Hi Simon CAROLO,
First, I can't find your application from the link you provided.
In general, users can install the clickonce application from the website you deployed.
And users can't get code from application files.
To prevent others from reverse engineering the code, you need to obfuscate your application by using Dotfuscator.
Note that assembly obfuscation is not integrated into the Visual Studio IDE or the ClickOnce deployment process. Therefore, you will have to perform the obfuscation outside of the deployment process, perhaps using a post-build step. After you build the project, you would perform the following steps manually, outside of Visual Studio.
More details you can refer to this docuemnt.
To block update checking, you can clear the The application should check for updates check box in the Application Updates Dialog Box.
You can also block update checking by removing the <Subscription> tag from the deployment manifest.
Please refer to this document.
Best Regards,
Daniel Zhang
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.