This whole thread is making me see red, thanks to people spouting off without knowing what they're talking about. I guess it's just an emotional topic.
I was going to make the same point as you about "Reengineering itself is an illegal use". But since you beat me to it, I'll point out that there are exceptions, both internationally, and under DCMA. And it violates many licenses -- though whether those terms are enforceable is dubious at best. But your core point is correct. This is NOT an inherently illegal OR immoral activity. That's pure fantasy. In no other field would anybody even dream such a thing, but for some reason, this field, it's a common fantasy, and occasional reality. The root problem here, I believe, is that a lot of developers have completely unrealistic expectations of how hard it is to reverse engineer something. -o2 compiled NDK code? Hah. People have reverse engineered entire operating systems, both from optimized high-level code and hand-coded assembler. Proguard is a good thing. It does a LOT more than just rename things, it also optimizes the byte codes, in ways that make it harder for decompilers. There are a lot of reasons to use it on a mobile platform -- but speed and size top the list, and inhibiting reverse engineering is way down on the list. Even on first exposure, it's not too hard to make sense of Dalvik byte codes. If someone REALLY is seriously interested in reverse engineering your application, they can write their own tool. But reverse engineering is hard work nonetheless. It's not often done wholesale as a piracy technique. Rebranding is so much simpler. Or reverse engineering the licensing checks. The main reason *I* have used such tools with Java is to track down problems -- including a few compiler problems. More often, the answer has been that the code we thought was running, wasn't actually the code we thought was included. But by far the biggest use is to identify problems with third-party libraries -- sometimes our fault, sometimes theirs. I've used the reverse engineering tools supplied with the Android SDK to look at the resources included in Google's own non-open-source applications. Yup, pulled them right off the phone with adb and ran aapt to reconstruct the original XML content., modulo comments, etc. Ran dexdump to disassemble the code, too. All part of the sdk. And pulling apart the .apk into its pieces happens to be built into my OS, once I told it what format it was. Make no mistake -- there are black-hat tools. But this is VERY CLEARLY not one. On May 11, 10:17 am, Raymond Ingles <[email protected]> wrote: > On Tue, May 11, 2010 at 12:00 PM, Nathan <[email protected]> wrote: > > "It is a tool for reengineering 3rd party, closed, binary Android > > apps." > > > "It is NOT intended for piracy and other non-legal uses. It could be > > used for localizing, adding some features or support for custom > > platforms and other GOOD purposes." > > > Baloney. Reengineering itself is an illegal use. > > Actually, reverse engineering itself is not illegal in the United > States and in many other countries. > > > There is no GOOD > > purpose it should be used for. It is a piracy tool pure and simple. > > Interoperating with existing code, learning coding techniques (and > using non-patented ones), security auditing, etc. (Don't dismiss > security auditing - google up "android malicious app droid09" for an > example...) > > Now, it may well be that the authors really did intend the tool to be > for piracy and not any of the legitimate uses it may be put to. But > you can't conclude that simply from the fact that they produced the > tool itself. > > Of course, application developers are free to obfuscate or otherwise > make reverse engineering as difficult as they like, too. > > -- > You received this message because you are subscribed to the Google > Groups "Android Developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group > athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
