<div class='os_post_top_link'><a href='http://www.slashgear.com/windows-phone-7-marketplace-glitch-allows-xap-package-download-viewable-application-source-code-for-all-12113904/' target='_blank'>http://www.slashgear.com/windows-ph...r-all-12113904/</a><br /><br /></div><p><em>"At this very moment, it is possible for any Joe Schmo to go over to Microsoft's server and download all of Windows Phone 7 XAP application packages without the need of a WP7 device or Zune Desktop software. This is possible because Zune software uses ATOM XML feed to grab application info, so it's just a matter of diving into the code to find the XAP package address and download it directly."</em></p><p><img src="http://images.thoughtsmedia.com/resizer/thumbs/size/600/wpt/auto/1289862334.usr14226.jpg" style="border: #d2d2bb 1px solid;" /></p><p>Yikes! This is probably the last thing Microsoft wants to see. The implication of this is that every app's source code is laid bare for anyone without&nbsp;any scruples. Developer support is one of the main foundations for WP7s success so let's hope this gets fixed soon.</p>

If they aren't obfuscating their code then they don't care about it being stolen. To me, this is less a problem with Microsoft's servers and more a problem of developers simply not understanding the .Net platform. This is no different than it is on the PC. Well, actually it IS different. You have to somehow discover the address of feed in order to download the XAP package. So it is MUCH better than on the PC, where you can take any non-obfuscated .Net EXE or DLL from any folder on your hard disk and walk away with source code.

And for what it's worth, it is a reconstruction of the source code created by reverse compiling a binary. It isn't perfect by any means. I don't think there's gonna be much thieving of code happening due to this "breach".

If they aren't obfuscating their code then they don't care about it being stolen. To me, this is less a problem with Microsoft's servers and more a problem of developers simply not understanding the .Net platform. This is no different than it is on the PC. Well, actually it IS different. You have to somehow discover the address of feed in order to download the XAP package. So it is MUCH better than on the PC, where you can take any non-obfuscated .Net EXE or DLL from any folder on your hard disk and walk away with source code.

And for what it's worth, it is a reconstruction of the source code created by reverse compiling a binary. It isn't perfect by any means. I don't think there's gonna be much thieving of code happening due to this "breach".

Nicely put.

Basically nothing is new here. If you want to make it somewhat harder to decompile you can obfuscate. However this doesn't make it impossible to decompile but just a little harder.

If they aren't obfuscating their code then they don't care about it being stolen. To me, this is less a problem with Microsoft's servers and more a problem of developers simply not understanding the .Net platform.

It might not be that clear cut; I read somewhere that the obfuscation tools for WP7 weren't available until *after* the marketplace launch. If that's true, then you can't really blame the developers - they didn't have the tools to do what they needed to do.

LOL... Obfuscation in general will slow an application down, on these little ARM devices it will be more significant than on a desktop/serve...

Note that this is no different on Android with baksamali.