Analysis of multiple vulnerabilities in AirDroid (~50M Android users vulnerable)

From TFA : "Such requests are encrypted with DES ( ECB mode ) however the encryption key is hardcoded inside the application itself (thus known to an attacker)."

The word "however" seems to imply that the first part of the phrase is not a problem, but the second part is. But DES? Seriously? I thought DES has been considered unsecure since the 90s. And ECB mode? I thought we all knew you can see penguins through ECB...