Perspective

4 min read

The barrier to reverse-engineering your app just collapsed

The barrier to reverse-engineering your app just collapsed

Taking a mobile app apart used to be a craft. It took a specialist, a quiet week, and a great deal of patience. None of that is true anymore.

Taking a mobile app apart used to be a craft. It took a specialist, a quiet week, and a great deal of patience. None of that is true anymore.

BY Bojan Belic

Engineer

Bojan is a senior mobile dev with over 10 years of experience freelancing with multinationals and startups alike. He likes to tinker with everything that can be compiled, transpiled, or interpreted.

TL;DR

TL;DR

  • Taking a mobile app apart used to require a specialist and a quiet week. Not anymore. A public frontier model, a handful of free decompilers, and a thin harness to loop them together — that is the whole kit.

  • Anything you ship inside your app, treat as already public. Not "at risk." Public. The only variable left is how long discovery takes, and AI just took that number to near zero.

  • The attack never touches your servers. Download the app, decompile it, hand it to a model — no backend contact required. In most jurisdictions, that also makes it the legally safer path. Which is exactly what AI supercharged.

  • The defensive layer most teams rely on buys time, not secrecy. AI just bought attackers a faster car. The line that actually holds is the one between client and server.

The comfortable assumption goes like this: sure, an app can be reverse-engineered, but it takes a rare kind of attacker. Someone with deep skills, expensive tools, or access to one of those gated, safeguard-stripped models you read about. The frontier-class model with the safety rails removed, handed only to vetted partners behind a trusted access door. Claude Mythos 5 is exactly that kind of thing: the same capability as the public release, minus the guardrails that block agentic hacking.

Here is the uncomfortable part. Attackers do not need it.

You do not need the special model

What actually does the work is boring and widely available. A public frontier model anyone can pay for by the token. A handful of free, decades-old tools: jadx to decompile, Ghidra to read native binaries, Frida to poke at a running app. And a thin harness that loops the tools and the model together, feeding decompiled code in and acting on what comes back.

That is the whole kit. None of it is exotic. None of it is gated.

The model does not need to be jailbroken to be useful here, because reading code is not a forbidden act. Ask a general-purpose model to explain an obfuscated class and it will, cheerfully, because explaining code is its day job. Point it at thousands of mangled methods and it does in minutes what used to take an analyst a week.

The capability used to live with a few professionals. Now it sits on a spectrum that runs from authorized red teams all the way down to a motivated amateur with a credit card. The skill floor dropped through the basement.

Anything you ship, you give away

This is the line worth internalizing. If a secret ships inside your app, treat it as already public.

Not “at risk.” Public. The only variable left is how long the discovery takes, and AI just took that number to near zero.

Consider what we keep finding in real apps, all of it pulled from binaries downloaded straight off the store.

A teen-banking app shipped a live cloud API key sitting in plain text inside the app’s string table. Recoverable in seconds with a tool that has existed since the nineties. No AI required for that one, frankly, but AI is what makes it scale to every app at once.

A self-custody crypto wallet stacked three separate root-detection libraries and certificate pinning on top. Impressive on paper. In practice every gate was a single yes/no branch, each one patchable to “always pass” in one instruction. The entire defensive layer fell in under five minutes.

And the one that should sting the most: a national-scale app that paid six figures a year for best-in-class commercial obfuscation, and still left its authentication encryption key sitting as a plain-text constant in a config class. Obfuscation scrambles the code that uses the key. It does nothing for the key itself, which a decompiler reads cleanly no matter how much you spent.

That is the trap with obfuscation. It feels like a wall. It is a speed bump, and AI just bought everyone a faster car.

One thing matters here, and we want to be clear about it. Every weakness described above was reported to the app’s owner under responsible disclosure, and every one has since been fixed. This is not naming and shaming (these were capable teams who moved quickly once they knew). If anything, the landscape is a little harder today than it was yesterday, which is exactly the direction it should move.

Embedded keys. Proprietary logic, the pricing rules and fraud checks and feature gates you assumed were hidden. The security controls themselves, located precisely so they can be switched off. All of it lives in the client, and the client runs on the attacker’s machine, not yours.

The attacker never has to touch your servers

This is the part that should reshape how you think about the threat, not just how impressed you are by it.

The whole attack happens offline. Download the app from the store. Decompile it. Hand the result to a model. Ask where the secrets live, which checks to disable, how the licensing works. The model reads, reasons, and points. At no stage does anyone contact your backend.

That offline quality is not just convenient. In Belgium, it is the difference between two very different legal positions. (Not legal advice, and the lines differ by country, so talk to an actual lawyer.)

Article 550bis of the Belgian Criminal Code is about unauthorized access to a computer system. Static analysis does not touch a system. It picks apart a file you legally downloaded, on your own machine, the way you might take apart a radio you bought. Dynamic testing is the opposite: the moment you run the app against the live backend, hook it with Frida, or intercept its traffic, you are reaching into systems you do not own. That is where the serious legal exposure starts, and there is no general “but I was only testing” exemption.

So the cheap path and the legally safer path are the same path. And it is exactly the path AI supercharged. Every example above came from static analysis of public binaries. No device. No traffic captured. No server ever contacted. Critical findings, pulled from the legally quietest corner of the room.

What actually holds

The good news is that the boundary is real and well understood. Some things do not fall.

A secret that lives only on your server stays yours, because the attacker never gets the file it lives in. A key held in a hardware-backed keystore or secure enclave, gated by device attestation, resists extraction in a way a plain-text constant never will. The line is simple: the client is hostile territory, and only the server is home.

So build like it. Assume every string, key, and branch in your app will be read by a patient, tireless reader, because now it will be. Keep anything that actually matters server-side. Put what must live on the device behind hardware-backed storage. Treat obfuscation as time bought, never secrecy earned. And move your own security testing left, into static analysis, because that is exactly where the attacker is already standing.

The barrier did not move. It collapsed. The teams that stay safe will be the ones who stopped relying on it being there.

Get in touch

When the digital product you're building is core to your business, the margin for error is different. So is the kind of partner you need.

If that's where you are, let's talk.

Get in touch

When the digital product you're building is core to your business, the margin for error is different. So is the kind of partner you need.

If that's where you are, let's talk.

Get in touch

When the digital product you're building is core to your business, the margin for error is different. So is the kind of partner you need.

If that's where you are, let's talk.