and also very cool GUI software like Raccoon (paying customer since long time, has really cool features). However, I wanted sth. where I can easily and quickly get the latest and greatest Android APKs directly from the Google Playstore. By easily I think about a simple way, that I can use in all my testing circumstances. Hello HTTP :-D

Searching for packages:

curl 'https://XXX.tk/search/mercedes' | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1203  100  1203    0     0    317      0  0:00:03  0:00:03 --:--:--   317
{
  "com.DominikKotlarEULC": "Über 10.000.000 Downloads",
  "com.autuo.MERCEDES.AMG.GT.WALLPAPER": "Über 1.000 Downloads",
  "com.blackdrive.aclassdriver": "Über 100.000 Downloads",
  "com.daimler.dashcamng.android": "Über 10.000 Downloads",
  "com.daimler.eqstar.android": "Über 50.000 Downloads",
  "com.daimler.moba.kundenapp.android": "Über 1.000.000 Downloads",
  "com.daimler.partscan.android": "Über 50.000 Downloads",
  "com.daimler.remoteParkPilot.android": "Über 100.000 Downloads",
  "com.daimlerbkk.android": "Über 50.000 Downloads",
  "com.gizmawallpaper.MercedesBenz": "Über 10.000 Downloads",
  "com.kokicilik.mercedeswallpaperhd": "Über 100.000 Downloads",
  "com.livestyled.mbarena": "Über 10.000 Downloads",
  "com.majjane.mercedes": "Über 50.000 Downloads",
  "com.mercedes.amgonedre": "Über 100 Downloads",
  "com.mercedesnord.app": "Über 5.000 Downloads",
  "com.muneerhallows.mercedeswallpapers": "Über 5.000 Downloads",
  "com.oppanagames.car.simulator.c63": "Über 1.000.000 Downloads",
  "com.techapp.audi.techappformercedes": "Über 5.000 Downloads",
  "mercedes.wallpapers.hd": "Über 50.000 Downloads",
  "nl.mobielbekeken.ruttchen": "Über 1.000 Downloads"
}

Download request will provide you with a valid Google Playstore token for downloading the specific app:

curl https://XXX.tk/download/com.snapchat.android
<!doctype html>
<html lang=en>
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to the target URL: <a href="https://play.googleapis.com/download/by-token/download?token=AOTCm0SL-Fh6Rw_zAXix4sYKbDDJceIC1JY8fLFeMa1Nk7hTs5gzEDXTWHSBGOyOCNxwQmBqv_l2iRJJcgMEPww3MaWqFcrZg-pDFlqyBu9ZomVVw4eTm6NqRuWXA0Jh5t550IP_93vQvLo6n0h90EbvT0HgIHia-UTWd11IA7-djXbTreohrZMwCl6eEuz7t7OkCf7cv1q4QbDN9Rt4KaPwCgouPHTdMhDPIYkhNupKnx9MKI6Hk5espQO8BEbwoXssU2lwZ1TnPcZU9ehVw1qj1vTag4rOyVMzBhmITRSKRMSAfJCotRUm0b83Xs4qwIYF28_7c9_AZfHkX65Jo5DMU37uzcV3Y2UzFuElPb04hyLY3kqNW-XopgSCLmos7wQbpvI5Vr34zZ_DFLqXiBMWckzjpBxT&amp;cpn=uLB_7rJFSE4SvhnB">https://play.googleapis.com/download/by-token/download?token=AOTCm0SL-Fh6Rw_zAXix4sYKbDDJceIC1JY8fLFeMa1Nk7hTs5gzEDXTWHSBGOyOCNxwQmBqv_l2iRJJcgMEPww3MaWqFcrZg-pDFlqyBu9ZomVVw4eTm6NqRuWXA0Jh5t550IP_93vQvLo6n0h90EbvT0HgIHia-UTWd11IA7-djXbTreohrZMwCl6eEuz7t7OkCf7cv1q4QbDN9Rt4KaPwCgouPHTdMhDPIYkhNupKnx9MKI6Hk5espQO8BEbwoXssU2lwZ1TnPcZU9ehVw1qj1vTag4rOyVMzBhmITRSKRMSAfJCotRUm0b83Xs4qwIYF28_7c9_AZfHkX65Jo5DMU37uzcV3Y2UzFuElPb04hyLY3kqNW-XopgSCLmos7wQbpvI5Vr34zZ_DFLqXiBMWckzjpBxT&amp;cpn=uLB_7rJFSE4SvhnB</a>. If not, click the link.
penguin/ENV:100.115.92.196/17:15:42 Sun Oct 08
cd@penguin/~: 0 $curl -L https://XXX.tk/download/com.snapchat.android
Warning: Binary output can mess up your terminal. Use "--output -" to tell 
Warning: curl to output it to your terminal anyway, or consider "--output 
Warning: <FILE>" to save to a file.
penguin/ENV:100.115.92.196/17:16:31 Sun Oct 08

Following the redirect will directly give you the APK:

cd@penguin/~: 0 $curl -L https://XXX.tk/download/com.snapchat.android --output com.snapchat.android.apk
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1191    0  1191    0     0    332      0 --:--:--  0:00:03 --:--:--   332
  0     0    0     0    0     0      0      0 --:--:--  0:00:03 --:--:--     0
100  136M  100  136M    0     0  11.2M      0  0:00:12  0:00:12 --:--:-- 19.0M
penguin/ENV:100.115.92.196/17:16:56 Sun Oct 08
cd@penguin/~: 0 $file com.snapchat.android.apk 
com.snapchat.android.apk: Zip archive data, at least v0.0 to extract
penguin/ENV:100.115.92.196/17:17:20 Sun Oct 08
cd@penguin/~: 0 $ls -lha com.snapchat.android.apk 
-rw-r--r-- 1 cd cd 137M Oct  8 17:16 com.snapchat.android.apk

Currently the API ist semi-public, I won't disclose the URL here. If you are interested just drop me a DM.