| ▲ | r-johnv 3 days ago | |
Being a cat-and-mouse game, would the reaction from the app-owner be to shift the computation to methods that are not discernable by dissection of the app? For example having the app be purely a data collection tool which then streams it to the server to do all computation? | ||
| ▲ | dmurray 3 days ago | parent | next [-] | |
No. Any sane engineering team would have built it that way in the first place, so they almost certainly don't have the competence to change it now, or possibly even to understand your question. | ||
| ▲ | sbarre 3 days ago | parent | prev | next [-] | |
I think that would be the case if the employer was doing this on purpose. I would bet this is more a case of business goals being met by dev teams in the quickest and easiest way possible, without anyone providing legal or regulatory oversight to ensure the implementation is complying with required laws. That's not any kind of justification or excuse though! | ||
| ▲ | jdietrich 3 days ago | parent | prev [-] | |
The reverse engineering is really secondary to the regulatory regime. The company in this story had already been investigated and fined before anyone had tried to reverse-engineer their app. It's an offence under GDPR to fail to cooperate with a supervisory authority. There are extensive record-keeping and transparency requirements. Trying to play cat-and-mouse is itself illegal and likely to be legible to the regulator. | ||