Sponsored By

Featured Blog | This community-written post highlights the best of what the game industry has to offer. Read more like it on the Game Developer Blogs.

In Defense of Gaming: How Developers Can Protect Against the Top 5 Hacking Risks to Mobile Games

Many mobile gaming developers have not yet fully begun to understand the ramifications on long-term revenue loss that hacking is costing them today. Developers need to realize that their piece of the pie is at risk from day one.

Rennie Allen, Blogger

March 31, 2015

4 Min Read

The need for sophisticated and robust protection to secure the gaming industry is well warranted, considering the global revenues at stake. According to market research firm DFC Intelligence, global revenue from video game software will grow to $70 billion in 2017. The firm also forecasts that, by 2017, 66 percent of game software will be delivered digitally.

Game developers planning to remain in or get into this market need to understand that their piece of this pie is at risk from day one. Many mobile gaming developers have not yet fully begun to understand the ramifications on long-term revenue loss that hacking is costing them today.

For example, Monument Valley is a premium mobile game available for iOS, Android and Amazon Kindle devices for $3.99. Monument Valley has received universal praise for its visual style and game design. It has won a number of awards from Apple iPad Game of the Year (2014) to Unity Awards – Best 3D Visuals (2014). It truly is an excellent example of how great games can be on mobile platforms. However, data released by the game’s developer, ustwo, revealed that, while the game has been installed on over 10 million devices, the game publisher realized revenue for ONLY 2.4 million copies! 

The loss of approximately $6.3 million dollars in revenue is a clear example of the direct adverse impact of mobile hacking.  How can this be?

Let’s take a look at a typical “gaming app break-in” and the top 5 risks that come with it:

But, isn’t my gaming app encrypted?

  • Yes, apps from both the Apple Store and Google Play are, in fact, encrypted.

  • Unfortunately, it takes just a few minutes to (1) decrypt an app using freely available tools.

  • This is the first step in the break-in!

So, what’s the big deal if someone gets access to a decrypted app?

  • Decryption provides the hacker with access to the app – in binary code format.

  • Apps with unprotected binary code are at risk because it’s quite easy for a hacker to (2) reverse engineer binary code back to source code. If you could imagine that your flawless app was a highly secure castle … by leaving the binary code unprotected, it’s like providing free access to the information inside, including the blueprint for the castle and all the security controls, to anyone who was looking for it. 

  • It is also quite easy for a hacker to (3) reuse or “copy-cat” an application, and submit it to an app store under his/her own branding (as a nearly identical copy of the legitimate application).

  • Many apps also use cryptographic keys to encrypt or decrypt sensitive data residing in a local store or in memory. Attackers may be interested in (4) replacing cryptographic keys used by the application in order to decrypt and copy sensitive data from a local repository or memory stream.

Isn’t it really hard for hackers to hijack my well-written games and take over control to perform nefarious activities?

  • Unfortunately, no—it’s not that hard.

  • As an example, there are (5) “method swizzling” attacks. In a “swizzling” attack, hackers can attack critical class methods of an application to intercept API calls and execute unauthorized code, leaving no trace with the code reverting back to its original form. Essentially, it involves modifying the mapping so that calling API A will actually invoke API B – and API B can store credit card information on another server, capture customer information, and be configured to perform any number of nefarious activities! 

Mobile App Security Tips for Developers:

  • Spend time considering what portions of the code and data should be on the client or the server without negatively impacting the game experience.

  • Consider applying obfuscation techniques to protect the code and data on the client. Doing so correctly can give developers confidence that their game assets will not be stolen.

  • Add code that will look for changes in the game and that cause it to either self-repair or cause the game to shut down.

While this provides a summary of application risks that are typically targeted for malicious gain and how these risks can be addressed, there are many more points for developers to consider as a significant amount of revenue is being left on the table as a result of this new threat to mobile games.  For more on this topic, check out our new paper Todays Threats and Strategies for Securing Mobile Games

Read more about:

Featured Blogs

About the Author(s)

Rennie Allen

Rennie Allen

Blogger

See more from Rennie Allen
Daily news, dev blogs, and stories from Game Developer straight to your inbox
Stay Updated

You May Also Like

Latest News

Key art for 2024's Another Crab's Treasure.
Business
Another Crab's Treasure sells 30,000 units within its first dayAnother Crab's Treasure sells 30,000 units within its first day
byJustin Carter
Apr 26, 2024
1 Min Read
Jesse Faden in Remedy Entertainment's Control.
Business
Remedy adds Control director Mikael Kasurinen to central management groupRemedy adds Control director Mikael Kasurinen to central management group
byJustin Carter
Apr 26, 2024
1 Min Read
Get daily news, dev blogs, and stories from Game Developer straight to your inbox
Subscribe to Game Developer Newsletters to stay caught up with the latest news, design insights, marketing tips, and more
Stay Updated

Trending

thumbnail
Business
Valuing Remote Employees in Hybrid (and Remote) SettingsValuing Remote Employees in Hybrid (and Remote) Settings
byDeborah Chantson
Apr 26, 2024
8 Min Read
thumbnail
Business
Why Doesn't Everyone See the Importance of Preserving Our Past?Why Doesn't Everyone See the Importance of Preserving Our Past?
byWarren Spector
Apr 26, 2024
4 Min Read
The Thunderful logo on a black background
Business
Struggling publisher Thunderful divesting Nordic Game SupplyStruggling publisher Thunderful divesting Nordic Game Supply
byChris Kerr
Apr 26, 2024
2 Min Read

Featured Blogs

Business
Valuing Remote Employees in Hybrid (and Remote) Settings
Valuing Remote Employees in Hybrid (and Remote) Settings

Apr 26, 2024

Business
Why Doesn't Everyone See the Importance of Preserving Our Past?
Why Doesn't Everyone See the Importance of Preserving Our Past?

Apr 26, 2024

Design
Murder on Space Station 52 - Paper to Pixel: Making a Scene
Murder on Space Station 52 - Paper to Pixel: Making a Scene

Apr 24, 2024