Clinkle: App Teardown (Part 1) (opens in new tab)

(svstealth.tumblr.com)

53 pointsankitshah13y ago17 comments

17 comments

15 comments · 6 top-level

volume12y ago· 5 in thread

1) I'm not familiar with intellectual property law and I'm curious: Can Clinkle's lawyers do anything to prevent such information from being published?

2) My inner conspiracy theorist says this is a clever posting from someone internal to Clinkle as a PR stunt.

burgreblast12y ago

3) Could someone nonplussed with the app, and wondering if hype was telling or misplaced. Seems reasonable to perform an iFixit style teardown, and see if there's any there there.

616c12y ago

They could; Shazaam did something very similar.

https://news.ycombinator.com/item?id=5723863

svstealth12y ago

1) it was on the Google Play Store ... 'nuff said 2) why would they make fun of the stitched wallet leather look and the key used to unlock the wallet?

huhtenberg12y ago

> 2) a PR stunt

Came here to say just this. This looks very much like an astro-turfing post.

21echoes12y ago

i don't think astroturfing posts are typically this negative..

1 more reply

icpmacdo13y ago· 4 in thread

With android apk's can so see the complete source code of the app?

mbell13y ago

Java class files (compiled Java) can be decompiled.

Unless they ran the code through an obfuscator or something in the android dev cycle does that automatically (I don't know), you can get the full source with full variable names, more or less. The stock javac compiler doesn't do much in terms of optimization, there are a couple things it does (replaces accesses to 'final static' members with constants for example), most is left to the JIT, bytecode -> source translation is pretty straight forward and you don't lose much.

conradev13y ago

No, but you can disassemble them to see the Dalvik bytecode[1], which is not too hard to understand.

[1] http://source.android.com/tech/dalvik/dalvik-bytecode.html

wellboy13y ago

You can actually reverse engineer an entire app to java code and see all the resources such as strings and images. Just takes around 10 minutes http://stackoverflow.com/questions/3593420/android-getting-s...

You can prevent this by obfuscating your code in eclipse with proguard, however most apps are not obfuscated.

1 more reply

maceip12y ago

as mentioned, you can use a dalvik decompiler. I recommend JEB: http://www.android-decompiler.com/

It's like IDA but for APKs.

fblp12y ago

Continued here: http://svstealth.tumblr.com/post/54200406550/clinkle-app-tea...

This part just mentions design, possible parter logos, fonts, facebook like boxes and that they didn't obfuscate code.

pbreit12y ago

Article seems unnecessarily mean.

A $25m "seed" is generally not a good idea but I think worthwhile giving the benefit of the doubt at this point and waiting to see what and how they roll out.

The Yodlee thing is likely for verifying bank/card accounts, not offering Mint-like services.

gojomo12y ago

Wow... blindly speculating yesterday about what Clinkle might be doing -- https://news.ycombinator.com/item?id=5956736 -- I'd thrown in "ultrasonic acoustics" as a random wild guess. Great to hear that's part of it.

Though it'd also be kind of cool to do the transaction in the hearable range... so your phone playing a merchant could make the same sort of 'honking' as old dial-up modems. Not just a novelty, that'd promote the service to everyone within earshot.

bobo1357912y ago

This is a worse investment than color in my opinion. The founders have no track record whatsoever to justify a $25M investment for a product that has been stealth mode for two years running. I've heard several complaints from insiders about the company and its founder.

j / k navigate · click thread line to collapse

17 comments

15 comments · 6 top-level

volume12y ago· 5 in thread

1) I'm not familiar with intellectual property law and I'm curious: Can Clinkle's lawyers do anything to prevent such information from being published?

2) My inner conspiracy theorist says this is a clever posting from someone internal to Clinkle as a PR stunt.

burgreblast12y ago

3) Could someone nonplussed with the app, and wondering if hype was telling or misplaced. Seems reasonable to perform an iFixit style teardown, and see if there's any there there.

616c12y ago

They could; Shazaam did something very similar.

https://news.ycombinator.com/item?id=5723863

svstealth12y ago

1) it was on the Google Play Store ... 'nuff said 2) why would they make fun of the stitched wallet leather look and the key used to unlock the wallet?

huhtenberg12y ago

> 2) a PR stunt

Came here to say just this. This looks very much like an astro-turfing post.

21echoes12y ago

i don't think astroturfing posts are typically this negative..

1 more reply

icpmacdo13y ago· 4 in thread

With android apk's can so see the complete source code of the app?

mbell13y ago

Java class files (compiled Java) can be decompiled.

conradev13y ago

No, but you can disassemble them to see the Dalvik bytecode[1], which is not too hard to understand.

[1] http://source.android.com/tech/dalvik/dalvik-bytecode.html

wellboy13y ago

You can prevent this by obfuscating your code in eclipse with proguard, however most apps are not obfuscated.

1 more reply

maceip12y ago

as mentioned, you can use a dalvik decompiler. I recommend JEB: http://www.android-decompiler.com/

It's like IDA but for APKs.

fblp12y ago

Continued here: http://svstealth.tumblr.com/post/54200406550/clinkle-app-tea...

This part just mentions design, possible parter logos, fonts, facebook like boxes and that they didn't obfuscate code.

pbreit12y ago

Article seems unnecessarily mean.

A $25m "seed" is generally not a good idea but I think worthwhile giving the benefit of the doubt at this point and waiting to see what and how they roll out.

The Yodlee thing is likely for verifying bank/card accounts, not offering Mint-like services.

gojomo12y ago

bobo1357912y ago

j / k navigate · click thread line to collapse