Reverse engineering the Albert Heijn app for fun and profit

Presented at May Contain Hackers (MCH2022), July 23, 2022, 6 p.m. (30 minutes).

The Albert Heijn, everyone (in the Netherlands at least) knows it. It's the largest supermarket chains here. They have a very extensive API. This API is not public unfortunately, but in this talk I will show you how you can reverse engineer the app to figure out how the API works and how we can use it to our advantage.

The Albert Heijn, everyone (in the Netherlands at least) knows it. It's one of the largest supermarket chains with a very extensive API. This API is not public unfortunately, but in this talk I will show you how you can reverse engineer the app to figure out how the API works and how we can use it to our advantage.

AirMiles, tracking stamps for the current saving program, receipts, personal discounts. All these can be viewed or tracked within the Albert Heijn app. But, what if you want to track your savings over time? I want my pretty Grafana dashboard gosh darn it!

This talk will go into the story behind randombonuskaart.nl (a website for a 'random' bonuskaart right when you need it), talk about how your private API is not really private and how we can use the Albert Heijn API to track various data and do tedious actions for us.

The knowledge gained from this talk can also be used with other apps, but the Albert Heijn app proves for a very good example.


Presenters:

  • Nick Bouwhuis
    Hi! I'm Nick. I'm a part-time entrepreneur and NOC engineer at Speakup, a VoIP provider based in Enschede. In my role as NOC engineer role I am responsible for Speakup's phone and IP-network. As a part-time entrepreneur I run a freelance IT and Managed Hosting business.

Links:

Similar Presentations: