Microsoft has updated AppHub portal last week. New name has been introduced – Dev Center and some new functionalities have been added. The portal works much faster now.
Let’s back to the main issue. With the new portal XAP files encryption has been introduced. From the perspective of end users the change is rather cosmetic and should not be noticed.
However, if we look from developers (creating applications on Windows Phone) point of view this change seems to be very important. Until recently, developers were exposed on solution theft. Only few steps were required for that purpose:
- installing of one of well know application for XAP downloading,
- downloading of XAP file to disk,
- changing extension from XAP to ZIP,
- unpacking ZIP file and disassembling files from archive.
After obtaining provided steps you gain access to application source code. These actions allowed two things. Firstly, the person making the attack was able to remove the security of paid applications and install them as free on phone. Secondly, somebody could publish an application which is a clone of our application. This scenario is more dangerous. In one moment our idea and the time spent on application development is stolen.
The answer for the second scenario is turning on encryption for all downloaded XAPs from Windows Phone Marketplace. Now, after downloading the XAP file and changing extension to ZIP we will not be able to see anything. Even more we will not be able to open the file.
To sum up – very good idea but we have to wait too long for its realization. I wonder how long it will take to brake the proposed protection.