Did google play's app-publishing process read my app's code to display warning "Your app contains Exposed Amazon Web Services " ? It even knew the very classes having the credentials. How are they doing it? Is it even legal?
Is it even legal?
Yep, you give full rights to read, analyze or even reproduce your code!
- Authorizations 5.1 In furtherance of Google’s appointment (as set forth here), You authorize Google on a non-exclusive, worldwide, and royalty-free basis to: reproduce, perform, display, analyze, and use Your Products in connection with (a) the operation and marketing of Google Play; (b) the marketing of devices and services that support the use of the Products; (c) the provision of hosting services to You and on Your behalf to allow for the storage of and user access to the Products and to enable third party hosting of such Products, (d) making improvements to Google Play, Play Console, and Android platform; and (e) checking for compliance with this Agreement and the Developer Program Policies.
Refer here: https://play.google.com/about/developer-distribution-agreement.html. You agree to this when you sign up for developer account!
How are they doing it?
Even for a single developer, reverse engineering android app is easy (Know LuckyPatcher?). Dude, its Google. Now imagine. Most of the process is automated.
Your code is not yours !!!