MobileTechWorld is reporting a glaring oversight from Microsoft which is allowing Windows Phone 7 marketplace visitors to download the full application package of every or any app on the platform without having to own a WP7 device or run the Zune Desktop executable.
As a result, it appears applications can be downloaded just by examining the ATOM XML feeds that the Zune Desktop client uses to fetch apps, meaning an entire XAP package file can be downloaded to a users computer, unzipped and then studied using a piece of software called .NET Reflector which analyses .NET assemblies and displays them in C#, Visual Basic and IL.
Obviously, if source code and be interpreted, features and routines can be copied or even stolen. This is bad for developers, who rely on having new features to differentiate themselves from their competition. Lets face it, if you work hard on building something, the last thing you want is to have your ideas stolen.
Microsoft is aware of the situation, asking third-party sites that have posted direct links to the XML files to take them down. Instead of updating its current implementation to protect the source code of apps on its marketplace, Microsoft is asking developers to run their code through obfuscator tools which scramble and protect the code as a result.
The company will most likely begin to encrypt XAP archives, protecting the contents of the files in the process but there is no word on when this would be put into place. If you want to search for Windows Phone 7 apps, Bing is your friend.
Developers will be pressing Microsoft for a swift resolution, we will update you as soon as we know any more on this matter.