And thanks to the schematic, it was also pretty easy to mod in an AUX input that replaces the cassette drive, making the stereo much more useful.

All it took was soldering in the three wires of an AUX cable into the cassette input of an audio mux and three bridges on the cassette connector to fool the unit into thinking a cassette is inserted.

Here are the instructions: https://git.my-server.in/baltpeter/repairs/-/issues/16#note_6123
I have since also successfully performed the same mod on a Volkswagen Alpha by Blaupunkt.

I especially enjoyed chasing information—after all the stereo is almost my age!

The main audio amp had a white-label part number, so I initially had no pinout—until I found a Romanian forum from 2007 explaining that it is just a TDA7376B.

And my favorite part: I even found an official schematic and board view provided by the manufacturer. Better yet: I'm allowed to distribute them, courtesy of Blaupunkt-Werke GmbH, Hildesheim! Grab a copy: https://git.my-server.in/baltpeter/repairs/-/issues/16#note_6106
How nice compared to today.

I plotted the data types against the purposes, with the size of the dot depending on the number of apps declaring the respective combination. That graph encodes a lot of information and I’ve found it to be very helpful for quickly getting a grasp of a large and diverse data set like this.

In this case, you can see that _every_ possible combination was declared by at least some apps, no matter how outrageous. That’s how I noticed the “worrying declarations” mentioned in the post.

Remember how we ignored a huge part of the request payload? I won’t bore you with the details but by trial-and-error I discovered that that is entirely irrelevant for the request and you can just leave it and a bunch of other stuff out completely.

Look at how ridiculously more simple we can make the request compared to what the Play Store website sends.

Gist: https://gist.github.com/baltpeter/97a5a921ee52253a96b7e546e41c4f4c

Now, I don’t know what all the removed values do. But I wouldn’t be surprised if they were for all tracking…

Why yes, we can! By chance, I noticed that the request payload contains a 50 near the beginning.

And what do you know? Changing that value does indeed influence the number of length of the list returned in the response.

That length seems to be capped to 660 on the server. But that’s way more than we could access before, so I’m happy.

It also just so happens to be about the length of the charts of most third-party companies. Whoops, now you don’t to pay them anymore for that. Sorry not sorry…

We’ll leave the request for a moment to look at the response.

If we again format the line with the data as JSON, and then also format the nested JSON string, we can collapse sections of the response to exploratively get an understanding of it.

Gist: https://gist.github.com/baltpeter/67c61dc9a610ccfbda78be60559813bd

Nested quite deeply in there, we find an array of entries that distinctly look like they represent the apps on our top list.

Each entry lists a bunch of metadata on the app, like ID, name, rating, category, description.

Most of the length comes from an array at the third level of the inner JSON array. If we collapse that, the payload looks a lot more approachable. We’ll treat that as a black box for now.

In fact: Those two array elements near the end look very interesting, don’t they?

`topselling_free` definitely sounds like it controls the chart. Looking at the other two requests we observed confirms this:
`topselling_free` is “Top for €0”, `topgrossing` is “Top grossing”, `topselling_paid` is “Top selling”.

But now we do actually need to tackle that unwieldy request payload.

To make it a easier to read, I’ll URL-decode it and use two nested `JSON.stringify()` calls to generate the string. Trying to understand that huge mess in your head is nigh on impossible otherwise.

After formatting the file, the JSON object is now an insane 600 lines long—wow! How many parameters can there be for fetching app top charts?!

But at least we have a chance at understanding it now.

Gist: https://gist.github.com/baltpeter/f37a7236c325deb25e23d01c2e7e6ada