• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Two freshly installed game apps, different developers, pulling random people's account credentials. Seems inexplicable.

Search This thread

apowe

New member
Sep 17, 2021
2
0
Tldr: Two game apps by different developers are pulling up random persons' game accounts/profiles. Fresh tablet, fresh installs, etc. It should be blank Guest profiles, but I'm insta-logged in with preexisting accounts no matter what I do.

-----

I have a new, out of the box tablet, wifi-only, unrooted, with my Google account now added. I installed several games from Google Play Store, two of which are casino apps (Caesars and DoubleU). I also installed DoubleDown, and that's not giving me any issues. All three are from different developers.

Upon opening it for the first time, Caesars loads up some old dude's account. His name, photo, and progress.

DoubleU asks if I want to log in with Facebook or play as guest.... I select Play As Guest, but alas, it then pulls up some rando's account as well (not the same old dude as Caesars).

DoubleDown acts normally as you'd expect it to.

I cleared the cache and user data for the apps, uninstalled and reinstalled the apps, deleted literally everything possibly pertinent in the file directory... it's bonkers. I clicked the "log out" options in both apps, and they boot right back into these weirdo profiles.

It's not just some weird "guest" account either... I took the coins down to a particular amount, uninstalled the game, reinstalled it, and the coins were at that same amount. So it seems to be pulling from the games' servers.

I did a little test with another tablet (unrooted, wifi-only again) that I had Caesars installed on previously (guest account, working correctly). I uninstalled it, deleted everything pertinent in the file directory, etc. Reinstalled it, and behold, it remembered my Guest progress.

I'm no expert, but my guesses for possibilities for how that happens...

1. Caesars stores the guest account data on their servers tied to some internal number unique to my device
2. Same as above, but instead of a device-specific number, they know and remember the Google account used to download the game and/or the Google account signed in on the tabet
3. There was leftover data in the root directory of the tablet that wasn't wiped by clearing data and uninstalling

Regarding the 2nd option, the app doesn't show any special permissions that would allow it to know my accounts, but maybe it does anyway. It's also important to note that the 2 tablets in question are using different Google accounts.

Of course, that was all in regards to the 2nd tablet that's behaving correctly and expectedly... No matter what method Caesars et al use to remember Guest data, it doesn't explain why I'm getting non-Guest preexisting-credentials forced into my apps on the 1st tablet. :(

Thanks for your help! This is maybe the weirdest technical issue I've ever had.
 

Droidriven

Senior Member
Jan 27, 2014
14,848
5,164
NC
Verizon Samsung Galaxy S III
HTC Thunderbolt
Tldr: Two game apps by different developers are pulling up random persons' game accounts/profiles. Fresh tablet, fresh installs, etc. It should be blank Guest profiles, but I'm insta-logged in with preexisting accounts no matter what I do.

-----

I have a new, out of the box tablet, wifi-only, unrooted, with my Google account now added. I installed several games from Google Play Store, two of which are casino apps (Caesars and DoubleU). I also installed DoubleDown, and that's not giving me any issues. All three are from different developers.

Upon opening it for the first time, Caesars loads up some old dude's account. His name, photo, and progress.

DoubleU asks if I want to log in with Facebook or play as guest.... I select Play As Guest, but alas, it then pulls up some rando's account as well (not the same old dude as Caesars).

DoubleDown acts normally as you'd expect it to.

I cleared the cache and user data for the apps, uninstalled and reinstalled the apps, deleted literally everything possibly pertinent in the file directory... it's bonkers. I clicked the "log out" options in both apps, and they boot right back into these weirdo profiles.

It's not just some weird "guest" account either... I took the coins down to a particular amount, uninstalled the game, reinstalled it, and the coins were at that same amount. So it seems to be pulling from the games' servers.

I did a little test with another tablet (unrooted, wifi-only again) that I had Caesars installed on previously (guest account, working correctly). I uninstalled it, deleted everything pertinent in the file directory, etc. Reinstalled it, and behold, it remembered my Guest progress.

I'm no expert, but my guesses for possibilities for how that happens...

1. Caesars stores the guest account data on their servers tied to some internal number unique to my device
2. Same as above, but instead of a device-specific number, they know and remember the Google account used to download the game and/or the Google account signed in on the tabet
3. There was leftover data in the root directory of the tablet that wasn't wiped by clearing data and uninstalling

Regarding the 2nd option, the app doesn't show any special permissions that would allow it to know my accounts, but maybe it does anyway. It's also important to note that the 2 tablets in question are using different Google accounts.

Of course, that was all in regards to the 2nd tablet that's behaving correctly and expectedly... No matter what method Caesars et al use to remember Guest data, it doesn't explain why I'm getting non-Guest preexisting-credentials forced into my apps on the 1st tablet. :(

Thanks for your help! This is maybe the weirdest technical issue I've ever had.
Are either of the devices pre-used before you got them?

Try clearing cache and data for app, then uninstall the app, then boot into recovery and wipe only the cache partition(s) but do not factory reset, then reboot and reinstall the game and see what happens.

Another investigative step to try is to make a backup of the apps .apk file, save it somewhere safe to be reinstalled later in this test sequence. Then, clear cache and data for the app, uninstall the app, then sign out of your Google account on your device, then reboot into recovery and wipe cache partition(s) but do not factory reset, reboot into system, do not sign in to your Google account, then use the copy of the .apk file to reinstall the app instead of installing via Playstore and see what happens.

Another thing to try is to create a dummy Google account then signin the device with the dummy account and install the game via Playstore and see what happens.
 

apowe

New member
Sep 17, 2021
2
0
Are either of the devices pre-used before you got them?

Try clearing cache and data for app, then uninstall the app, then boot into recovery and wipe only the cache partition(s) but do not factory reset, then reboot and reinstall the game and see what happens.

Another investigative step to try is to make a backup of the apps .apk file, save it somewhere safe to be reinstalled later in this test sequence. Then, clear cache and data for the app, uninstall the app, then sign out of your Google account on your device, then reboot into recovery and wipe cache partition(s) but do not factory reset, reboot into system, do not sign in to your Google account, then use the copy of the .apk file to reinstall the app instead of installing via Playstore and see what happens.

Another thing to try is to create a dummy Google account then signin the device with the dummy account and install the game via Playstore and see what happens
Both devices are brand new, never used before.

I don't have TWRP installed, so I'll do that and try your suggestions. And thanks for being detailed in the step-by-step process!!

Regarding the backup of the .apk file, that may be out of my skill range, not sure off hand... Would finding the same build on ApkMirror be sufficient?

Edit:

Just wanted to add some additional info.

I installed 2 more games created by those same developers. Slotomania (same company as Caesars) acts normally - no progress, starting from blank slate.

But Take5 (same company as DoubleU) boots me into yet another preexisting account - and not even the same person's as DoubleU does. Ugh.
 
Last edited:

Droidriven

Senior Member
Jan 27, 2014
14,848
5,164
NC
Verizon Samsung Galaxy S III
HTC Thunderbolt
Both devices are brand new, never used before.

I don't have TWRP installed, so I'll do that and try your suggestions. And thanks for being detailed in the step-by-step process!!

Regarding the backup of the .apk file, that may be out of my skill range, not sure off hand... Would finding the same build on ApkMirror be sufficient?

Edit:

Just wanted to add some additional info.

I installed 2 more games created by those same developers. Slotomania (same company as Caesars) acts normally - no progress, starting from blank slate.

But Take5 (same company as DoubleU) boots me into yet another preexisting account - and not even the same person's as DoubleU does. Ugh.
You don't have to install TWRP, you can wipe the cache partition using stock recovery.

You can backup the .apk using MiXplorer file manager app or you can download the same build from APKmirror.