5.3 KiB
How to get an infinite amount SPAR Jokers
Austian retailer SPAR has released an relatively privacy-friendly discount app back in 2023. The user of the respective app can get so called -25% Jokers. Those jokers however are limited to 4 items and take some time to become available again, similar to their analoge counterpart. However due to the afformentioned privacy-friendliness of this particular app, unlike many other shopping apps it doesn't need an account to verify that the jokers are only used once by a customer within a certain timeframe. This is due to the information, whether one or multiple jokers have been used does appere to only be stored only locally on your phone. This fact makes the exploit explained in the following chapters possible as of April 2025.
Things to consider
While the basic exploit only takes a few steps to perform, it should be mentioned, performing it will cause the loss of all digital receipts saved within the app, any configurations you've done on the app, as well as the "Saved so far in 202x"-amount. You'll also recieve a new customer ID in the form of the bar code you'd scan at checkout, however this can be considered a positive, if you are concerned about fingerprinting. As for digital receipts, a feature I've been using myself quite often, you can export them as a PDF within the app using the export button.
Unfortunately there's currently no mass-export feature so you have to do this with each individual receipt.
Performing of the exploit
The following writeup has been tested to on Android 13, 14 and 15, with the particular version shown within screenshots being LineageOS 22.1 (Android 15) on a Fairphone 3+ with the system language set to English (Austria) - yes, this language is a thing within the Android OS. Depending on phones vendor and firmware the menus may look a bit different, but the overall layout and provided options should be similar enough. The exploit should be doable on iOS as well, however I currently have no feasable way of testing this¹ yet.
- Before starting we have no Jokers left. This is very sad, of course and we should seek a remedy for this.
- Locate the Spar app on your home screen or within your app drawer
- Long-press the app icon until a context menu pops up
- Within this context menu, select the option "App info"
- Select the option "Storage and cache" in the now displayed info screen
- Press "Clear Storage"
- Confirm the prompt, that you want to delete all data
- Now open the app, skip the app tutorial and agree to the TOS once more
- All done. The jokers should be restored.
Alternatively you also could uninstall and reinstall the app every time, however I find this more tedious and time consuming than just doing the afformentioned steps.
More stuff to come
I'll try to soon get around asking people who use iOS to test this exploit themselves, so I can verify the validity of this exploit on iOS devices. A writeup on performing this exploit on iOS is found here, if it's already available by the time you read this. I'm also planing to take a closer look at how the data of the app is stored, this might be useful to e.g. mass export digital reciepts or to keep configurations, while reseting the jokers and customer ID.