Mixing
How to approach reverse engineering their product
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
8
down vote
favorite
I'll have a job interview in a fintech company that makes an app I use a lot. I've reverse engineered it and written a new version from scratch that consumes their API to add the features I think it lacks.
I've already read all the privacy policy and the terms and conditions and, according to my lawyer, there is nothing illegal in what I've done (there is no specific legislation about it here).
I assume they'll ask what I've been doing recently or what's my relationship with their product. I feel that already knowing their API and having architected, written code and tests for their product is a plus but I'm a bit afraid they take it the wrong way (their app is obfuscated and the app handles money).
Should I mention that in the interview? If so, how do I approach that?
interviewing software-industry
asked Sep 8 '16 at 12:03
fpg1503
1463
 |Â
show 5 more comments
up vote
8
down vote
favorite
I'll have a job interview in a fintech company that makes an app I use a lot. I've reverse engineered it and written a new version from scratch that consumes their API to add the features I think it lacks.
I've already read all the privacy policy and the terms and conditions and, according to my lawyer, there is nothing illegal in what I've done (there is no specific legislation about it here).
I assume they'll ask what I've been doing recently or what's my relationship with their product. I feel that already knowing their API and having architected, written code and tests for their product is a plus but I'm a bit afraid they take it the wrong way (their app is obfuscated and the app handles money).
Should I mention that in the interview? If so, how do I approach that?
interviewing software-industry
asked Sep 8 '16 at 12:03
fpg1503
1463
1
I'll apologise in advance for the technical commentary that's going to follow here. OP, I take it you're merely describing a new frontend to consume their API with no changes to the way you're using the API? I'm assuming the API isn't actually published and you're just referring to the external-facing services the official app uses to access the company's back end systems? Can you disclose more details on the kind of app/service you're talking about? There'd be a huge difference between a budgeting app and something like mobile banking.
– Lilienthal♦
Sep 8 '16 at 12:21
4
How you word this could make a difference. Don't say "I'm familiar with your app because I reverse engineered it to make my own l33t version." Say something like: "I'm familiar with your app; I'm naturally curious so I even developed a custom client that lets me use it on my Android phone (or whatever)." Say it as if writing a custom client for a service is the most obvious and natural thing for someone in your position to do. Avoid terms like reverse engineering, obfuscation, lawyer.
– Brandin
Sep 8 '16 at 14:44
1
Note that if you 1) Are in Europe and 2) the features you added in your client regarded integration with other programs then what you did is 100% legal and protected by law, even if the product license explicitly states that reverse engineering is forbidden (since clauses against the law are void).
– Bakuriu
Sep 8 '16 at 14:59
2
The big question: Is their API public, and did you use it within the agreement/license published? If so, you've only made your own front-end, which is why companies publish API's in the first place. If you "discovered" the non-public API by using a network traffic monitor while running their client, you may want to just shut up about it.
– Wesley Long
Sep 8 '16 at 15:24
2
Well, then this is a really good time to shut up about it. :)
– Wesley Long
Sep 8 '16 at 15:54
 |Â
show 5 more comments
up vote
8
down vote
favorite
up vote
8
down vote
favorite
I'll have a job interview in a fintech company that makes an app I use a lot. I've reverse engineered it and written a new version from scratch that consumes their API to add the features I think it lacks.
I've already read all the privacy policy and the terms and conditions and, according to my lawyer, there is nothing illegal in what I've done (there is no specific legislation about it here).
I assume they'll ask what I've been doing recently or what's my relationship with their product. I feel that already knowing their API and having architected, written code and tests for their product is a plus but I'm a bit afraid they take it the wrong way (their app is obfuscated and the app handles money).
Should I mention that in the interview? If so, how do I approach that?
interviewing software-industry
asked Sep 8 '16 at 12:03
fpg1503
1463
I'll have a job interview in a fintech company that makes an app I use a lot. I've reverse engineered it and written a new version from scratch that consumes their API to add the features I think it lacks.
I've already read all the privacy policy and the terms and conditions and, according to my lawyer, there is nothing illegal in what I've done (there is no specific legislation about it here).
I assume they'll ask what I've been doing recently or what's my relationship with their product. I feel that already knowing their API and having architected, written code and tests for their product is a plus but I'm a bit afraid they take it the wrong way (their app is obfuscated and the app handles money).
Should I mention that in the interview? If so, how do I approach that?
interviewing software-industry
asked Sep 8 '16 at 12:03
fpg1503
1463
asked Sep 8 '16 at 12:03
fpg1503
1463
asked Sep 8 '16 at 12:03
fpg1503
1463
asked Sep 8 '16 at 12:03
fpg1503
1463
1463
1
I'll apologise in advance for the technical commentary that's going to follow here. OP, I take it you're merely describing a new frontend to consume their API with no changes to the way you're using the API? I'm assuming the API isn't actually published and you're just referring to the external-facing services the official app uses to access the company's back end systems? Can you disclose more details on the kind of app/service you're talking about? There'd be a huge difference between a budgeting app and something like mobile banking.
– Lilienthal♦
Sep 8 '16 at 12:21
4
How you word this could make a difference. Don't say "I'm familiar with your app because I reverse engineered it to make my own l33t version." Say something like: "I'm familiar with your app; I'm naturally curious so I even developed a custom client that lets me use it on my Android phone (or whatever)." Say it as if writing a custom client for a service is the most obvious and natural thing for someone in your position to do. Avoid terms like reverse engineering, obfuscation, lawyer.
– Brandin
Sep 8 '16 at 14:44
1
Note that if you 1) Are in Europe and 2) the features you added in your client regarded integration with other programs then what you did is 100% legal and protected by law, even if the product license explicitly states that reverse engineering is forbidden (since clauses against the law are void).
– Bakuriu
Sep 8 '16 at 14:59
2
The big question: Is their API public, and did you use it within the agreement/license published? If so, you've only made your own front-end, which is why companies publish API's in the first place. If you "discovered" the non-public API by using a network traffic monitor while running their client, you may want to just shut up about it.
– Wesley Long
Sep 8 '16 at 15:24
2
Well, then this is a really good time to shut up about it. :)
– Wesley Long
Sep 8 '16 at 15:54
 |Â
show 5 more comments
1
I'll apologise in advance for the technical commentary that's going to follow here. OP, I take it you're merely describing a new frontend to consume their API with no changes to the way you're using the API? I'm assuming the API isn't actually published and you're just referring to the external-facing services the official app uses to access the company's back end systems? Can you disclose more details on the kind of app/service you're talking about? There'd be a huge difference between a budgeting app and something like mobile banking.
– Lilienthal♦
Sep 8 '16 at 12:21
4
How you word this could make a difference. Don't say "I'm familiar with your app because I reverse engineered it to make my own l33t version." Say something like: "I'm familiar with your app; I'm naturally curious so I even developed a custom client that lets me use it on my Android phone (or whatever)." Say it as if writing a custom client for a service is the most obvious and natural thing for someone in your position to do. Avoid terms like reverse engineering, obfuscation, lawyer.
– Brandin
Sep 8 '16 at 14:44
1
Note that if you 1) Are in Europe and 2) the features you added in your client regarded integration with other programs then what you did is 100% legal and protected by law, even if the product license explicitly states that reverse engineering is forbidden (since clauses against the law are void).
– Bakuriu
Sep 8 '16 at 14:59
2
The big question: Is their API public, and did you use it within the agreement/license published? If so, you've only made your own front-end, which is why companies publish API's in the first place. If you "discovered" the non-public API by using a network traffic monitor while running their client, you may want to just shut up about it.
– Wesley Long
Sep 8 '16 at 15:24
2
Well, then this is a really good time to shut up about it. :)
– Wesley Long
Sep 8 '16 at 15:54
1
1
I'll apologise in advance for the technical commentary that's going to follow here. OP, I take it you're merely describing a new frontend to consume their API with no changes to the way you're using the API? I'm assuming the API isn't actually published and you're just referring to the external-facing services the official app uses to access the company's back end systems? Can you disclose more details on the kind of app/service you're talking about? There'd be a huge difference between a budgeting app and something like mobile banking.
– Lilienthal♦
Sep 8 '16 at 12:21
I'll apologise in advance for the technical commentary that's going to follow here. OP, I take it you're merely describing a new frontend to consume their API with no changes to the way you're using the API? I'm assuming the API isn't actually published and you're just referring to the external-facing services the official app uses to access the company's back end systems? Can you disclose more details on the kind of app/service you're talking about? There'd be a huge difference between a budgeting app and something like mobile banking.
– Lilienthal♦
Sep 8 '16 at 12:21
4
4
How you word this could make a difference. Don't say "I'm familiar with your app because I reverse engineered it to make my own l33t version." Say something like: "I'm familiar with your app; I'm naturally curious so I even developed a custom client that lets me use it on my Android phone (or whatever)." Say it as if writing a custom client for a service is the most obvious and natural thing for someone in your position to do. Avoid terms like reverse engineering, obfuscation, lawyer.
– Brandin
Sep 8 '16 at 14:44
How you word this could make a difference. Don't say "I'm familiar with your app because I reverse engineered it to make my own l33t version." Say something like: "I'm familiar with your app; I'm naturally curious so I even developed a custom client that lets me use it on my Android phone (or whatever)." Say it as if writing a custom client for a service is the most obvious and natural thing for someone in your position to do. Avoid terms like reverse engineering, obfuscation, lawyer.
– Brandin
Sep 8 '16 at 14:44
1
1
Note that if you 1) Are in Europe and 2) the features you added in your client regarded integration with other programs then what you did is 100% legal and protected by law, even if the product license explicitly states that reverse engineering is forbidden (since clauses against the law are void).
– Bakuriu
Sep 8 '16 at 14:59
Note that if you 1) Are in Europe and 2) the features you added in your client regarded integration with other programs then what you did is 100% legal and protected by law, even if the product license explicitly states that reverse engineering is forbidden (since clauses against the law are void).
– Bakuriu
Sep 8 '16 at 14:59
2
2
The big question: Is their API public, and did you use it within the agreement/license published? If so, you've only made your own front-end, which is why companies publish API's in the first place. If you "discovered" the non-public API by using a network traffic monitor while running their client, you may want to just shut up about it.
– Wesley Long
Sep 8 '16 at 15:24
The big question: Is their API public, and did you use it within the agreement/license published? If so, you've only made your own front-end, which is why companies publish API's in the first place. If you "discovered" the non-public API by using a network traffic monitor while running their client, you may want to just shut up about it.
– Wesley Long
Sep 8 '16 at 15:24
2
2
Well, then this is a really good time to shut up about it. :)
– Wesley Long
Sep 8 '16 at 15:54
Well, then this is a really good time to shut up about it. :)
– Wesley Long
Sep 8 '16 at 15:54
 |Â
show 5 more comments
2 Answers
2
active
oldest
votes
up vote
12
down vote
accepted
Personally, I'd hire you on the spot, as I wouldn't want anyone as dangerous as you working against me. That said, your approach should be cautious. From their perspective, it might be a bit jarring to see an improvement to their app from an outsider. From your perspective, you don't want to reveal too much so that they end up stealing your ideas and not hiring you.
IF you have OTHER examples you could bring in that are not their app, I would use them to demonstrate that particular skill, and then mention that you could do the same for them, and possibly even add features. If hired, THEN deliver what you've done.
Do not mention that you have already reverse engineered anything of theirs. They'll more likely feel threatened than impressed.
answered Sep 8 '16 at 12:12
Richard U
77.2k56200307
3
"If hired, THEN deliver what you've done" Watch out with that as well. You might come across as the smart ass who thinks he knows better.
– Jeroen
Sep 8 '16 at 12:47
1
The OP might try making light of or hint at what he did such as mentioning that "I took a brief look at your API and have some ideas on how to improve it" or "I played around a little with your API and there is a lot of new things we can do with it". But totally agree that admitting to entirely reverse engineering will probably not go down well.
– DanK
Sep 8 '16 at 12:52
suggest improvements |Â
up vote
6
down vote
Should I mention that in the interview?
If you are afraid that they will take it the wrong way, then don't mention it.
Having worked in a few myself, I find that fintech companies tend to be very security-sensitive, so your intuition on that is likely well-founded.
Knowing their API may be a plus, but it's likely a small one anyway. If you didn't already know the API and were hired, it wouldn't take long to learn it, right?
Talk about how much you like their app, but leave the "reverse engineered it" part out.
answered Sep 8 '16 at 12:12
Joe Strazzere
221k101648912
suggest improvements |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
12
down vote
accepted
Personally, I'd hire you on the spot, as I wouldn't want anyone as dangerous as you working against me. That said, your approach should be cautious. From their perspective, it might be a bit jarring to see an improvement to their app from an outsider. From your perspective, you don't want to reveal too much so that they end up stealing your ideas and not hiring you.
IF you have OTHER examples you could bring in that are not their app, I would use them to demonstrate that particular skill, and then mention that you could do the same for them, and possibly even add features. If hired, THEN deliver what you've done.
Do not mention that you have already reverse engineered anything of theirs. They'll more likely feel threatened than impressed.
answered Sep 8 '16 at 12:12
Richard U
77.2k56200307
3
"If hired, THEN deliver what you've done" Watch out with that as well. You might come across as the smart ass who thinks he knows better.
– Jeroen
Sep 8 '16 at 12:47
1
The OP might try making light of or hint at what he did such as mentioning that "I took a brief look at your API and have some ideas on how to improve it" or "I played around a little with your API and there is a lot of new things we can do with it". But totally agree that admitting to entirely reverse engineering will probably not go down well.
– DanK
Sep 8 '16 at 12:52
suggest improvements |Â
up vote
12
down vote
accepted
Personally, I'd hire you on the spot, as I wouldn't want anyone as dangerous as you working against me. That said, your approach should be cautious. From their perspective, it might be a bit jarring to see an improvement to their app from an outsider. From your perspective, you don't want to reveal too much so that they end up stealing your ideas and not hiring you.
IF you have OTHER examples you could bring in that are not their app, I would use them to demonstrate that particular skill, and then mention that you could do the same for them, and possibly even add features. If hired, THEN deliver what you've done.
Do not mention that you have already reverse engineered anything of theirs. They'll more likely feel threatened than impressed.
answered Sep 8 '16 at 12:12
Richard U
77.2k56200307
3
"If hired, THEN deliver what you've done" Watch out with that as well. You might come across as the smart ass who thinks he knows better.
– Jeroen
Sep 8 '16 at 12:47
1
The OP might try making light of or hint at what he did such as mentioning that "I took a brief look at your API and have some ideas on how to improve it" or "I played around a little with your API and there is a lot of new things we can do with it". But totally agree that admitting to entirely reverse engineering will probably not go down well.
– DanK
Sep 8 '16 at 12:52
suggest improvements |Â
up vote
12
down vote
accepted
up vote
12
down vote
accepted
Personally, I'd hire you on the spot, as I wouldn't want anyone as dangerous as you working against me. That said, your approach should be cautious. From their perspective, it might be a bit jarring to see an improvement to their app from an outsider. From your perspective, you don't want to reveal too much so that they end up stealing your ideas and not hiring you.
IF you have OTHER examples you could bring in that are not their app, I would use them to demonstrate that particular skill, and then mention that you could do the same for them, and possibly even add features. If hired, THEN deliver what you've done.
Do not mention that you have already reverse engineered anything of theirs. They'll more likely feel threatened than impressed.
answered Sep 8 '16 at 12:12
Richard U
77.2k56200307
Personally, I'd hire you on the spot, as I wouldn't want anyone as dangerous as you working against me. That said, your approach should be cautious. From their perspective, it might be a bit jarring to see an improvement to their app from an outsider. From your perspective, you don't want to reveal too much so that they end up stealing your ideas and not hiring you.
IF you have OTHER examples you could bring in that are not their app, I would use them to demonstrate that particular skill, and then mention that you could do the same for them, and possibly even add features. If hired, THEN deliver what you've done.
Do not mention that you have already reverse engineered anything of theirs. They'll more likely feel threatened than impressed.
answered Sep 8 '16 at 12:12
Richard U
77.2k56200307
answered Sep 8 '16 at 12:12
Richard U
77.2k56200307
answered Sep 8 '16 at 12:12
Richard U
77.2k56200307
answered Sep 8 '16 at 12:12
Richard U
77.2k56200307
77.2k56200307
3
"If hired, THEN deliver what you've done" Watch out with that as well. You might come across as the smart ass who thinks he knows better.
– Jeroen
Sep 8 '16 at 12:47
1
The OP might try making light of or hint at what he did such as mentioning that "I took a brief look at your API and have some ideas on how to improve it" or "I played around a little with your API and there is a lot of new things we can do with it". But totally agree that admitting to entirely reverse engineering will probably not go down well.
– DanK
Sep 8 '16 at 12:52
suggest improvements |Â
3
"If hired, THEN deliver what you've done" Watch out with that as well. You might come across as the smart ass who thinks he knows better.
– Jeroen
Sep 8 '16 at 12:47
1
The OP might try making light of or hint at what he did such as mentioning that "I took a brief look at your API and have some ideas on how to improve it" or "I played around a little with your API and there is a lot of new things we can do with it". But totally agree that admitting to entirely reverse engineering will probably not go down well.
– DanK
Sep 8 '16 at 12:52
3
3
"If hired, THEN deliver what you've done" Watch out with that as well. You might come across as the smart ass who thinks he knows better.
– Jeroen
Sep 8 '16 at 12:47
"If hired, THEN deliver what you've done" Watch out with that as well. You might come across as the smart ass who thinks he knows better.
– Jeroen
Sep 8 '16 at 12:47
1
1
The OP might try making light of or hint at what he did such as mentioning that "I took a brief look at your API and have some ideas on how to improve it" or "I played around a little with your API and there is a lot of new things we can do with it". But totally agree that admitting to entirely reverse engineering will probably not go down well.
– DanK
Sep 8 '16 at 12:52
The OP might try making light of or hint at what he did such as mentioning that "I took a brief look at your API and have some ideas on how to improve it" or "I played around a little with your API and there is a lot of new things we can do with it". But totally agree that admitting to entirely reverse engineering will probably not go down well.
– DanK
Sep 8 '16 at 12:52
suggest improvements |Â
up vote
6
down vote
Should I mention that in the interview?
If you are afraid that they will take it the wrong way, then don't mention it.
Having worked in a few myself, I find that fintech companies tend to be very security-sensitive, so your intuition on that is likely well-founded.
Knowing their API may be a plus, but it's likely a small one anyway. If you didn't already know the API and were hired, it wouldn't take long to learn it, right?
Talk about how much you like their app, but leave the "reverse engineered it" part out.
answered Sep 8 '16 at 12:12
Joe Strazzere
221k101648912
suggest improvements |Â
up vote
6
down vote
Should I mention that in the interview?
If you are afraid that they will take it the wrong way, then don't mention it.
Having worked in a few myself, I find that fintech companies tend to be very security-sensitive, so your intuition on that is likely well-founded.
Knowing their API may be a plus, but it's likely a small one anyway. If you didn't already know the API and were hired, it wouldn't take long to learn it, right?
Talk about how much you like their app, but leave the "reverse engineered it" part out.
answered Sep 8 '16 at 12:12
Joe Strazzere
221k101648912
suggest improvements |Â
up vote
6
down vote
up vote
6
down vote
Should I mention that in the interview?
If you are afraid that they will take it the wrong way, then don't mention it.
Having worked in a few myself, I find that fintech companies tend to be very security-sensitive, so your intuition on that is likely well-founded.
Knowing their API may be a plus, but it's likely a small one anyway. If you didn't already know the API and were hired, it wouldn't take long to learn it, right?
Talk about how much you like their app, but leave the "reverse engineered it" part out.
answered Sep 8 '16 at 12:12
Joe Strazzere
221k101648912
Should I mention that in the interview?
If you are afraid that they will take it the wrong way, then don't mention it.
Having worked in a few myself, I find that fintech companies tend to be very security-sensitive, so your intuition on that is likely well-founded.
Knowing their API may be a plus, but it's likely a small one anyway. If you didn't already know the API and were hired, it wouldn't take long to learn it, right?
Talk about how much you like their app, but leave the "reverse engineered it" part out.
answered Sep 8 '16 at 12:12
Joe Strazzere
221k101648912
answered Sep 8 '16 at 12:12
Joe Strazzere
221k101648912
answered Sep 8 '16 at 12:12
Joe Strazzere
221k101648912
answered Sep 8 '16 at 12:12
Joe Strazzere
221k101648912
221k101648912
suggest improvements |Â
suggest improvements |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f75585%2fhow-to-approach-reverse-engineering-their-product%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
I'll apologise in advance for the technical commentary that's going to follow here. OP, I take it you're merely describing a new frontend to consume their API with no changes to the way you're using the API? I'm assuming the API isn't actually published and you're just referring to the external-facing services the official app uses to access the company's back end systems? Can you disclose more details on the kind of app/service you're talking about? There'd be a huge difference between a budgeting app and something like mobile banking.
– Lilienthal♦
Sep 8 '16 at 12:21
4
How you word this could make a difference. Don't say "I'm familiar with your app because I reverse engineered it to make my own l33t version." Say something like: "I'm familiar with your app; I'm naturally curious so I even developed a custom client that lets me use it on my Android phone (or whatever)." Say it as if writing a custom client for a service is the most obvious and natural thing for someone in your position to do. Avoid terms like reverse engineering, obfuscation, lawyer.
– Brandin
Sep 8 '16 at 14:44
1
Note that if you 1) Are in Europe and 2) the features you added in your client regarded integration with other programs then what you did is 100% legal and protected by law, even if the product license explicitly states that reverse engineering is forbidden (since clauses against the law are void).
– Bakuriu
Sep 8 '16 at 14:59
2
The big question: Is their API public, and did you use it within the agreement/license published? If so, you've only made your own front-end, which is why companies publish API's in the first place. If you "discovered" the non-public API by using a network traffic monitor while running their client, you may want to just shut up about it.
– Wesley Long
Sep 8 '16 at 15:24
2
Well, then this is a really good time to shut up about it. :)
– Wesley Long
Sep 8 '16 at 15:54