On the other hand, remember that guy whose complaint about Google termininating his developer account "for no reason" made the HN front page a couple of weeks back? https://medium.com/@tokata/how-google-play-terminated-a-deve...

According to his blog post, his "anti-piracy system" used "custom techniques including dynamic bytecode loading from a local app resource", the exact same technique used by this malicious code to hide from detection.