[acdha]

Finding predictable things like hard-coded strings is a significantly easier task than proving that none of the code is doing something sneaky. It's much easier to look for something like an access key than confirm that the numeric constants being passed to a crypto function are the correct ones or that it's not leaking something which would make it much easier to crack.

[kuschku]

We’re not talking about hardcoded strings, lol.

This is encryption and obfuscation on multiple levels, classes passing each others state through hashing and encryption schemes on multiple levels, added bytecode hackery, etc.

[acdha]

Exactly my point – it's unreasonable to expect that higher level of reverse engineering will be done reliably for every release of even a small percentage of the apps being published.