Ingress APK Teardown [1.89.0/1]
Welcome back everyone. We took a break for a few versions of teardowns, as there was not much worth mentioning. We did have some exciting changes though with the enhanced capsule handling (sorting, multi select, etc). These changes were visible to all agents while we try and focus our effort to finding things that hide from the public eye.
Now this teardown is late, really late. First off, this version of Ingress (1.89.0) started a new data structure of internal elements. This structure broke all my tools that I use to decode. Luckily, I also maintain such tools so fixes had to be done and quick. This bug took far too long to fix. Once I finally fixed the problem, I was in a car driving to an anomaly.
Thus we are late, so lets get into it.
I noticed a large amount of changes to both the AndroidManifest and source files. They all referenced this new analytic engine (Think Google Analytics), except from a company known as Upsight.
The Manifest file showed a basic list of what was being sent.
- Hashed User ID
- Application Open & Active
- Application Closed
- Application Paused (Foreground)
Information Shared with Third Parties. We may share aggregated information and non-identifying information with third parties for industry research and analysis, demographic profiling, and other similar purposes.
I can’t speak if the information is aggregated or not by the time it reaches the source, but on initial look every request seems unique to my device. I monitored the requests my 1.89.0 scanner sent and between certain actions or 200-400 seconds a request was sent to this company with the following information.
With a lot more information than I thought. Fields that stuck out to me were
- My latitude & longitude coordinates
- Granted Ingress needs those for the game to function, but a 3rd party 😮
- My user id (hashed)
- My device id (hashed)
So I took a look at the service (Upsight Custom Metrics) – and it looks powerful. Reports and graphs easily sort-able by the mass amount of information being provided.
Code Cleanup & Additions
This version also removed & added a few things
- Removed the old “invite only” system.
- Those who were around during the invite only days will remember this.
- Added a new dependency “FasterXML”
- This is used for reading/parsing JSON
- Conveniently what both Ingress & Upsight uses to communicate between server & client.
- Removed Android Wear (Ingress Wearable)
- Never mind. Version 1.89.1 added it back.
1.89.0 was built on Dec 2nd and we obtained it on Dec 7th. Likewise 1.89.1 was built and released on Dec 10th. Upsight was the large change of this version with a large amount of code cleanup done.