[creshal]

Reverse engineering APIs tends to be surprisingly trivial, even for binary or otherwise non-standard protocols. The content served by them is the only real challenge.

[iforgotpassword]

If asymmetric encryption gets thrown into the mix it becomes much more annoying to get to the point where you can even begin to see the traffic.

[solarkraft]

There are many things you can do to make reverse engineering more annoying, but the content ultimately reaches the user and somehow you can always mess with that.