As someone who is somewhat familiar with network programming..
Holy shit Gamefreak your programmers are shit at cheat prevention. Sending data packets upon selecting Pokemon/moves? Never mind it not being encrypted, they should just send a packet saying the opponent has confirmed, nothing more, and then when you confirm, both exchange Pokmemon/move data. No encryption even necessary here. So the worst case here is that, no matter what, a player can know WHEN a player selects an option so you know if they didn't switch, but this is pretty much unavoidable.
The harder part is how they fucked up sending the actual Pokemon stats, (IVs, etc.) so you see their correct stats. There's three solutions:
1. Encrypt it and call it a day. But this will eventually fail when that encryption is broken, which it will be probably shortly after the 3DS is well and hacked.
2. Don't even send this data. Just send percentage of health done when attacking, and the move chosen (which would require a runtime cheat check) when it is chosen, who is faster, etc. This however is a complete overhaul and would by far take the longest to create, plus other more complicated problems.
3. A mixture of the above. Don't send HP IVs/EVs until it takes damage. Don't send attack IVs/EVs until it deals damage, etc. This along with being encrypted is probably the best solution.
2 and 3 actually require way too much client code around their battle system, so Gamefreak will probably settle with encrypting data and calling it a day. They'll probably also do it for trades which will ruin instacheck.
And don't even get me started on how the trainer models aren't properly cleaned up and cause FPS drops in battle.
