[EMIRELADERO]

Couldn't people do some reverse-engineering to figure out the first-party protocol and impersonate the official app in the API integration?

[AJayWalker]

AFAIK yes, but to quote the article (which quotes the maintainer of the MyQ integration, Lash-L [0]), “We are playing a game of cat and mouse with MyQ and right now it looks like the cat is winning”

[0] https://github.com/Lash-L

[saagarjha]

Yes, that's what they've done. The problem is that myQ keeps trying to fingerprint the device to check if the requests are coming from a real app before offering service.