"3weeks and still down is almost unacceptable"
I share your pain, I am a customer too. But while developers *****ed .35 within few days, .39 is different. There is no one, and I mean no one in this world has ever *****ed .39 to this date, and I am talking about the entire developer community in this earth. Developers, believe it or not, is one community, though they develop their own bots. When one developer *****ed it, expect others to follow. And they are all pretty much stomped right now, and I mean, all of them!
Your news is old news. But to date, it's irrelevant anyway. No one can get banned right now because there is no third party that works, no one can get banned! Niantic pulled out their support on .35 and the only way to play Pogo is through your phone with forced updated .37. Unless someone *****ed .39, it may be the end of botting or mapping.
Here's explanation from one website:
"What you should know about what happened before 0.37.
I will explain what “breaking the API” means. The scanners and “other” applications you might be using need to see what Pokémon are at a location. The problem is however that Niantic does not want these applications to know where those Pokémon are, because they consider it cheating. These 3rd party applications will therefore try to act as if they are an actual player, the client on your phone too needs to know where the Pokémon are! The devs will try to mimic the behavior of the application and disguise the API as a player.
Every time a client/application requests where Pokémon are there is an API-request/call. What is meant by “breaking the API” is that Niantic is able to successfully distinguish an original client from any 3rd party application. This means they will not return any information about the location of Pokémon to a tampered client/application, but only to requests from an official client.
The devs will try to isolate the elements in the official client that are associated with an API-request. They will do this by carefully deconstructing the client, picking it apart: Reverse-Engineering (RE). They will then use this to build a new API.
As you can see this is an arms race/cat-mouse game: Niantic can update the client again and the devs need to build a new API. Niantic dictates this game, but force-updating too much will hurt their player base. Niantic needs to force-update to break the API because otherwise the devs could use an older outdated version of the API with success.
You might be asking yourself, “why the devs don’t just emulate the official PokémonGo client completely?”. The answer is that this would cost a tremendous amount of resources from the user. The PokémonGo client is quite recourse intensive and calling the API without the need to render 3d graphics is much more efficient. Let’s discuss what tools Niantic is using to prevent the reverse engineering of its client.
The PokémonGo client packages the API-request with a lot of information. Things such as: Your provider, OS type and version, an authentication, and even your phoneID. The information itself it is not just sent from client to server. It is, collected, computed, encrypted, hashed into what has come to be known as Unknown6, and then sent. If the sent Unknown6, does not match what is expected by the server, Niantic refuses the API-Request. All of the encryption is done by the client, and therein lies the weakness of this type of security. If the devs reverse-engineer the client so it successfully calculates Unknown6, Niantics servers will accept this request and send back the information about pokemon locations.
To do this they will first need to determine where Unknown6 is even calculated. They have already done this however, as they have been working since the release of the update, not merely since the API broke. Then there will be a part of Unknown6 that has been encrypted. This needs to be decrypted. The encryption wasn’t particularly impressive last time. It’s impossible to encrypt something very well when both ends of the encryption are known.
Simultaneously the different parts of Unknown6’s creation will need to be uncovered. Unknown6 is a computation of other Unknowns. Previously this was the most time consuming part, because Unknown6 is like the top of the iceberg. Below Unknown6 there are more Unknowns and the devs need to every one of them, which can be tedious. All of the Unknowns are encrypted (actually hashed) multiple times, which makes reverse engineering even more tedious.
The goal is to obtain a single successful API call. If the devs can make one this means the devs have successfully reverse engineered the process of requesting the API and Niantic could not easily distinguish their request from a request from the official client. Once this happens, applications such as fastpokemaps will be available again. If the devs decide to release the API all applications can be made working again."
-https://www.reddit.com/r/pokemongodev/comments/56djcm/35_api_has_been_disabled_all_3rd_party_access_is/-
