Hacker News new | comments | show | ask | jobs | submit login
Clinkle: App Teardown (Part 1) (svstealth.tumblr.com)
53 points by ankitshah 1427 days ago | hide | past | web | 17 comments | favorite



1) I'm not familiar with intellectual property law and I'm curious: Can Clinkle's lawyers do anything to prevent such information from being published?

2) My inner conspiracy theorist says this is a clever posting from someone internal to Clinkle as a PR stunt.


3) Could someone nonplussed with the app, and wondering if hype was telling or misplaced. Seems reasonable to perform an iFixit style teardown, and see if there's any there there.


They could; Shazaam did something very similar.

https://news.ycombinator.com/item?id=5723863


1) it was on the Google Play Store ... 'nuff said 2) why would they make fun of the stitched wallet leather look and the key used to unlock the wallet?


> 2) a PR stunt

Came here to say just this. This looks very much like an astro-turfing post.


i don't think astroturfing posts are typically this negative..


It'd be a better way to astroturf actually. The goal of such post would be to merely put the company on a map and get people talking about it. Just set in a mood for now - it's something grand, mysterious and ambitious, if a bit half-baked (but that's just at the moment, that's why they are in "stealth" mode after all). The praise singing chorus will step in later.


Continued here: http://svstealth.tumblr.com/post/54200406550/clinkle-app-tea...

This part just mentions design, possible parter logos, fonts, facebook like boxes and that they didn't obfuscate code.


Article seems unnecessarily mean.

A $25m "seed" is generally not a good idea but I think worthwhile giving the benefit of the doubt at this point and waiting to see what and how they roll out.

The Yodlee thing is likely for verifying bank/card accounts, not offering Mint-like services.


With android apk's can so see the complete source code of the app?


Java class files (compiled Java) can be decompiled.

Unless they ran the code through an obfuscator or something in the android dev cycle does that automatically (I don't know), you can get the full source with full variable names, more or less. The stock javac compiler doesn't do much in terms of optimization, there are a couple things it does (replaces accesses to 'final static' members with constants for example), most is left to the JIT, bytecode -> source translation is pretty straight forward and you don't lose much.


No, but you can disassemble them to see the Dalvik bytecode[1], which is not too hard to understand.

[1] http://source.android.com/tech/dalvik/dalvik-bytecode.html


You can actually reverse engineer an entire app to java code and see all the resources such as strings and images. Just takes around 10 minutes http://stackoverflow.com/questions/3593420/android-getting-s...

You can prevent this by obfuscating your code in eclipse with proguard, however most apps are not obfuscated.


Even with obfuscation you tend to just end up with the code, but all the identifiers are replaced with a, b, c, etc.. I've still been able to figure Bluetooth protocols and other things without much trouble. For pirates, impersonators, and malware creators, they often just have to find free/pro/goods counter/license check/sig check or add in a call to their own extra code to run. So a little tougher for them, but not the end.


as mentioned, you can use a dalvik decompiler. I recommend JEB: http://www.android-decompiler.com/

It's like IDA but for APKs.


Wow... blindly speculating yesterday about what Clinkle might be doing -- https://news.ycombinator.com/item?id=5956736 -- I'd thrown in "ultrasonic acoustics" as a random wild guess. Great to hear that's part of it.

Though it'd also be kind of cool to do the transaction in the hearable range... so your phone playing a merchant could make the same sort of 'honking' as old dial-up modems. Not just a novelty, that'd promote the service to everyone within earshot.


This is a worse investment than color in my opinion. The founders have no track record whatsoever to justify a $25M investment for a product that has been stealth mode for two years running. I've heard several complaints from insiders about the company and its founder.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: