Recently, a Reddit post revealed that Microsoft is not encrypting the WinRT based universal apps in Windows Phone Store. This allows anyone to download Appx packages from the internet and use it to develop their own apps. Also, they can publish it as apps in Windows Phone Store leading to piracy.
During Windows Phone 7 days, the same issue happened with Silverlight based XAP apps. Microsoft fixed it by encrypting the XAP packages in Windows Phone Store. I wonder why Microsoft has dropped this policy of encrypting Appx packages similar to XAP packages. As a temporary solution, developers can use .NET Obfuscator to obfuscate their code.
Read more about it here.