Mobile Application URI Bootstrap

afourney edited this page Dec 15, 2016 · 22 revisions

NEW!!!

The Boot URI is user-configurable in the application itself!!!! (thanks to fletchto99)

  • In the iOS app, open settings
  • Find an empty space, and tap 5 times with 3 fingers
  • This opens a secret settings page
  • Click `3. Debug Settings'
  • Scroll to the bottom and select Custom Remote Config Endpoint

Note: On Android, it should have been possible to set the boot URI by calling pebble://set-boot-config. However, jlai noted: "The boot config change deep link is disabled on production builds on Android".

sirlantis added: "Can't give you more details nor promises yet, but we are investigating how to enable boot config sideloading, too (there are some security concerns)."

It is likely that at least one security concern relates to the leak of bearer tokens -- if Pebble's authentication services are used, but other API endpoints are swapped, then bearer tokens may be leaked. It's unclear if / how bearer tokens are ever expired.

Notes

  • When the Android or iOS mobile applications first load, they contact https://boot.getpebble.com/api/config to get a list of API endpoints.
  • This is a sample request from Android: https://boot.getpebble.com/api/config/android/v3/4?app_version=4.3
  • This is a sample request from iOS: https://boot.getpebble.com/api/config/ios/v3/1/1?app_version=4.3
  • The bootstrap URI is configurable by editing the Android resource file: ./smali/com/getpebble/android/config/a.smali
  • A default copy of the of the bootstrap response is stored here: `./assets/default_boot_config.json' , but the online version takes precedence (verify).
  • This implies that all web API endpoints, including a drop-in replacement for the store and for authentication, can be changed without modifying any Bytecode!
  • It has also been suggested that pages on the App Store can also call "special URIs to make the mobile applications do stuff"
  • Static resources (e.g., app store pages) are heavily cached. I had to uninstall and reinstall the mobile application to see them get requested. This appears to be controlled by the manifest.appcache

API Documentation (here)

/api/config/android/v1/:releaseId
GET
Handle incoming requests from the Pebble android app. Supports the following locales:de_DE,en_US,es_ES,fr_FR,it_IT,pt_PT

/api/config/ios/v1/:releaseId/:jsId
GET
Handle incoming requests from the Pebble ios app. Supports the following locales:de_DE,en_US,es_ES,fr_FR,it_IT,pt_PT

/api/config/android/v3/:releaseId 
GET
Handle incoming requests from the Pebble android app. Supports the following locales:de_DE,en_US,es_ES,fr_FR,it_IT,pt_PT

/api/config/ios/v3/:releaseId/:jsId
GET
Handle incoming requests from the Pebble ios app. Supports the following locales:de_DE,en_US,es_ES,fr_FR,it_IT,pt_PT

Example response

{
"config": {
    "id": "android/v3/4",
    "href": "https://boot.getpebble.com/api/config/android/v3/4",
    "links": {
        "resources": "https://dev-portal.getpebble.com/api?platform=android",
        "authentication/push_tokens": "https://auth.getpebble.com/api/v1/push_tokens?platform=android",
        "authentication/me": "https://auth.getpebble.com/api/v1/me.json?platform=android",
        "apps/categories": "https://dev-portal.getpebble.com/api/categories?platform=android",
        "apps/app_index": "https://dev-portal.getpebble.com/api/categories/index?platform=android",
        "apps/face_index": "https://dev-portal.getpebble.com/api/categories/faces?platform=android",
        "apps/uuid_upgrades": "https://dev-portal.getpebble.com/api/applications/upgrade?platform=android",
        "apps/failed_upgrades": "https://dev-portal.getpebble.com/api/failed_upgrades?platform=android",
        "users/app_locker": "https://dev-portal.getpebble.com/api/users/locker?platform=android",
        "users/me": "https://dev-portal.getpebble.com/api/users/me?platform=android",
        "remote_device_analytics": "https://pb-collector.getpebble.com/analytics",
        "i18n/language_packs": "https://lp.getpebble.com/v1/languages",
        "diagnostics": "https://auth-api.getpebble.com/api/v2/users/diagnostics",
        "trending_searches": "https://pebble-trending-searches.s3-us-west-2.amazonaws.com/production/data.json?hardware=$$hardware$$&platform=android"
    },
    "locker": {
        "get_endpoint": "https://appstore-api.getpebble.com/v2/locker",
        "add_endpoint": "https://appstore-api.getpebble.com/v2/locker/$$app_uuid$$",
        "remove_endpoint": "https://appstore-api.getpebble.com/v2/locker/$$app_uuid$$",
        "onboarding_data": "https://pebble-onboarding-data.s3-us-west-2.amazonaws.com/production/android/$$hardware$$.json"
    },
    "authentication": {
        "method": "oauth2",
        "sign_in": "https://auth-api.getpebble.com/oauth/token",
        "sign_up": "https://auth-api.getpebble.com/oauth/token",
        "refresh_token": "https://auth-api.getpebble.com/oauth/token",
        "debug_access_token_cookie": {
            "domain": ".getpebble.com",
            "secure": true
        }
    },
    "webviews": {
        "loading/buy_a_pebble": "https://getpebble.com?utm_campaign=PebbleApp&utm_medium=referral&utm_source=android-start-screen",
        "authentication/sign_in": "https://auth-client.getpebble.com/en_US/?platform=android&release_id=4&ap_version=4.3&mid=$$phone_id$$&pid=$$pebble_id$$&platform=android&redirect_uri=pebble%3A%2F%2Flogin",
        "authentication/sign_up": "https://auth-client.getpebble.com/en_US/signup?platform=android&release_id=4&ap_version=4.3&mid=$$phone_id$$&pid=$$pebble_id$$&platform=android&redirect_uri=pebble%3A%2F%2Flogin",
        "onboarding/get_some_apps": "https://apps.getpebble.com/en_US/onboarding/getsomeapps?platform=android&release_id=4&app_version=4.3&pebble_color=$$pebble_color$$&hardware=$$hardware$$&uid=$$user_id$$&mid=$$phone_id$$&pid=$$pebble_id$$&$$extras$$",
        "onboarding/migrate": "https://apps.getpebble.com/en_US/onboarding/migrate?platform=android&release_id=4&app_version=4.3&pebble_color=$$pebble_color$$&hardware=$$hardware$$&uid=$$user_id$$&mid=$$phone_id$$&pid=$$pebble_id$$&$$extras$$",
        "onboarding/get_more_info": "http://help.getpebble.com/customer/portal/articles/1422148-migration",
        "appstore/watchapps": "https://apps.getpebble.com/en_US/watchapps?platform=android&release_id=4&app_version=4.3&pebble_color=$$pebble_color$$&hardware=$$hardware$$&uid=$$user_id$$&mid=$$phone_id$$&pid=$$pebble_id$$&$$extras$$",
        "appstore/watchfaces": "https://apps.getpebble.com/en_US/watchfaces?platform=android&release_id=4&app_version=4.3&pebble_color=$$pebble_color$$&hardware=$$hardware$$&uid=$$user_id$$&mid=$$phone_id$$&pid=$$pebble_id$$&$$extras$$",
        "appstore/developer_apps": "https://apps.getpebble.com/en_US/developer/$$id$$?platform=android&release_id=4&app_version=4.3&pebble_color=$$pebble_color$$&hardware=$$hardware$$&uid=$$user_id$$&mid=$$phone_id$$&pid=$$pebble_id$$&$$extras$$",
        "appstore/application": "https://apps.getpebble.com/en_US/application/$$id$$?platform=android&release_id=4&app_version=4.3&pebble_color=$$pebble_color$$&hardware=$$hardware$$&uid=$$user_id$$&mid=$$phone_id$$&pid=$$pebble_id$$&$$extras$$",
        "appstore/application_changelog": "https://apps.getpebble.com/en_US/changelog/$$id$$?platform=android&release_id=4&app_version=4.3&pebble_color=$$pebble_color$$&hardware=$$hardware$$&uid=$$user_id$$&mid=$$phone_id$$&pid=$$pebble_id$$&$$extras$$",
        "appstore/application_share": "https://apps.getpebble.com/applications/$$id$$",
        "appstore/search": "https://apps.getpebble.com/en_US/search?platform=android&release_id=4&app_version=4.3&pebble_color=$$pebble_color$$&hardware=$$hardware$$&uid=$$user_id$$&mid=$$phone_id$$&pid=$$pebble_id$$&$$extras$$",
        "appstore/search/query": "https://apps.getpebble.com/en_US/search/$$search_type$$?native=true&query=$$query$$&platform=android&release_id=4&app_version=4.3&pebble_color=$$pebble_color$$&hardware=$$hardware$$&uid=$$user_id$$&mid=$$phone_id$$&pid=$$pebble_id$$&$$extras$$",
        "support": "http://help.getpebble.com/customer/en/portal/articles",
        "support/bt_findcode_help": "http://help.getpebble.com/customer/en/portal/articles/1422126",
        "support/bt_pairing_help": "http://help.getpebble.com/customer/en/portal/articles/1774338",
        "support/fw_update_failed_help": "http://help.getpebble.com/customer/en/portal/articles/1738034",
        "support/getting_started": "http://help.getpebble.com/customer/en/portal/articles/1936231?b_id=8309",
        "support/faq": "http://help.getpebble.com/customer/en/portal/articles/1949825-faq?b_id=8309",
        "support/community": "http://help.getpebble.com/customer/en/portal/articles/1422153",
        "support/suggest_something": "http://help.getpebble.com/customer/en/portal/articles/1889438?b_id=8309",
        "support/android-actionable-notifications": "http://help.getpebble.com/customer/en/portal/articles/1819783",
        "support/ios_sms_replies": "http://help.getpebble.com/customer/en/portal/articles/2166170",
        "onboarding/privacy_policy": "https://www.pebble.com/legal/privacy#",
        "onboarding/sms_privacy_policy": "https://www.pebble.com/legal/privacy#sms",
        "onboarding/nexmo_privacy_policy": "https://www.nexmo.com/privacy-policy/",
        "onboarding/nexmo_acceptable_use_policy": "https://www.nexmo.com/acceptable-use/"
    },
    "developer": {
        "ws_proxy_url": "wss://cloudpebble-ws-proxy-prod.herokuapp.com/device"
    },
    "keen_io": {
        "project_id": "52e205f405cd6662b9000000",
        "write_key": "10c51e6eca83f6b4f99cd0a1bb832aaaadb8d7fb03c16dd046c65bc53a8da969ba734e8ed1aa95ce02a84c14fde8ac91c70c908208e6a1bf1852cfeb30554d10715889ae3c6ac696a86a816ad0a2acaad0d0f08f70623d12dd2aaa73b9534ac06f0a09af18a5ea26012698a6866f0560"
    },
    "treasure_data": {
        "endpoint": "https://in.treasuredata.com/",
        "write_key": "4432/0fe3124e45fa5882e919b116d98449f22ab427e8"
    },
    "timeline": {
        "sync_policy_minutes": 60,
        "pin_ttl_seconds": 259200,
        "sync_endpoint": "https://timeline-sync.getpebble.com/v1/sync",
        "sandbox_user_token": "https://timeline-sync.getpebble.com/v1/tokens/sandbox/$$uuid$$",
        "subscribe_to_topic": "https://timeline-api.getpebble.com/v1/user/subscriptions/$$topic_id$$",
        "subscriptions_list": "https://timeline-api.getpebble.com/v1/user/subscriptions"
    },
    "cohorts": {
        "endpoint": "https://cohorts.getpebble.com/cohort"
    },
    "voice": {
        "first_party_uuids": ["3351e678-c9c3-4299-b573-47637aebe34a"],
        "languages": [{
            "six_char_locale": "dan-DNK",
            "four_char_locale": "da_DK",
            "endpoint": "pebble-ncs-dan-DNK.nuancemobility.net"
        }, {
            "six_char_locale": "deu-DEU",
            "four_char_locale": "de_DE",
            "endpoint": "pebble-ncs-deu-DEU.nuancemobility.net"
        }, {
            "six_char_locale": "eng-AUS",
            "four_char_locale": "en_AU",
            "endpoint": "pebble-ncs-eng-AUS.nuancemobility.net"
        }, {
            "six_char_locale": "eng-GBR",
            "four_char_locale": "en_GB",
            "endpoint": "pebble-ncs-eng-GBR.nuancemobility.net"
        }, {
            "six_char_locale": "eng-USA",
            "four_char_locale": "en_US",
            "endpoint": "pebble-ncs-eng-USA.nuancemobility.net"
        }, {
            "six_char_locale": "fin-FIN",
            "four_char_locale": "fi_FI",
            "endpoint": "pebble-ncs-fin-FIN.nuancemobility.net"
        }, {
            "six_char_locale": "fra-CAN",
            "four_char_locale": "fr_CA",
            "endpoint": "pebble-ncs-fra-CAN.nuancemobility.net"
        }, {
            "six_char_locale": "fra-FRA",
            "four_char_locale": "fr_FR",
            "endpoint": "pebble-ncs-fra-FRA.nuancemobility.net"
        }, {
            "six_char_locale": "ita-ITA",
            "four_char_locale": "it_IT",
            "endpoint": "pebble-ncs-ita-ITA.nuancemobility.net"
        }, {
            "six_char_locale": "nld-NLD",
            "four_char_locale": "nl_NL",
            "endpoint": "pebble-ncs-nld-NLD.nuancemobility.net"
        }, {
            "six_char_locale": "nor-NOR",
            "four_char_locale": "nb_NO",
            "endpoint": "pebble-ncs-nor-NOR.nuancemobility.net"
        }, {
            "six_char_locale": "por-PRT",
            "four_char_locale": "pt_PT",
            "endpoint": "pebble-ncs-por-PRT.nuancemobility.net"
        }, {
            "six_char_locale": "spa-ESP",
            "four_char_locale": "es_ES",
            "endpoint": "pebble-ncs-spa-ESP.nuancemobility.net"
        }, {
            "six_char_locale": "spa-XLA",
            "four_char_locale": "es_MX",
            "endpoint": "pebble-ncs-spa-XLA.nuancemobility.net"
        }, {
            "six_char_locale": "swe-SWE",
            "four_char_locale": "sv_SE",
            "endpoint": "pebble-ncs-swe-SWE.nuancemobility.net"
        }]
    },
    "algolia": {
        "api_key": "8dbb11cdde0f4f9d7bf787e83ac955ed",
        "app_id": "BUJATNZD81",
        "index": "pebble-appstore-production"
    },
    "app_meta": {
        "force_3x_app_migration": false,
        "gcm_sender_id": "946814448057"
    },
    "support_request": {
        "email": "support@getpebble.com"
    },
    "linked_services": {
        "enabled_providers": ["att", "vzw"],
        "authorize_sessions_endpoint": "https://linked-accounts.getpebble.com/v1/providers/$$provider$$/authorize/sessions?state=$$state$$",
        "reauthorize_sessions_endpoint": "https://linked-accounts.getpebble.com/v1/providers/$$provider$$/reauthorize/sessions",
        "reauthorize_pin_send_endpoint": "https://linked-accounts.getpebble.com/v1/providers/$$provider$$/reauthorize/pin/send",
        "reauthorize_pin_verify_endpoint": "https://linked-accounts.getpebble.com/v1/providers/$$provider$$/reauthorize/pin/verify",
        "account_refresh_endpoint": "https://linked-accounts.getpebble.com/v1/providers/$$provider$$/refresh",
        "account_revoke_endpoint": "https://linked-accounts.getpebble.com/v1/providers/$$provider$$/revoke",
        "sms_send_endpoint": "https://sms-api.getpebble.com/v1/sms/actions/send/$$transaction_id$$",
        "email_action_endpoint": "https://email-actions-api.getpebble.com/v1/email/actions/$$action$$/$$transaction_id$$"
    },
    "notifications": {
        "ios_app_icons": "https://notif-app-icons.getpebble.com/ios/$$bundle_id$$/$$size$$.jpg"
    },
    "health": {
        "post_activity_endpoint": "https://health-write-api.getpebble.com/v1/activity",
        "post_settings_endpoint": "https://health-write-api.getpebble.com/v1/settings"
    }
}
}