Windows Phone Thoughts - Daily News, Views, Rants and Raves

Check out the hottest Windows Mobile devices at our Expansys store!


Digital Home Thoughts

Loading feed...

Laptop Thoughts

Loading feed...

Android Thoughts

Loading feed...




Go Back   Thoughts Media Forums > WINDOWS PHONE THOUGHTS > Windows Phone Developer

Reply
 
Thread Tools Display Modes
  #1  
Old 11-16-2010, 01:00 AM
Nurhisham Hussein
Contributing Editor
Nurhisham Hussein's Avatar
Join Date: Feb 2007
Posts: 3,111
Default Marketplace Mayhem

http://www.slashgear.com/windows-ph...r-all-12113904/

"At this very moment, it is possible for any Joe Schmo to go over to Microsoft's server and download all of Windows Phone 7 XAP application packages without the need of a WP7 device or Zune Desktop software. This is possible because Zune software uses ATOM XML feed to grab application info, so it's just a matter of diving into the code to find the XAP package address and download it directly."

Yikes! This is probably the last thing Microsoft wants to see. The implication of this is that every app's source code is laid bare for anyone without any scruples. Developer support is one of the main foundations for WP7s success so let's hope this gets fixed soon.

__________________
"A planner is a gentle man, with neither sword nor pistol.
He walks along most daintily, because his balls are crystal."
 
Reply With Quote
  #2  
Old 11-16-2010, 04:27 AM
ptyork
Sage
Join Date: Jul 2005
Posts: 639

If they aren't obfuscating their code then they don't care about it being stolen. To me, this is less a problem with Microsoft's servers and more a problem of developers simply not understanding the .Net platform. This is no different than it is on the PC. Well, actually it IS different. You have to somehow discover the address of feed in order to download the XAP package. So it is MUCH better than on the PC, where you can take any non-obfuscated .Net EXE or DLL from any folder on your hard disk and walk away with source code.

And for what it's worth, it is a reconstruction of the source code created by reverse compiling a binary. It isn't perfect by any means. I don't think there's gonna be much thieving of code happening due to this "breach".
 
Reply With Quote
  #3  
Old 11-16-2010, 05:05 AM
BobbyCannon
Pupil
Join Date: Apr 2007
Posts: 33
Send a message via MSN to BobbyCannon

Quote:
Originally Posted by ptyork View Post
If they aren't obfuscating their code then they don't care about it being stolen. To me, this is less a problem with Microsoft's servers and more a problem of developers simply not understanding the .Net platform. This is no different than it is on the PC. Well, actually it IS different. You have to somehow discover the address of feed in order to download the XAP package. So it is MUCH better than on the PC, where you can take any non-obfuscated .Net EXE or DLL from any folder on your hard disk and walk away with source code.

And for what it's worth, it is a reconstruction of the source code created by reverse compiling a binary. It isn't perfect by any means. I don't think there's gonna be much thieving of code happening due to this "breach".
Nicely put.

Basically nothing is new here. If you want to make it somewhat harder to decompile you can obfuscate. However this doesn't make it impossible to decompile but just a little harder.
__________________
Bobby Cannon
[email protected]
http://www.sharpdeck.net
 
Reply With Quote
  #4  
Old 11-16-2010, 06:15 AM
Jason Dunn
Executive Editor
Jason Dunn's Avatar
Join Date: Aug 2006
Posts: 29,160

Quote:
Originally Posted by ptyork View Post
If they aren't obfuscating their code then they don't care about it being stolen. To me, this is less a problem with Microsoft's servers and more a problem of developers simply not understanding the .Net platform.
It might not be that clear cut; I read somewhere that the obfuscation tools for WP7 weren't available until *after* the marketplace launch. If that's true, then you can't really blame the developers - they didn't have the tools to do what they needed to do.
__________________
Want to contact me personally? Use this. Want to read my personal blog? Check it out. Want to follow me on Twitter? Here you go.
 
Reply With Quote
  #5  
Old 11-16-2010, 02:12 PM
landslide
Pupil
Join Date: Oct 2006
Posts: 15

LOL... Obfuscation in general will slow an application down, on these little ARM devices it will be more significant than on a desktop/serve...

Note that this is no different on Android with baksamali.
 
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 07:20 PM.