Should I let a company know I've reverse engineered and rebuilt their app? [closed]Should I mention I've reversed engineered games of the company I interview at?How do I sell to the company I'm employed something I have previously madeHow do I approach my employer about purchasing a canceled project?Put under a lot of development pressure in a non-developer position, how do I ask for a merit increase?I'm technical referent but I lost the lead for technical decisionsShould I mention I've reversed engineered games of the company I interview at?
Think of the one you can`t see
How to write numbers in the form of using foreach or ...?
What feature could divide the world in two halves and what would be the climate implications?
delete specific character "[" from a file
Why do Muslim refugees seek asylum in Europe and not in rich countries in the Middle East?
Is this a pure function?
In a topological space, if a subset is both closed and open then is the toplogy discrete?
Does anyone know a basepoint-free construction of universal covers?
Object Oriented Programming - how to avoid duplication in processes that differ slightly depending on a variable
Does any country have free college & open admissions?
Impact wrench on spark plugs?
Horizontally mirror a brainflak program
What DC should I use for someone trying to survive indefinitely solely with an alchemy jug as their only source of food and water? (survival campaign)
At what point in time would humans notice a 21st century satellite observing them?
Can anyone give me feedback this encryption program?
What is the maximum number of squares 8 queens and 8 nightriders can attack on a 16x16 board?
Unexpected Code Coverage Reduction
Was there a clearly identifiable "first computer" to use or demonstrate the use of virtual memory?
I have stack-exchanged through my undergrad math program. Am I likely to succeed in mathematics PhD programs?
Does knowledge of data structure compromise AES encryption?
How did we arrive at Major/Minor tonality, and why did we settle on it?
Which battle was the most lopsided result in terms of casualties?
Identify the Eeveelutions
Some doubts about SQL Injection examples, how exactly works?
Should I let a company know I've reverse engineered and rebuilt their app? [closed]
Should I mention I've reversed engineered games of the company I interview at?How do I sell to the company I'm employed something I have previously madeHow do I approach my employer about purchasing a canceled project?Put under a lot of development pressure in a non-developer position, how do I ask for a merit increase?I'm technical referent but I lost the lead for technical decisionsShould I mention I've reversed engineered games of the company I interview at?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;
There is a company that provides great services, but their mobile app just sucks. Over the past few months I've spent some time to reverse engineer their app and build my own. I am a client of theirs and I rebuilt this app just for my own personal use. I have no intention to publish it.
Is it a bad idea to let them know I've done this? Could I potentially try to sell it or license it to them, or maybe show it during the interview in case I ever decide to apply for a job at their company?
Please keep in mind that this company is in the financial services industry.
software-industry
asked Jul 30 at 0:45
acidstorkacidstork
1881 gold badge2 silver badges3 bronze badges
closed as off-topic by gnat, Philipp, IDrinkandIKnowThings, mhoran_psprep, Nimesh Neema Jul 31 at 0:07
- This question does not appear to be about the workplace within the scope defined in the help center.
|
show 6 more comments
There is a company that provides great services, but their mobile app just sucks. Over the past few months I've spent some time to reverse engineer their app and build my own. I am a client of theirs and I rebuilt this app just for my own personal use. I have no intention to publish it.
Is it a bad idea to let them know I've done this? Could I potentially try to sell it or license it to them, or maybe show it during the interview in case I ever decide to apply for a job at their company?
Please keep in mind that this company is in the financial services industry.
software-industry
asked Jul 30 at 0:45
acidstorkacidstork
1881 gold badge2 silver badges3 bronze badges
closed as off-topic by gnat, Philipp, IDrinkandIKnowThings, mhoran_psprep, Nimesh Neema Jul 31 at 0:07
- This question does not appear to be about the workplace within the scope defined in the help center.
25
Does their app come with an EULA that includes the standard “no reverse engineering” clause? Did you include proper security measures in your app to prevent leaks of users’ personal data?
– nick012000
Jul 30 at 0:58
5
Check to see if there is a standalone API product. It's possible their app uses their published API. In which case, you can cross reference your reverse engineered solution with the API. Note that reverse-engineering their product could still be in breach of your contract (and EULA), but you may be able to say you developed a product with their API.
– Gregory Currie
Jul 30 at 1:07
18
I'm voting to close this question as off-topic because it is not about a workplace related topic as described in the help center.
– Philipp
Jul 30 at 8:54
3
Possible duplicate of Should I mention I've reversed engineered games of the company I interview at?
– rkeet
Jul 30 at 9:35
9
The jurisdiction would matter here. All the scare words about EULA's are irrelevant in jurisdictions where reverse engineering is legal per se, or at least for personal use.
– MSalters
Jul 30 at 12:22
|
show 6 more comments
There is a company that provides great services, but their mobile app just sucks. Over the past few months I've spent some time to reverse engineer their app and build my own. I am a client of theirs and I rebuilt this app just for my own personal use. I have no intention to publish it.
Is it a bad idea to let them know I've done this? Could I potentially try to sell it or license it to them, or maybe show it during the interview in case I ever decide to apply for a job at their company?
Please keep in mind that this company is in the financial services industry.
software-industry
asked Jul 30 at 0:45
acidstorkacidstork
1881 gold badge2 silver badges3 bronze badges
There is a company that provides great services, but their mobile app just sucks. Over the past few months I've spent some time to reverse engineer their app and build my own. I am a client of theirs and I rebuilt this app just for my own personal use. I have no intention to publish it.
Is it a bad idea to let them know I've done this? Could I potentially try to sell it or license it to them, or maybe show it during the interview in case I ever decide to apply for a job at their company?
Please keep in mind that this company is in the financial services industry.
software-industry
software-industry
asked Jul 30 at 0:45
acidstorkacidstork
1881 gold badge2 silver badges3 bronze badges
asked Jul 30 at 0:45
acidstorkacidstork
1881 gold badge2 silver badges3 bronze badges
asked Jul 30 at 0:45
acidstorkacidstork
1881 gold badge2 silver badges3 bronze badges
asked Jul 30 at 0:45
acidstorkacidstork
1881 gold badge2 silver badges3 bronze badges
asked Jul 30 at 0:45
acidstorkacidstork
1881 gold badge2 silver badges3 bronze badges
1881 gold badge2 silver badges3 bronze badges
closed as off-topic by gnat, Philipp, IDrinkandIKnowThings, mhoran_psprep, Nimesh Neema Jul 31 at 0:07
- This question does not appear to be about the workplace within the scope defined in the help center.
closed as off-topic by gnat, Philipp, IDrinkandIKnowThings, mhoran_psprep, Nimesh Neema Jul 31 at 0:07
- This question does not appear to be about the workplace within the scope defined in the help center.
closed as off-topic by gnat, Philipp, IDrinkandIKnowThings, mhoran_psprep, Nimesh Neema Jul 31 at 0:07
- This question does not appear to be about the workplace within the scope defined in the help center.
25
Does their app come with an EULA that includes the standard “no reverse engineering” clause? Did you include proper security measures in your app to prevent leaks of users’ personal data?
– nick012000
Jul 30 at 0:58
5
Check to see if there is a standalone API product. It's possible their app uses their published API. In which case, you can cross reference your reverse engineered solution with the API. Note that reverse-engineering their product could still be in breach of your contract (and EULA), but you may be able to say you developed a product with their API.
– Gregory Currie
Jul 30 at 1:07
18
I'm voting to close this question as off-topic because it is not about a workplace related topic as described in the help center.
– Philipp
Jul 30 at 8:54
3
Possible duplicate of Should I mention I've reversed engineered games of the company I interview at?
– rkeet
Jul 30 at 9:35
9
The jurisdiction would matter here. All the scare words about EULA's are irrelevant in jurisdictions where reverse engineering is legal per se, or at least for personal use.
– MSalters
Jul 30 at 12:22
|
show 6 more comments
25
Does their app come with an EULA that includes the standard “no reverse engineering” clause? Did you include proper security measures in your app to prevent leaks of users’ personal data?
– nick012000
Jul 30 at 0:58
5
Check to see if there is a standalone API product. It's possible their app uses their published API. In which case, you can cross reference your reverse engineered solution with the API. Note that reverse-engineering their product could still be in breach of your contract (and EULA), but you may be able to say you developed a product with their API.
– Gregory Currie
Jul 30 at 1:07
18
I'm voting to close this question as off-topic because it is not about a workplace related topic as described in the help center.
– Philipp
Jul 30 at 8:54
3
Possible duplicate of Should I mention I've reversed engineered games of the company I interview at?
– rkeet
Jul 30 at 9:35
9
The jurisdiction would matter here. All the scare words about EULA's are irrelevant in jurisdictions where reverse engineering is legal per se, or at least for personal use.
– MSalters
Jul 30 at 12:22
25
25
Does their app come with an EULA that includes the standard “no reverse engineering” clause? Did you include proper security measures in your app to prevent leaks of users’ personal data?
– nick012000
Jul 30 at 0:58
Does their app come with an EULA that includes the standard “no reverse engineering” clause? Did you include proper security measures in your app to prevent leaks of users’ personal data?
– nick012000
Jul 30 at 0:58
5
5
Check to see if there is a standalone API product. It's possible their app uses their published API. In which case, you can cross reference your reverse engineered solution with the API. Note that reverse-engineering their product could still be in breach of your contract (and EULA), but you may be able to say you developed a product with their API.
– Gregory Currie
Jul 30 at 1:07
Check to see if there is a standalone API product. It's possible their app uses their published API. In which case, you can cross reference your reverse engineered solution with the API. Note that reverse-engineering their product could still be in breach of your contract (and EULA), but you may be able to say you developed a product with their API.
– Gregory Currie
Jul 30 at 1:07
18
18
I'm voting to close this question as off-topic because it is not about a workplace related topic as described in the help center.
– Philipp
Jul 30 at 8:54
I'm voting to close this question as off-topic because it is not about a workplace related topic as described in the help center.
– Philipp
Jul 30 at 8:54
3
3
Possible duplicate of Should I mention I've reversed engineered games of the company I interview at?
– rkeet
Jul 30 at 9:35
Possible duplicate of Should I mention I've reversed engineered games of the company I interview at?
– rkeet
Jul 30 at 9:35
9
9
The jurisdiction would matter here. All the scare words about EULA's are irrelevant in jurisdictions where reverse engineering is legal per se, or at least for personal use.
– MSalters
Jul 30 at 12:22
The jurisdiction would matter here. All the scare words about EULA's are irrelevant in jurisdictions where reverse engineering is legal per se, or at least for personal use.
– MSalters
Jul 30 at 12:22
|
show 6 more comments
6 Answers
6
active
oldest
votes
Is it a bad idea to let them know I've done this?
It's a terrible idea (unless you asked for and received permission beforehand).
Could I potentially try to sell it or license it to them, or maybe
show it during the interview in case I ever decide to apply for a job
at their company?
You want to sell them their own mobile app?
Talk to your lawyer before even thinking about doing this.
Please keep in mind that this company is in the financial services
industry.
Even more reason to remain silent. Financial Services company tend not to fool around much.
answered Jul 30 at 0:51
Joe StrazzereJoe Strazzere
279k147 gold badges839 silver badges1151 bronze badges
7
Given PSD2 I'm not sure if this is correct at least in the EU. If he's simply using their APIs that have to be public anyhow, this should be fine and actually one of the reasons behind the directive.
– Voo
Jul 30 at 9:42
64
This answer contains lots of statements, but little backing them up. Why not explain why you thinkit's a terrible idea?
– Matsemann
Jul 30 at 11:09
7
Legality is a red herring, and can't be addressed in this question since we have no idea about the jurisdiction. The impression it will make on the interviewers is, in my opinion, the answerable component, and Joe answered it well. As a hiring manager for software developers at a financial institution, I can confidently say that a candidate showing me that they had tried to reverse-engineer our mobile app would be an awkward deal breaker at best, and would result in a report to our fraud team, if there was any appearance that they'd actually tried to make it functional (vs just a mockup)
– dwizum
Jul 30 at 13:25
12
"You want to sell them their own mobile app?" - It's not their app, it's his. He wrote it, after all. It might well be a derivative work by copyright law (depending on how careful he was when reverse engineering), it might violate the EULA, and it might infringe on their trademarks, and the whole thing is probably asking for trouble, but I don't see how you can claim it's "theirs".
– marcelm
Jul 30 at 13:30
9
@dwizum "... and would result in a report to our fraud team ..." - For what fraud?
– marcelm
Jul 30 at 13:30
|
show 14 more comments
Don't share the app - but if thoughtfully done, you can share ideas for the better interface
Depending on their priorities, companies may or may not focus on all aspects of the tool they are providing. Coming up with a good UI can be challenging in niche industries. The way I see it, you are a customer who felt pained by the existing interface, and rather than just cribbing about it, were able to reverse engineer and build a better solution. However, Your innovation is limited to the better interface, and not to the core backend or APIs that the app is using, or the features that it may be providing.
Is it a bad idea to let them know I've done this? Could I potentially try to sell it or license it to them
So yes, publishing the app / reselling it back / even sharing it among friends / letting them know is a terrible idea like others have pointed out, both for being unethical and illegal.
IANAL, but most apps have a terms of use or about section or legal EULA terms, that will declare the original app a copyrighted, trademarked product of the publisher - so you would end up violating the intellectual property laws of the land on distribution. Similarly, app stores have their own policies for such unauthorized ripoffs. Similarly, I find distributing a product that uses someone else's IP without permission unethical.
maybe show it during the interview in case I ever decide to apply for a job at their company?
However, you can share the wiremocks for the new and improved interface - using a tool such as Invision (or whatever helps you explain workflow better). This is after all a piece of your innovation. This helps let the company know that there are better ways of presenting their services to their customers. Depending on the size of the company and the kind of people involved, it can be a plus for you during interviews as well.
This is actually a common interview question for app developers, UX designers, product managers - how would you improve the existing app/product - so if you are targeting similar role, you will be at an advantage if you present the information thoughtfully.
answered Jul 30 at 1:50
mu 無mu 無
6,1922 gold badges20 silver badges37 bronze badges
8
"... for being unethical and illegal." - Could you explain why you feel it's unethical? And why you think it's illegal?
– marcelm
Jul 30 at 13:36
5
It may be illegal because it simply violates the EULA. But I would agree that there's nothing unethical about this. First off, it should be considered whether proprietary software isn't the main unethical thing here, and moreso no-reverse-engineering clauses. But even if you take the opposite standpoint, consider intellectual property more important than freedom, and find piracy unethical because it deprives the developers of their deserved income: how could this possibly apply to the situation here? Such mobile apps aren't a product the company sells, just freeware to use services.
– leftaroundabout
Jul 30 at 14:10
6
"It may be illegal because it simply violates the EULA." - As far as I understand, violating an EULA is not illegal per se. The company could certainly kick you out as a client for violating its terms, but if they'd proceed to court, it would be a civil case, not a criminal one. For it to be illegal, there needs to be a violated law, and I'm struggling to find an applicable law for the situation as described. Perhaps one concerning circumventing security measures, but those vary wildly by jurisdiction...
– marcelm
Jul 30 at 14:24
add a comment
|
Will probably be bad, almost certainly will not be good.
If they have the slightest shred of competence as a financial firm, I can tell you now that they will not use your app.
Why? Because it will be more expensive to do security checks and reviews of the entirety of your codebase (something I'll wager you have not done yourself) than to simply reimplement the features in-house.
As for using this in a job interview, you are even less likely to get favourable results. You will be essentially pointing out that you discovered unauthorised software can access their closed services (a very serious security vulnerability) and instead of disclosing it responsibly, you let it sit around for god-knows-how-long, and you used it to your own ends. That is not a good look. In fact you are admitting to be in breach of common hacking laws (CFAA in the USA, CMA in the UK, probably a few others in other countries).
Finally, you will be admitting to breaking their TOS. That gives them grounds to give you the boot as a customer, and depending on what features your app has that isn't on the official app, may even be a very realistic course of action (e.g: if your app does something that goes against the spirit of the service, like the Casper app for Snapchat did)
answered Jul 30 at 15:09
520520
8,4981 gold badge15 silver badges38 bronze badges
It would be a vulnerability if it exposed hidden information, allowed new kinds of actions, or allowed people to do either of the previous when they otherwise couldn't. Ultimately you can't prevent people from impersonating the app, and it would be both futile and customer-hostile to try. You have to design your security model so that it isn't an issue.
– Teo Klestrup Röijezon
Jul 31 at 11:30
Also, you (the vendor) are not entitled to coordinated disclosure.
– Teo Klestrup Röijezon
Jul 31 at 11:31
@TeoKlestrupRöijezon If your service is designed only for use with an official client, the ability to build unofficial clients is indeed a problem precisely because it would allow people to build an app that "exposed hidden information, allowed new kinds of actions, or allowed people to do either of the previous when they otherwise couldn't". Casper got shut down with legal notices by the Snapchat company for this exact thing. A company in the financial sector is going to take this more seriously than Snapchat, not less.
– 520
Jul 31 at 11:40
@TeoKlestrupRöijezon "Also, you (the vendor) are not entitled to coordinated disclosure." True but if you start using said vulnerabilities yourself without permission, you are in breach of several hacking laws.
– 520
Jul 31 at 11:41
1
Wouldn't companies be thankful to people who discover vulnerabilities in their software?
– David
Aug 1 at 8:53
|
show 6 more comments
The only thing that may be worth letting them know about is potential security problems with their API. This is a financial services company, but you were able to reverse engineer the app, presumably authenticate with a service and retrieve details.
This may be a problem (hard to tell as you provide no detail of what it does) and they may thank you for details of a security issue you have found (without necessarily telling them how it was found).
Note - not all companies will thank you for this, and some may actively frown upon it (if the latter, may be an idea to look for a new provider). It's worth looking to see if they have a service to report these items before blindly making contact.
answered Jul 30 at 14:40
PaddyPaddy
4322 silver badges6 bronze badges
It's impossible to release an app where this is not possible.
– user253751
Aug 13 at 3:59
add a comment
|
You could just ask the company bosses/directors/managers if they would be happy for you to reverse engineer their app and build a much better version of it, free of charge - mentioning that you have the skills to do that and know for sure that it could be made a lot better. They will almost certainly know already that their mobile app sucks and be interested in talking to you. If they don't respond or aren't happy, just keep quiet and move on to dealing with organisations that are more likely to succeed.
My guess is that they would be a lot happier if you solved their significant problem for them and would then have a high opinion of your value as a coder. So ask if they'd be okay with it, without telling them you have already done it.
answered Jul 30 at 15:49
Geoff KendallGeoff Kendall
1193 bronze badges
add a comment
|
No. When a development team within a company develops a product they have certain tools/processes that they use to do it (including testing). If you did not use similar things then incorporating your version of the product into their organization would definitely be more expensive than them not doing anything since now they have to hire/train people to work with your way of doing things. I doubt their tech leaders would want you to essentially be dictating how they operate. There's probably a business driven reason why their app sucks like they didn't think it was worth it to invest more money in making it better and they're working on other aspects of things behind the scenes or focusing on marketing. That thinking isn't going to change because you show up and say, 'Hey pay me money and I'll give you this.'
Most likely outcome is that they would have their lawyer send you an order to stop reverse engineering stuff & to stop using what you created which puts you in a worse position than you're in now.
Your best move is to find out a legal way to have your own app service/business and use your expertise to make money there.
answered Jul 30 at 15:02
HenryMHenryM
1,5453 silver badges10 bronze badges
add a comment
|
6 Answers
6
active
oldest
votes
6 Answers
6
active
oldest
votes
active
oldest
votes
active
oldest
votes
Is it a bad idea to let them know I've done this?
It's a terrible idea (unless you asked for and received permission beforehand).
Could I potentially try to sell it or license it to them, or maybe
show it during the interview in case I ever decide to apply for a job
at their company?
You want to sell them their own mobile app?
Talk to your lawyer before even thinking about doing this.
Please keep in mind that this company is in the financial services
industry.
Even more reason to remain silent. Financial Services company tend not to fool around much.
answered Jul 30 at 0:51
Joe StrazzereJoe Strazzere
279k147 gold badges839 silver badges1151 bronze badges
7
Given PSD2 I'm not sure if this is correct at least in the EU. If he's simply using their APIs that have to be public anyhow, this should be fine and actually one of the reasons behind the directive.
– Voo
Jul 30 at 9:42
64
This answer contains lots of statements, but little backing them up. Why not explain why you thinkit's a terrible idea?
– Matsemann
Jul 30 at 11:09
7
Legality is a red herring, and can't be addressed in this question since we have no idea about the jurisdiction. The impression it will make on the interviewers is, in my opinion, the answerable component, and Joe answered it well. As a hiring manager for software developers at a financial institution, I can confidently say that a candidate showing me that they had tried to reverse-engineer our mobile app would be an awkward deal breaker at best, and would result in a report to our fraud team, if there was any appearance that they'd actually tried to make it functional (vs just a mockup)
– dwizum
Jul 30 at 13:25
12
"You want to sell them their own mobile app?" - It's not their app, it's his. He wrote it, after all. It might well be a derivative work by copyright law (depending on how careful he was when reverse engineering), it might violate the EULA, and it might infringe on their trademarks, and the whole thing is probably asking for trouble, but I don't see how you can claim it's "theirs".
– marcelm
Jul 30 at 13:30
9
@dwizum "... and would result in a report to our fraud team ..." - For what fraud?
– marcelm
Jul 30 at 13:30
|
show 14 more comments
Is it a bad idea to let them know I've done this?
It's a terrible idea (unless you asked for and received permission beforehand).
Could I potentially try to sell it or license it to them, or maybe
show it during the interview in case I ever decide to apply for a job
at their company?
You want to sell them their own mobile app?
Talk to your lawyer before even thinking about doing this.
Please keep in mind that this company is in the financial services
industry.
Even more reason to remain silent. Financial Services company tend not to fool around much.
answered Jul 30 at 0:51
Joe StrazzereJoe Strazzere
279k147 gold badges839 silver badges1151 bronze badges
7
Given PSD2 I'm not sure if this is correct at least in the EU. If he's simply using their APIs that have to be public anyhow, this should be fine and actually one of the reasons behind the directive.
– Voo
Jul 30 at 9:42
64
This answer contains lots of statements, but little backing them up. Why not explain why you thinkit's a terrible idea?
– Matsemann
Jul 30 at 11:09
7
Legality is a red herring, and can't be addressed in this question since we have no idea about the jurisdiction. The impression it will make on the interviewers is, in my opinion, the answerable component, and Joe answered it well. As a hiring manager for software developers at a financial institution, I can confidently say that a candidate showing me that they had tried to reverse-engineer our mobile app would be an awkward deal breaker at best, and would result in a report to our fraud team, if there was any appearance that they'd actually tried to make it functional (vs just a mockup)
– dwizum
Jul 30 at 13:25
12
"You want to sell them their own mobile app?" - It's not their app, it's his. He wrote it, after all. It might well be a derivative work by copyright law (depending on how careful he was when reverse engineering), it might violate the EULA, and it might infringe on their trademarks, and the whole thing is probably asking for trouble, but I don't see how you can claim it's "theirs".
– marcelm
Jul 30 at 13:30
9
@dwizum "... and would result in a report to our fraud team ..." - For what fraud?
– marcelm
Jul 30 at 13:30
|
show 14 more comments
Is it a bad idea to let them know I've done this?
It's a terrible idea (unless you asked for and received permission beforehand).
Could I potentially try to sell it or license it to them, or maybe
show it during the interview in case I ever decide to apply for a job
at their company?
You want to sell them their own mobile app?
Talk to your lawyer before even thinking about doing this.
Please keep in mind that this company is in the financial services
industry.
Even more reason to remain silent. Financial Services company tend not to fool around much.
answered Jul 30 at 0:51
Joe StrazzereJoe Strazzere
279k147 gold badges839 silver badges1151 bronze badges
Is it a bad idea to let them know I've done this?
It's a terrible idea (unless you asked for and received permission beforehand).
Could I potentially try to sell it or license it to them, or maybe
show it during the interview in case I ever decide to apply for a job
at their company?
You want to sell them their own mobile app?
Talk to your lawyer before even thinking about doing this.
Please keep in mind that this company is in the financial services
industry.
Even more reason to remain silent. Financial Services company tend not to fool around much.
answered Jul 30 at 0:51
Joe StrazzereJoe Strazzere
279k147 gold badges839 silver badges1151 bronze badges
answered Jul 30 at 0:51
Joe StrazzereJoe Strazzere
279k147 gold badges839 silver badges1151 bronze badges
answered Jul 30 at 0:51
Joe StrazzereJoe Strazzere
279k147 gold badges839 silver badges1151 bronze badges
answered Jul 30 at 0:51
Joe StrazzereJoe Strazzere
279k147 gold badges839 silver badges1151 bronze badges
279k147 gold badges839 silver badges1151 bronze badges
7
Given PSD2 I'm not sure if this is correct at least in the EU. If he's simply using their APIs that have to be public anyhow, this should be fine and actually one of the reasons behind the directive.
– Voo
Jul 30 at 9:42
64
This answer contains lots of statements, but little backing them up. Why not explain why you thinkit's a terrible idea?
– Matsemann
Jul 30 at 11:09
7
Legality is a red herring, and can't be addressed in this question since we have no idea about the jurisdiction. The impression it will make on the interviewers is, in my opinion, the answerable component, and Joe answered it well. As a hiring manager for software developers at a financial institution, I can confidently say that a candidate showing me that they had tried to reverse-engineer our mobile app would be an awkward deal breaker at best, and would result in a report to our fraud team, if there was any appearance that they'd actually tried to make it functional (vs just a mockup)
– dwizum
Jul 30 at 13:25
12
"You want to sell them their own mobile app?" - It's not their app, it's his. He wrote it, after all. It might well be a derivative work by copyright law (depending on how careful he was when reverse engineering), it might violate the EULA, and it might infringe on their trademarks, and the whole thing is probably asking for trouble, but I don't see how you can claim it's "theirs".
– marcelm
Jul 30 at 13:30
9
@dwizum "... and would result in a report to our fraud team ..." - For what fraud?
– marcelm
Jul 30 at 13:30
|
show 14 more comments
7
Given PSD2 I'm not sure if this is correct at least in the EU. If he's simply using their APIs that have to be public anyhow, this should be fine and actually one of the reasons behind the directive.
– Voo
Jul 30 at 9:42
64
This answer contains lots of statements, but little backing them up. Why not explain why you thinkit's a terrible idea?
– Matsemann
Jul 30 at 11:09
7
Legality is a red herring, and can't be addressed in this question since we have no idea about the jurisdiction. The impression it will make on the interviewers is, in my opinion, the answerable component, and Joe answered it well. As a hiring manager for software developers at a financial institution, I can confidently say that a candidate showing me that they had tried to reverse-engineer our mobile app would be an awkward deal breaker at best, and would result in a report to our fraud team, if there was any appearance that they'd actually tried to make it functional (vs just a mockup)
– dwizum
Jul 30 at 13:25
12
"You want to sell them their own mobile app?" - It's not their app, it's his. He wrote it, after all. It might well be a derivative work by copyright law (depending on how careful he was when reverse engineering), it might violate the EULA, and it might infringe on their trademarks, and the whole thing is probably asking for trouble, but I don't see how you can claim it's "theirs".
– marcelm
Jul 30 at 13:30
9
@dwizum "... and would result in a report to our fraud team ..." - For what fraud?
– marcelm
Jul 30 at 13:30
7
7
Given PSD2 I'm not sure if this is correct at least in the EU. If he's simply using their APIs that have to be public anyhow, this should be fine and actually one of the reasons behind the directive.
– Voo
Jul 30 at 9:42
Given PSD2 I'm not sure if this is correct at least in the EU. If he's simply using their APIs that have to be public anyhow, this should be fine and actually one of the reasons behind the directive.
– Voo
Jul 30 at 9:42
64
64
This answer contains lots of statements, but little backing them up. Why not explain why you think
it's a terrible idea?– Matsemann
Jul 30 at 11:09
This answer contains lots of statements, but little backing them up. Why not explain why you think
it's a terrible idea?– Matsemann
Jul 30 at 11:09
7
7
Legality is a red herring, and can't be addressed in this question since we have no idea about the jurisdiction. The impression it will make on the interviewers is, in my opinion, the answerable component, and Joe answered it well. As a hiring manager for software developers at a financial institution, I can confidently say that a candidate showing me that they had tried to reverse-engineer our mobile app would be an awkward deal breaker at best, and would result in a report to our fraud team, if there was any appearance that they'd actually tried to make it functional (vs just a mockup)
– dwizum
Jul 30 at 13:25
Legality is a red herring, and can't be addressed in this question since we have no idea about the jurisdiction. The impression it will make on the interviewers is, in my opinion, the answerable component, and Joe answered it well. As a hiring manager for software developers at a financial institution, I can confidently say that a candidate showing me that they had tried to reverse-engineer our mobile app would be an awkward deal breaker at best, and would result in a report to our fraud team, if there was any appearance that they'd actually tried to make it functional (vs just a mockup)
– dwizum
Jul 30 at 13:25
12
12
"You want to sell them their own mobile app?" - It's not their app, it's his. He wrote it, after all. It might well be a derivative work by copyright law (depending on how careful he was when reverse engineering), it might violate the EULA, and it might infringe on their trademarks, and the whole thing is probably asking for trouble, but I don't see how you can claim it's "theirs".
– marcelm
Jul 30 at 13:30
"You want to sell them their own mobile app?" - It's not their app, it's his. He wrote it, after all. It might well be a derivative work by copyright law (depending on how careful he was when reverse engineering), it might violate the EULA, and it might infringe on their trademarks, and the whole thing is probably asking for trouble, but I don't see how you can claim it's "theirs".
– marcelm
Jul 30 at 13:30
9
9
@dwizum "... and would result in a report to our fraud team ..." - For what fraud?
– marcelm
Jul 30 at 13:30
@dwizum "... and would result in a report to our fraud team ..." - For what fraud?
– marcelm
Jul 30 at 13:30
|
show 14 more comments
Don't share the app - but if thoughtfully done, you can share ideas for the better interface
Depending on their priorities, companies may or may not focus on all aspects of the tool they are providing. Coming up with a good UI can be challenging in niche industries. The way I see it, you are a customer who felt pained by the existing interface, and rather than just cribbing about it, were able to reverse engineer and build a better solution. However, Your innovation is limited to the better interface, and not to the core backend or APIs that the app is using, or the features that it may be providing.
Is it a bad idea to let them know I've done this? Could I potentially try to sell it or license it to them
So yes, publishing the app / reselling it back / even sharing it among friends / letting them know is a terrible idea like others have pointed out, both for being unethical and illegal.
IANAL, but most apps have a terms of use or about section or legal EULA terms, that will declare the original app a copyrighted, trademarked product of the publisher - so you would end up violating the intellectual property laws of the land on distribution. Similarly, app stores have their own policies for such unauthorized ripoffs. Similarly, I find distributing a product that uses someone else's IP without permission unethical.
maybe show it during the interview in case I ever decide to apply for a job at their company?
However, you can share the wiremocks for the new and improved interface - using a tool such as Invision (or whatever helps you explain workflow better). This is after all a piece of your innovation. This helps let the company know that there are better ways of presenting their services to their customers. Depending on the size of the company and the kind of people involved, it can be a plus for you during interviews as well.
This is actually a common interview question for app developers, UX designers, product managers - how would you improve the existing app/product - so if you are targeting similar role, you will be at an advantage if you present the information thoughtfully.
answered Jul 30 at 1:50
mu 無mu 無
6,1922 gold badges20 silver badges37 bronze badges
8
"... for being unethical and illegal." - Could you explain why you feel it's unethical? And why you think it's illegal?
– marcelm
Jul 30 at 13:36
5
It may be illegal because it simply violates the EULA. But I would agree that there's nothing unethical about this. First off, it should be considered whether proprietary software isn't the main unethical thing here, and moreso no-reverse-engineering clauses. But even if you take the opposite standpoint, consider intellectual property more important than freedom, and find piracy unethical because it deprives the developers of their deserved income: how could this possibly apply to the situation here? Such mobile apps aren't a product the company sells, just freeware to use services.
– leftaroundabout
Jul 30 at 14:10
6
"It may be illegal because it simply violates the EULA." - As far as I understand, violating an EULA is not illegal per se. The company could certainly kick you out as a client for violating its terms, but if they'd proceed to court, it would be a civil case, not a criminal one. For it to be illegal, there needs to be a violated law, and I'm struggling to find an applicable law for the situation as described. Perhaps one concerning circumventing security measures, but those vary wildly by jurisdiction...
– marcelm
Jul 30 at 14:24
add a comment
|
Don't share the app - but if thoughtfully done, you can share ideas for the better interface
Depending on their priorities, companies may or may not focus on all aspects of the tool they are providing. Coming up with a good UI can be challenging in niche industries. The way I see it, you are a customer who felt pained by the existing interface, and rather than just cribbing about it, were able to reverse engineer and build a better solution. However, Your innovation is limited to the better interface, and not to the core backend or APIs that the app is using, or the features that it may be providing.
Is it a bad idea to let them know I've done this? Could I potentially try to sell it or license it to them
So yes, publishing the app / reselling it back / even sharing it among friends / letting them know is a terrible idea like others have pointed out, both for being unethical and illegal.
IANAL, but most apps have a terms of use or about section or legal EULA terms, that will declare the original app a copyrighted, trademarked product of the publisher - so you would end up violating the intellectual property laws of the land on distribution. Similarly, app stores have their own policies for such unauthorized ripoffs. Similarly, I find distributing a product that uses someone else's IP without permission unethical.
maybe show it during the interview in case I ever decide to apply for a job at their company?
However, you can share the wiremocks for the new and improved interface - using a tool such as Invision (or whatever helps you explain workflow better). This is after all a piece of your innovation. This helps let the company know that there are better ways of presenting their services to their customers. Depending on the size of the company and the kind of people involved, it can be a plus for you during interviews as well.
This is actually a common interview question for app developers, UX designers, product managers - how would you improve the existing app/product - so if you are targeting similar role, you will be at an advantage if you present the information thoughtfully.
answered Jul 30 at 1:50
mu 無mu 無
6,1922 gold badges20 silver badges37 bronze badges
8
"... for being unethical and illegal." - Could you explain why you feel it's unethical? And why you think it's illegal?
– marcelm
Jul 30 at 13:36
5
It may be illegal because it simply violates the EULA. But I would agree that there's nothing unethical about this. First off, it should be considered whether proprietary software isn't the main unethical thing here, and moreso no-reverse-engineering clauses. But even if you take the opposite standpoint, consider intellectual property more important than freedom, and find piracy unethical because it deprives the developers of their deserved income: how could this possibly apply to the situation here? Such mobile apps aren't a product the company sells, just freeware to use services.
– leftaroundabout
Jul 30 at 14:10
6
"It may be illegal because it simply violates the EULA." - As far as I understand, violating an EULA is not illegal per se. The company could certainly kick you out as a client for violating its terms, but if they'd proceed to court, it would be a civil case, not a criminal one. For it to be illegal, there needs to be a violated law, and I'm struggling to find an applicable law for the situation as described. Perhaps one concerning circumventing security measures, but those vary wildly by jurisdiction...
– marcelm
Jul 30 at 14:24
add a comment
|
Don't share the app - but if thoughtfully done, you can share ideas for the better interface
Depending on their priorities, companies may or may not focus on all aspects of the tool they are providing. Coming up with a good UI can be challenging in niche industries. The way I see it, you are a customer who felt pained by the existing interface, and rather than just cribbing about it, were able to reverse engineer and build a better solution. However, Your innovation is limited to the better interface, and not to the core backend or APIs that the app is using, or the features that it may be providing.
Is it a bad idea to let them know I've done this? Could I potentially try to sell it or license it to them
So yes, publishing the app / reselling it back / even sharing it among friends / letting them know is a terrible idea like others have pointed out, both for being unethical and illegal.
IANAL, but most apps have a terms of use or about section or legal EULA terms, that will declare the original app a copyrighted, trademarked product of the publisher - so you would end up violating the intellectual property laws of the land on distribution. Similarly, app stores have their own policies for such unauthorized ripoffs. Similarly, I find distributing a product that uses someone else's IP without permission unethical.
maybe show it during the interview in case I ever decide to apply for a job at their company?
However, you can share the wiremocks for the new and improved interface - using a tool such as Invision (or whatever helps you explain workflow better). This is after all a piece of your innovation. This helps let the company know that there are better ways of presenting their services to their customers. Depending on the size of the company and the kind of people involved, it can be a plus for you during interviews as well.
This is actually a common interview question for app developers, UX designers, product managers - how would you improve the existing app/product - so if you are targeting similar role, you will be at an advantage if you present the information thoughtfully.
answered Jul 30 at 1:50
mu 無mu 無
6,1922 gold badges20 silver badges37 bronze badges
Don't share the app - but if thoughtfully done, you can share ideas for the better interface
Depending on their priorities, companies may or may not focus on all aspects of the tool they are providing. Coming up with a good UI can be challenging in niche industries. The way I see it, you are a customer who felt pained by the existing interface, and rather than just cribbing about it, were able to reverse engineer and build a better solution. However, Your innovation is limited to the better interface, and not to the core backend or APIs that the app is using, or the features that it may be providing.
Is it a bad idea to let them know I've done this? Could I potentially try to sell it or license it to them
So yes, publishing the app / reselling it back / even sharing it among friends / letting them know is a terrible idea like others have pointed out, both for being unethical and illegal.
IANAL, but most apps have a terms of use or about section or legal EULA terms, that will declare the original app a copyrighted, trademarked product of the publisher - so you would end up violating the intellectual property laws of the land on distribution. Similarly, app stores have their own policies for such unauthorized ripoffs. Similarly, I find distributing a product that uses someone else's IP without permission unethical.
maybe show it during the interview in case I ever decide to apply for a job at their company?
However, you can share the wiremocks for the new and improved interface - using a tool such as Invision (or whatever helps you explain workflow better). This is after all a piece of your innovation. This helps let the company know that there are better ways of presenting their services to their customers. Depending on the size of the company and the kind of people involved, it can be a plus for you during interviews as well.
This is actually a common interview question for app developers, UX designers, product managers - how would you improve the existing app/product - so if you are targeting similar role, you will be at an advantage if you present the information thoughtfully.
answered Jul 30 at 1:50
mu 無mu 無
6,1922 gold badges20 silver badges37 bronze badges
edited Jul 30 at 16:07
answered Jul 30 at 1:50
mu 無mu 無
6,1922 gold badges20 silver badges37 bronze badges
answered Jul 30 at 1:50
mu 無mu 無
6,1922 gold badges20 silver badges37 bronze badges
answered Jul 30 at 1:50
mu 無mu 無
6,1922 gold badges20 silver badges37 bronze badges
6,1922 gold badges20 silver badges37 bronze badges
8
"... for being unethical and illegal." - Could you explain why you feel it's unethical? And why you think it's illegal?
– marcelm
Jul 30 at 13:36
5
It may be illegal because it simply violates the EULA. But I would agree that there's nothing unethical about this. First off, it should be considered whether proprietary software isn't the main unethical thing here, and moreso no-reverse-engineering clauses. But even if you take the opposite standpoint, consider intellectual property more important than freedom, and find piracy unethical because it deprives the developers of their deserved income: how could this possibly apply to the situation here? Such mobile apps aren't a product the company sells, just freeware to use services.
– leftaroundabout
Jul 30 at 14:10
6
"It may be illegal because it simply violates the EULA." - As far as I understand, violating an EULA is not illegal per se. The company could certainly kick you out as a client for violating its terms, but if they'd proceed to court, it would be a civil case, not a criminal one. For it to be illegal, there needs to be a violated law, and I'm struggling to find an applicable law for the situation as described. Perhaps one concerning circumventing security measures, but those vary wildly by jurisdiction...
– marcelm
Jul 30 at 14:24
add a comment
|
8
"... for being unethical and illegal." - Could you explain why you feel it's unethical? And why you think it's illegal?
– marcelm
Jul 30 at 13:36
5
It may be illegal because it simply violates the EULA. But I would agree that there's nothing unethical about this. First off, it should be considered whether proprietary software isn't the main unethical thing here, and moreso no-reverse-engineering clauses. But even if you take the opposite standpoint, consider intellectual property more important than freedom, and find piracy unethical because it deprives the developers of their deserved income: how could this possibly apply to the situation here? Such mobile apps aren't a product the company sells, just freeware to use services.
– leftaroundabout
Jul 30 at 14:10
6
"It may be illegal because it simply violates the EULA." - As far as I understand, violating an EULA is not illegal per se. The company could certainly kick you out as a client for violating its terms, but if they'd proceed to court, it would be a civil case, not a criminal one. For it to be illegal, there needs to be a violated law, and I'm struggling to find an applicable law for the situation as described. Perhaps one concerning circumventing security measures, but those vary wildly by jurisdiction...
– marcelm
Jul 30 at 14:24
8
8
"... for being unethical and illegal." - Could you explain why you feel it's unethical? And why you think it's illegal?
– marcelm
Jul 30 at 13:36
"... for being unethical and illegal." - Could you explain why you feel it's unethical? And why you think it's illegal?
– marcelm
Jul 30 at 13:36
5
5
It may be illegal because it simply violates the EULA. But I would agree that there's nothing unethical about this. First off, it should be considered whether proprietary software isn't the main unethical thing here, and moreso no-reverse-engineering clauses. But even if you take the opposite standpoint, consider intellectual property more important than freedom, and find piracy unethical because it deprives the developers of their deserved income: how could this possibly apply to the situation here? Such mobile apps aren't a product the company sells, just freeware to use services.
– leftaroundabout
Jul 30 at 14:10
It may be illegal because it simply violates the EULA. But I would agree that there's nothing unethical about this. First off, it should be considered whether proprietary software isn't the main unethical thing here, and moreso no-reverse-engineering clauses. But even if you take the opposite standpoint, consider intellectual property more important than freedom, and find piracy unethical because it deprives the developers of their deserved income: how could this possibly apply to the situation here? Such mobile apps aren't a product the company sells, just freeware to use services.
– leftaroundabout
Jul 30 at 14:10
6
6
"It may be illegal because it simply violates the EULA." - As far as I understand, violating an EULA is not illegal per se. The company could certainly kick you out as a client for violating its terms, but if they'd proceed to court, it would be a civil case, not a criminal one. For it to be illegal, there needs to be a violated law, and I'm struggling to find an applicable law for the situation as described. Perhaps one concerning circumventing security measures, but those vary wildly by jurisdiction...
– marcelm
Jul 30 at 14:24
"It may be illegal because it simply violates the EULA." - As far as I understand, violating an EULA is not illegal per se. The company could certainly kick you out as a client for violating its terms, but if they'd proceed to court, it would be a civil case, not a criminal one. For it to be illegal, there needs to be a violated law, and I'm struggling to find an applicable law for the situation as described. Perhaps one concerning circumventing security measures, but those vary wildly by jurisdiction...
– marcelm
Jul 30 at 14:24
add a comment
|
Will probably be bad, almost certainly will not be good.
If they have the slightest shred of competence as a financial firm, I can tell you now that they will not use your app.
Why? Because it will be more expensive to do security checks and reviews of the entirety of your codebase (something I'll wager you have not done yourself) than to simply reimplement the features in-house.
As for using this in a job interview, you are even less likely to get favourable results. You will be essentially pointing out that you discovered unauthorised software can access their closed services (a very serious security vulnerability) and instead of disclosing it responsibly, you let it sit around for god-knows-how-long, and you used it to your own ends. That is not a good look. In fact you are admitting to be in breach of common hacking laws (CFAA in the USA, CMA in the UK, probably a few others in other countries).
Finally, you will be admitting to breaking their TOS. That gives them grounds to give you the boot as a customer, and depending on what features your app has that isn't on the official app, may even be a very realistic course of action (e.g: if your app does something that goes against the spirit of the service, like the Casper app for Snapchat did)
answered Jul 30 at 15:09
520520
8,4981 gold badge15 silver badges38 bronze badges
It would be a vulnerability if it exposed hidden information, allowed new kinds of actions, or allowed people to do either of the previous when they otherwise couldn't. Ultimately you can't prevent people from impersonating the app, and it would be both futile and customer-hostile to try. You have to design your security model so that it isn't an issue.
– Teo Klestrup Röijezon
Jul 31 at 11:30
Also, you (the vendor) are not entitled to coordinated disclosure.
– Teo Klestrup Röijezon
Jul 31 at 11:31
@TeoKlestrupRöijezon If your service is designed only for use with an official client, the ability to build unofficial clients is indeed a problem precisely because it would allow people to build an app that "exposed hidden information, allowed new kinds of actions, or allowed people to do either of the previous when they otherwise couldn't". Casper got shut down with legal notices by the Snapchat company for this exact thing. A company in the financial sector is going to take this more seriously than Snapchat, not less.
– 520
Jul 31 at 11:40
@TeoKlestrupRöijezon "Also, you (the vendor) are not entitled to coordinated disclosure." True but if you start using said vulnerabilities yourself without permission, you are in breach of several hacking laws.
– 520
Jul 31 at 11:41
1
Wouldn't companies be thankful to people who discover vulnerabilities in their software?
– David
Aug 1 at 8:53
|
show 6 more comments
Will probably be bad, almost certainly will not be good.
If they have the slightest shred of competence as a financial firm, I can tell you now that they will not use your app.
Why? Because it will be more expensive to do security checks and reviews of the entirety of your codebase (something I'll wager you have not done yourself) than to simply reimplement the features in-house.
As for using this in a job interview, you are even less likely to get favourable results. You will be essentially pointing out that you discovered unauthorised software can access their closed services (a very serious security vulnerability) and instead of disclosing it responsibly, you let it sit around for god-knows-how-long, and you used it to your own ends. That is not a good look. In fact you are admitting to be in breach of common hacking laws (CFAA in the USA, CMA in the UK, probably a few others in other countries).
Finally, you will be admitting to breaking their TOS. That gives them grounds to give you the boot as a customer, and depending on what features your app has that isn't on the official app, may even be a very realistic course of action (e.g: if your app does something that goes against the spirit of the service, like the Casper app for Snapchat did)
answered Jul 30 at 15:09
520520
8,4981 gold badge15 silver badges38 bronze badges
It would be a vulnerability if it exposed hidden information, allowed new kinds of actions, or allowed people to do either of the previous when they otherwise couldn't. Ultimately you can't prevent people from impersonating the app, and it would be both futile and customer-hostile to try. You have to design your security model so that it isn't an issue.
– Teo Klestrup Röijezon
Jul 31 at 11:30
Also, you (the vendor) are not entitled to coordinated disclosure.
– Teo Klestrup Röijezon
Jul 31 at 11:31
@TeoKlestrupRöijezon If your service is designed only for use with an official client, the ability to build unofficial clients is indeed a problem precisely because it would allow people to build an app that "exposed hidden information, allowed new kinds of actions, or allowed people to do either of the previous when they otherwise couldn't". Casper got shut down with legal notices by the Snapchat company for this exact thing. A company in the financial sector is going to take this more seriously than Snapchat, not less.
– 520
Jul 31 at 11:40
@TeoKlestrupRöijezon "Also, you (the vendor) are not entitled to coordinated disclosure." True but if you start using said vulnerabilities yourself without permission, you are in breach of several hacking laws.
– 520
Jul 31 at 11:41
1
Wouldn't companies be thankful to people who discover vulnerabilities in their software?
– David
Aug 1 at 8:53
|
show 6 more comments
Will probably be bad, almost certainly will not be good.
If they have the slightest shred of competence as a financial firm, I can tell you now that they will not use your app.
Why? Because it will be more expensive to do security checks and reviews of the entirety of your codebase (something I'll wager you have not done yourself) than to simply reimplement the features in-house.
As for using this in a job interview, you are even less likely to get favourable results. You will be essentially pointing out that you discovered unauthorised software can access their closed services (a very serious security vulnerability) and instead of disclosing it responsibly, you let it sit around for god-knows-how-long, and you used it to your own ends. That is not a good look. In fact you are admitting to be in breach of common hacking laws (CFAA in the USA, CMA in the UK, probably a few others in other countries).
Finally, you will be admitting to breaking their TOS. That gives them grounds to give you the boot as a customer, and depending on what features your app has that isn't on the official app, may even be a very realistic course of action (e.g: if your app does something that goes against the spirit of the service, like the Casper app for Snapchat did)
answered Jul 30 at 15:09
520520
8,4981 gold badge15 silver badges38 bronze badges
Will probably be bad, almost certainly will not be good.
If they have the slightest shred of competence as a financial firm, I can tell you now that they will not use your app.
Why? Because it will be more expensive to do security checks and reviews of the entirety of your codebase (something I'll wager you have not done yourself) than to simply reimplement the features in-house.
As for using this in a job interview, you are even less likely to get favourable results. You will be essentially pointing out that you discovered unauthorised software can access their closed services (a very serious security vulnerability) and instead of disclosing it responsibly, you let it sit around for god-knows-how-long, and you used it to your own ends. That is not a good look. In fact you are admitting to be in breach of common hacking laws (CFAA in the USA, CMA in the UK, probably a few others in other countries).
Finally, you will be admitting to breaking their TOS. That gives them grounds to give you the boot as a customer, and depending on what features your app has that isn't on the official app, may even be a very realistic course of action (e.g: if your app does something that goes against the spirit of the service, like the Casper app for Snapchat did)
answered Jul 30 at 15:09
520520
8,4981 gold badge15 silver badges38 bronze badges
edited Jul 31 at 11:46
answered Jul 30 at 15:09
520520
8,4981 gold badge15 silver badges38 bronze badges
answered Jul 30 at 15:09
520520
8,4981 gold badge15 silver badges38 bronze badges
answered Jul 30 at 15:09
520520
8,4981 gold badge15 silver badges38 bronze badges
8,4981 gold badge15 silver badges38 bronze badges
It would be a vulnerability if it exposed hidden information, allowed new kinds of actions, or allowed people to do either of the previous when they otherwise couldn't. Ultimately you can't prevent people from impersonating the app, and it would be both futile and customer-hostile to try. You have to design your security model so that it isn't an issue.
– Teo Klestrup Röijezon
Jul 31 at 11:30
Also, you (the vendor) are not entitled to coordinated disclosure.
– Teo Klestrup Röijezon
Jul 31 at 11:31
@TeoKlestrupRöijezon If your service is designed only for use with an official client, the ability to build unofficial clients is indeed a problem precisely because it would allow people to build an app that "exposed hidden information, allowed new kinds of actions, or allowed people to do either of the previous when they otherwise couldn't". Casper got shut down with legal notices by the Snapchat company for this exact thing. A company in the financial sector is going to take this more seriously than Snapchat, not less.
– 520
Jul 31 at 11:40
@TeoKlestrupRöijezon "Also, you (the vendor) are not entitled to coordinated disclosure." True but if you start using said vulnerabilities yourself without permission, you are in breach of several hacking laws.
– 520
Jul 31 at 11:41
1
Wouldn't companies be thankful to people who discover vulnerabilities in their software?
– David
Aug 1 at 8:53
|
show 6 more comments
It would be a vulnerability if it exposed hidden information, allowed new kinds of actions, or allowed people to do either of the previous when they otherwise couldn't. Ultimately you can't prevent people from impersonating the app, and it would be both futile and customer-hostile to try. You have to design your security model so that it isn't an issue.
– Teo Klestrup Röijezon
Jul 31 at 11:30
Also, you (the vendor) are not entitled to coordinated disclosure.
– Teo Klestrup Röijezon
Jul 31 at 11:31
@TeoKlestrupRöijezon If your service is designed only for use with an official client, the ability to build unofficial clients is indeed a problem precisely because it would allow people to build an app that "exposed hidden information, allowed new kinds of actions, or allowed people to do either of the previous when they otherwise couldn't". Casper got shut down with legal notices by the Snapchat company for this exact thing. A company in the financial sector is going to take this more seriously than Snapchat, not less.
– 520
Jul 31 at 11:40
@TeoKlestrupRöijezon "Also, you (the vendor) are not entitled to coordinated disclosure." True but if you start using said vulnerabilities yourself without permission, you are in breach of several hacking laws.
– 520
Jul 31 at 11:41
1
Wouldn't companies be thankful to people who discover vulnerabilities in their software?
– David
Aug 1 at 8:53
It would be a vulnerability if it exposed hidden information, allowed new kinds of actions, or allowed people to do either of the previous when they otherwise couldn't. Ultimately you can't prevent people from impersonating the app, and it would be both futile and customer-hostile to try. You have to design your security model so that it isn't an issue.
– Teo Klestrup Röijezon
Jul 31 at 11:30
It would be a vulnerability if it exposed hidden information, allowed new kinds of actions, or allowed people to do either of the previous when they otherwise couldn't. Ultimately you can't prevent people from impersonating the app, and it would be both futile and customer-hostile to try. You have to design your security model so that it isn't an issue.
– Teo Klestrup Röijezon
Jul 31 at 11:30
Also, you (the vendor) are not entitled to coordinated disclosure.
– Teo Klestrup Röijezon
Jul 31 at 11:31
Also, you (the vendor) are not entitled to coordinated disclosure.
– Teo Klestrup Röijezon
Jul 31 at 11:31
@TeoKlestrupRöijezon If your service is designed only for use with an official client, the ability to build unofficial clients is indeed a problem precisely because it would allow people to build an app that "exposed hidden information, allowed new kinds of actions, or allowed people to do either of the previous when they otherwise couldn't". Casper got shut down with legal notices by the Snapchat company for this exact thing. A company in the financial sector is going to take this more seriously than Snapchat, not less.
– 520
Jul 31 at 11:40
@TeoKlestrupRöijezon If your service is designed only for use with an official client, the ability to build unofficial clients is indeed a problem precisely because it would allow people to build an app that "exposed hidden information, allowed new kinds of actions, or allowed people to do either of the previous when they otherwise couldn't". Casper got shut down with legal notices by the Snapchat company for this exact thing. A company in the financial sector is going to take this more seriously than Snapchat, not less.
– 520
Jul 31 at 11:40
@TeoKlestrupRöijezon "Also, you (the vendor) are not entitled to coordinated disclosure." True but if you start using said vulnerabilities yourself without permission, you are in breach of several hacking laws.
– 520
Jul 31 at 11:41
@TeoKlestrupRöijezon "Also, you (the vendor) are not entitled to coordinated disclosure." True but if you start using said vulnerabilities yourself without permission, you are in breach of several hacking laws.
– 520
Jul 31 at 11:41
1
1
Wouldn't companies be thankful to people who discover vulnerabilities in their software?
– David
Aug 1 at 8:53
Wouldn't companies be thankful to people who discover vulnerabilities in their software?
– David
Aug 1 at 8:53
|
show 6 more comments
The only thing that may be worth letting them know about is potential security problems with their API. This is a financial services company, but you were able to reverse engineer the app, presumably authenticate with a service and retrieve details.
This may be a problem (hard to tell as you provide no detail of what it does) and they may thank you for details of a security issue you have found (without necessarily telling them how it was found).
Note - not all companies will thank you for this, and some may actively frown upon it (if the latter, may be an idea to look for a new provider). It's worth looking to see if they have a service to report these items before blindly making contact.
answered Jul 30 at 14:40
PaddyPaddy
4322 silver badges6 bronze badges
It's impossible to release an app where this is not possible.
– user253751
Aug 13 at 3:59
add a comment
|
The only thing that may be worth letting them know about is potential security problems with their API. This is a financial services company, but you were able to reverse engineer the app, presumably authenticate with a service and retrieve details.
This may be a problem (hard to tell as you provide no detail of what it does) and they may thank you for details of a security issue you have found (without necessarily telling them how it was found).
Note - not all companies will thank you for this, and some may actively frown upon it (if the latter, may be an idea to look for a new provider). It's worth looking to see if they have a service to report these items before blindly making contact.
answered Jul 30 at 14:40
PaddyPaddy
4322 silver badges6 bronze badges
It's impossible to release an app where this is not possible.
– user253751
Aug 13 at 3:59
add a comment
|
The only thing that may be worth letting them know about is potential security problems with their API. This is a financial services company, but you were able to reverse engineer the app, presumably authenticate with a service and retrieve details.
This may be a problem (hard to tell as you provide no detail of what it does) and they may thank you for details of a security issue you have found (without necessarily telling them how it was found).
Note - not all companies will thank you for this, and some may actively frown upon it (if the latter, may be an idea to look for a new provider). It's worth looking to see if they have a service to report these items before blindly making contact.
answered Jul 30 at 14:40
PaddyPaddy
4322 silver badges6 bronze badges
The only thing that may be worth letting them know about is potential security problems with their API. This is a financial services company, but you were able to reverse engineer the app, presumably authenticate with a service and retrieve details.
This may be a problem (hard to tell as you provide no detail of what it does) and they may thank you for details of a security issue you have found (without necessarily telling them how it was found).
Note - not all companies will thank you for this, and some may actively frown upon it (if the latter, may be an idea to look for a new provider). It's worth looking to see if they have a service to report these items before blindly making contact.
answered Jul 30 at 14:40
PaddyPaddy
4322 silver badges6 bronze badges
answered Jul 30 at 14:40
PaddyPaddy
4322 silver badges6 bronze badges
answered Jul 30 at 14:40
PaddyPaddy
4322 silver badges6 bronze badges
answered Jul 30 at 14:40
PaddyPaddy
4322 silver badges6 bronze badges
4322 silver badges6 bronze badges
It's impossible to release an app where this is not possible.
– user253751
Aug 13 at 3:59
add a comment
|
It's impossible to release an app where this is not possible.
– user253751
Aug 13 at 3:59
It's impossible to release an app where this is not possible.
– user253751
Aug 13 at 3:59
It's impossible to release an app where this is not possible.
– user253751
Aug 13 at 3:59
add a comment
|
You could just ask the company bosses/directors/managers if they would be happy for you to reverse engineer their app and build a much better version of it, free of charge - mentioning that you have the skills to do that and know for sure that it could be made a lot better. They will almost certainly know already that their mobile app sucks and be interested in talking to you. If they don't respond or aren't happy, just keep quiet and move on to dealing with organisations that are more likely to succeed.
My guess is that they would be a lot happier if you solved their significant problem for them and would then have a high opinion of your value as a coder. So ask if they'd be okay with it, without telling them you have already done it.
answered Jul 30 at 15:49
Geoff KendallGeoff Kendall
1193 bronze badges
add a comment
|
You could just ask the company bosses/directors/managers if they would be happy for you to reverse engineer their app and build a much better version of it, free of charge - mentioning that you have the skills to do that and know for sure that it could be made a lot better. They will almost certainly know already that their mobile app sucks and be interested in talking to you. If they don't respond or aren't happy, just keep quiet and move on to dealing with organisations that are more likely to succeed.
My guess is that they would be a lot happier if you solved their significant problem for them and would then have a high opinion of your value as a coder. So ask if they'd be okay with it, without telling them you have already done it.
answered Jul 30 at 15:49
Geoff KendallGeoff Kendall
1193 bronze badges
add a comment
|
You could just ask the company bosses/directors/managers if they would be happy for you to reverse engineer their app and build a much better version of it, free of charge - mentioning that you have the skills to do that and know for sure that it could be made a lot better. They will almost certainly know already that their mobile app sucks and be interested in talking to you. If they don't respond or aren't happy, just keep quiet and move on to dealing with organisations that are more likely to succeed.
My guess is that they would be a lot happier if you solved their significant problem for them and would then have a high opinion of your value as a coder. So ask if they'd be okay with it, without telling them you have already done it.
answered Jul 30 at 15:49
Geoff KendallGeoff Kendall
1193 bronze badges
You could just ask the company bosses/directors/managers if they would be happy for you to reverse engineer their app and build a much better version of it, free of charge - mentioning that you have the skills to do that and know for sure that it could be made a lot better. They will almost certainly know already that their mobile app sucks and be interested in talking to you. If they don't respond or aren't happy, just keep quiet and move on to dealing with organisations that are more likely to succeed.
My guess is that they would be a lot happier if you solved their significant problem for them and would then have a high opinion of your value as a coder. So ask if they'd be okay with it, without telling them you have already done it.
answered Jul 30 at 15:49
Geoff KendallGeoff Kendall
1193 bronze badges
answered Jul 30 at 15:49
Geoff KendallGeoff Kendall
1193 bronze badges
answered Jul 30 at 15:49
Geoff KendallGeoff Kendall
1193 bronze badges
answered Jul 30 at 15:49
Geoff KendallGeoff Kendall
1193 bronze badges
1193 bronze badges
add a comment
|
add a comment
|
No. When a development team within a company develops a product they have certain tools/processes that they use to do it (including testing). If you did not use similar things then incorporating your version of the product into their organization would definitely be more expensive than them not doing anything since now they have to hire/train people to work with your way of doing things. I doubt their tech leaders would want you to essentially be dictating how they operate. There's probably a business driven reason why their app sucks like they didn't think it was worth it to invest more money in making it better and they're working on other aspects of things behind the scenes or focusing on marketing. That thinking isn't going to change because you show up and say, 'Hey pay me money and I'll give you this.'
Most likely outcome is that they would have their lawyer send you an order to stop reverse engineering stuff & to stop using what you created which puts you in a worse position than you're in now.
Your best move is to find out a legal way to have your own app service/business and use your expertise to make money there.
answered Jul 30 at 15:02
HenryMHenryM
1,5453 silver badges10 bronze badges
add a comment
|
No. When a development team within a company develops a product they have certain tools/processes that they use to do it (including testing). If you did not use similar things then incorporating your version of the product into their organization would definitely be more expensive than them not doing anything since now they have to hire/train people to work with your way of doing things. I doubt their tech leaders would want you to essentially be dictating how they operate. There's probably a business driven reason why their app sucks like they didn't think it was worth it to invest more money in making it better and they're working on other aspects of things behind the scenes or focusing on marketing. That thinking isn't going to change because you show up and say, 'Hey pay me money and I'll give you this.'
Most likely outcome is that they would have their lawyer send you an order to stop reverse engineering stuff & to stop using what you created which puts you in a worse position than you're in now.
Your best move is to find out a legal way to have your own app service/business and use your expertise to make money there.
answered Jul 30 at 15:02
HenryMHenryM
1,5453 silver badges10 bronze badges
add a comment
|
No. When a development team within a company develops a product they have certain tools/processes that they use to do it (including testing). If you did not use similar things then incorporating your version of the product into their organization would definitely be more expensive than them not doing anything since now they have to hire/train people to work with your way of doing things. I doubt their tech leaders would want you to essentially be dictating how they operate. There's probably a business driven reason why their app sucks like they didn't think it was worth it to invest more money in making it better and they're working on other aspects of things behind the scenes or focusing on marketing. That thinking isn't going to change because you show up and say, 'Hey pay me money and I'll give you this.'
Most likely outcome is that they would have their lawyer send you an order to stop reverse engineering stuff & to stop using what you created which puts you in a worse position than you're in now.
Your best move is to find out a legal way to have your own app service/business and use your expertise to make money there.
answered Jul 30 at 15:02
HenryMHenryM
1,5453 silver badges10 bronze badges
No. When a development team within a company develops a product they have certain tools/processes that they use to do it (including testing). If you did not use similar things then incorporating your version of the product into their organization would definitely be more expensive than them not doing anything since now they have to hire/train people to work with your way of doing things. I doubt their tech leaders would want you to essentially be dictating how they operate. There's probably a business driven reason why their app sucks like they didn't think it was worth it to invest more money in making it better and they're working on other aspects of things behind the scenes or focusing on marketing. That thinking isn't going to change because you show up and say, 'Hey pay me money and I'll give you this.'
Most likely outcome is that they would have their lawyer send you an order to stop reverse engineering stuff & to stop using what you created which puts you in a worse position than you're in now.
Your best move is to find out a legal way to have your own app service/business and use your expertise to make money there.
answered Jul 30 at 15:02
HenryMHenryM
1,5453 silver badges10 bronze badges
edited Jul 30 at 22:39
answered Jul 30 at 15:02
HenryMHenryM
1,5453 silver badges10 bronze badges
answered Jul 30 at 15:02
HenryMHenryM
1,5453 silver badges10 bronze badges
answered Jul 30 at 15:02
HenryMHenryM
1,5453 silver badges10 bronze badges
1,5453 silver badges10 bronze badges
add a comment
|
add a comment
|
25
Does their app come with an EULA that includes the standard “no reverse engineering” clause? Did you include proper security measures in your app to prevent leaks of users’ personal data?
– nick012000
Jul 30 at 0:58
5
Check to see if there is a standalone API product. It's possible their app uses their published API. In which case, you can cross reference your reverse engineered solution with the API. Note that reverse-engineering their product could still be in breach of your contract (and EULA), but you may be able to say you developed a product with their API.
– Gregory Currie
Jul 30 at 1:07
18
I'm voting to close this question as off-topic because it is not about a workplace related topic as described in the help center.
– Philipp
Jul 30 at 8:54
3
Possible duplicate of Should I mention I've reversed engineered games of the company I interview at?
– rkeet
Jul 30 at 9:35
9
The jurisdiction would matter here. All the scare words about EULA's are irrelevant in jurisdictions where reverse engineering is legal per se, or at least for personal use.
– MSalters
Jul 30 at 12:22