Only if you let them find out ;).

Apps are Turing-complete, right? In theory, that means it's possible to make an arbitarily complex and obfuscated route to a private API, making it impossible to detect via simple static analysis.

You're going to have to elaborate if you know any more, it seems incredibly easy to check programmatically.

How would you prevent them from finding out?

https://speakerdeck.com/steipete/taking-advantage-of-the-run... - see 2nd line

Peter Steinberger (https://twitter.com/steipete) shipped this in his PSPDFKit, which is used for Box/Dropbox/Evernote.

Here is the full video of that presentation:

http://www.youtube.com/watch?v=frgnVhBcIFA

You can't download executable code to an iPhone app outside the App Store, only data.

Curious, how do they know it's executable?