At this very moment, it is possible for any Joe Schmo to go over to Microsoft’s server and download all of Windows Phone 7 XAP application packages without the need of a WP7 device or Zune Desktop software. This is possible because Zune software uses ATOM XML feed to grab application info, so it’s just a matter of diving into the code to find the XAP package address and download it directly. Once you’ve got the XAP package of an application, you can simply unzip it and have your way with all of that app’s assets and resources – including the source code of the app with the use of Reflector (a debugger for lots of nasty projects.)
Microsoft knows about this problem, as evidenced by their November 2010 Windows Phone Marketplace Anti-Piracy Model (.docx) which asks developers to use obfuscation tools in their apps before submitting them in the first place, but wait! What about the people who’ve already had their apps in the market for a while? They might be screwed at the moment.
You’ll notice some rather unhappy folks over in the App Hub forums, and apparently Microsoft is working on a larger solution, but check it out, MobileTechWorld has the whole solution right here, it’s so simple:
Obviously the best solution would to have the XAP encrypted but this isn’t the case yet and Microsoft isn’t saying when this will happened (it was announced a while ago). and just for your information; the XAP can’t be directly deployed to a retail WP7 phone byt can be ran in the emulator. This is a messy situation folks and many developers aren’t happy about what is going on.
[Via Mobile Tech World]