As you may have figured out from our APK teardowns, it's pretty easy to look inside most Android apps and figure out what they're doing. There are a few products designed to obfuscate (hide) app code, one of them being DexGuard from Guardsquare. However, apps protected with DexGuard might become vulnerable in the future, thanks to the tool's code being leaked.

Earlier this week, Guardsquare filed a DMCA claim against GitHub, where someone had uploaded a copy of DexGuard's source code. The company said, "the listed folders (see below) contain an older version of our commercial obfuscation software (DexGuard) for Android applications. The folder is part of a larger code base that was stolen from one of our former customers."

By the time Guardsquare filed the claim, there were already hundreds of forks (mirrors) on GitHub. These have all been taken down, but the code has also been uploaded to other sites. As they say, nothing is ever truly deleted from the internet.

Cached copies of the leak seem to indicate the actual source code was not leaked - just various configuration files, tools, and sample projects designed to help developers learn how to use DexGuard.