[Chugalug] Dropbox (and other Python Apps) Reverse-Engineered

Dave Brockman dave at brockmans.com
Thu Aug 29 00:55:26 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/28/2013 1:46 PM, Christopher Rimondi wrote:
> Case in point is Android Dalvik files which can easily be
> disassembled versus iOS Mach-O binaries which are incredibly
> difficult to even get the low-level assembly language code. Can it
> be done? Of course. Does that level of obfuscation help from a
> security standpoint? I think it does demonstrably. Android apps are
> routinely trojaned and back doored by bad guys and put back into
> the marketplace. iOS are almost never modified and put back. Part
> of that is due to app signing, but the level of effort required is
> ridiculous for commercial malware writers. It also helps with the
> theft of intellectual property since grabbing source on Android is
> trivial.

1) I think you severely underestimate commercial malware authors.
2) I think IOS vs Andriod has more to do with marketshare than anything
else.  If Apple gained a whole lot of marketshare in the global
market, you'd see just as much crud for the iphone... As of Q2 this
year, iphone had < 14%, Android had > 79%.  Same reason 98% of all
crud used to be written for Windows, 80+% marketshare.  That's easy
math, even for the total script kiddie....

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSHpv+AAoJEMP+wtEOVbcdY/kH/0PdSWFXes//sQ4/61ZjOKWO
gvx1/eDJFaUPYgJ2SxN7jmGU1RZgPd9qBEf6SC8WfqnYSOabdauYE2p2fIC/l6bQ
2giDZ0qPccTR+o3ihWBf6ofPGmVNoCxZJa0iYtGFbUCgMesN/Jibm8R4Vvi11YlP
INT0o8IKda9pi81KZtU+U1I0aODEpw2pBNgETrO3MTlo+RthkhRYsj9Il5r3zfMO
TjI/0j6ZQgJSF2uqf/XzH9U1TjDvh1n65pwL1WrAOd+L9i1WFd3k9rG9b4LcSTmj
l5oMHrX6QHYv1tqtzOIAjgbif3jqZvsa4oVMAy5Uc5mg8rHVTzKY6gba6krsxMM=
=WFvG
-----END PGP SIGNATURE-----


More information about the Chugalug mailing list