As far as I know, Soti currently does not release any pcg de-compiling tool for download by the public or customers.

 

I believe there can be multiple security concerns for allowing anyone to easily de-compiling any pcg file.   A .pcg file can include custom pre-/post-install  script(s), proprietary apk file(s), application-specific support data files of any possible extensions, certificates, config files, etc.  All the above might need to work together to get a secured app/contention distribution mechanism to protect corporate data/IP.  If a hacker steals a device and gets hold of a pcg  file which can be easily de-compiled, integrity of the mechanism will be easily compromised.

 

This concern may also be applicable to employees belonging to the same organization.  Human resources or sales department staff may have sensitive information included in the pcg, and MDM administrator may just get the pcg file from such departments for upload to MobiControl server to facilitate app/data deployment, and they are not supposed to decompile the pcg file to look into the sensitive content. 

 

Similarly, MobiControl distributors/resellers may also include value-added proprietary script/data/apps to support existng/new corporate customers.   If it is so easy to look into pcg content owned by other party, it will be unfair competitions between these companies fighting for same/different customers.

 

Moreover, if the apk is a paid app bought from a third-party, allowing easy piracy of the apk file due to virtually no-effort hacking of such apk file from a stolen pcg may have legal consequence.

 

In actual practices,   I always tell my customers in my MobiControl training courses to make back-up copies of the whole working directory storing the content for each pcg made, mainly because it will be much easier to prepare appropriate upgraded pcg for "in-place" pcg upgrade without removing/corrupting user's data left from pre-upgraded version.  Hence,  there is no reason they need a pcg de-compile tool.   

 

Due to the above reasons,  I strongly believe Soti should not release any pcg decompiling tool, not until they implement some protection mechanism (possibly a minimum of a strong enough encryption with some password/permission control for the scripts, individual file or the whole pcg file) to protect users' data/IP against leakage/theft.