As a software developer, how often do you leave a backdoor in your code?

As a software developer, how often do you leave a backdoor in your code? by Anonymous

Answer by Anonymous:

I once left a backdoor on an Android app since I was working with a client that couldn’t be trusted whether they would pay me or not. Heard from another developer that they let him develop and ran away with the software and never paid him.

It was like this, whenever the app starts it proceeds as usual but on the background it sends a request to one of my servers, if the request reaches the server and the response is code 200, then its ok, am still waiting for the payment the app can proceed as usual, if 201 then I wasn’t paid, so crash the app, clean all preferences and change url that was saved in preferences makes the app completely unusable for good. If 203 then I have been paid in full, proceed never send any request to my server again.

And my guess was right,I made the app, haven’t send the code to the client yet (they didn’t need the code though, it was a full running app), they started using the app, told me some stuffs, I fixed them, everything is set, they love the app, it was even more than they expected, I even made them an admin dashboard with a bunch of analytics to monitor all their data for free as a way to make them like me to work with them in the future, in my price I even included free up to 3 months bugs fixing if any were to occur, they were so happy with the results.

Then they immediately disappeared, waited for their reply for two weeks, nothing, not even a reply to tell me to wait, its like they all died from a hurricane or something, they even changed the pass to their server so I couldn’t get in and kill it, that was proof enough that they clearly ran away with my software. So I sent the 201 status code from my server and the whole app froze, all clients they connected couldn’t use the app anymore, immediately the following day they tried to contact me, I tripled the price after seeing they wanted to scam me. They paid me in full the same day through western union, I sent a fully working app with no backdoor, and all the source code. And that was it, I’ll never work with these guys again.

I will put a backdoor if you are a bad client, if you are a good one or pay in advance I’m not putting any, or if we are in the same country because I know I could sue you. I hate backdoors anyway because they are too risky no matter how much I try to secure them, the fact that they exist is a problem.

As a software developer, how often do you leave a backdoor in your code?