March 29, 2020
Mobile games are a popular form of entertainment, reaching millions of players all over the world. These games account for a huge portion of global mobile app spending, totaling almost three fourths—72 percent, to be precise—of all spending in mobile app stores, according to App Annie’s 2020 State of Mobile report.
That said, like all mobile applications, unsecured mobile games are at risk. That is why Guardsquare recently announced compatibility with Unity games built for Android and iOS. Unity is the most popular platform for creating games—every month, according to an interview in TechCrunch, users around the world download around 2 billion copies of games built using the platform.
In this post, we explore three ways that mobile games are rife with opportunities for abuse and a tantalizing target for hackers.
1. Mobile Gaming is Big Business
Players are spending a lot of money on in-app purchases, and brands are paying for in-app advertisements. In fact, mobile gaming is estimated to hit a cross-store grand total of $100 billion in revenue this year, also according to App Annie’s 2020 State of Mobile report. Meanwhile, Business of Apps estimates that, on average, users in 2018 spent $79 on in-app purchases in 2018, with 44 of those dollars going toward purchases in games.
With so much money flowing into mobile games, they make an appealing target for hackers who want to capitalize. Hackers might:
- Bypass in-app purchases
- Unlock apps and share them with other users
- Siphon off advertising revenue by cloning apps and replacing ads
Most mobile games—some 80 percent, according to a 2017 App Annie report—rely on in-app purchases to make money. Regardless of strategy, hackers’ interference in a game’s revenue stream can have a big impact on the bottom line. In fact, one company found that hackers siphon off around 40 percent of “in-game revenue and microtransactions” every year, according to VentureBeat.
It’s clear that the large amount of money flowing into mobile games creates an environment ripe for hacking.
2. Gamers Play to Win
Gamers are motivated by the possibility of winning, and games are designed to keep players engaged, challenged, and motivated to keep trying to reach the next level, unlock the next benefit, and ultimately win.
However, some gamers take this competition a step too far, striving to “beat the system” with hacks, cheats, and other ways to unfairly get ahead in gameplay. Some ways gamers might cheat include aimbots, passing on fake GPS locations, modifying game parameters, and spoofing time stamps.
While this might seem relatively innocent, these hackers can hurt a game’s bottom line. Players prize fairness, and they expect to compete on an even field. Cheating can damage a game’s reputation, causing games to lose players; one company found that, if cheating is suspected, 77 percent of players would abandon the game. So the reputation and future success of a game can be drastically impacted by rampant cheating, and companies need to take this seriously and develop a security strategy.
Of course, some companies are taking protective measures. Take, for example, the incredibly popular game Fortnite. Its maker sued a teenage player for demonstrating and selling cheats via YouTube. They settled in 2019, but the case shows the risk—and seriousness—associated with cheating. And earlier this year, the makers of Call of Duty: Mobile—another wildly successful game—implemented measures to detect players who are cheating to increase their performance.
Beyond these kinds of measures, which in the case of legal battles can be quite costly, game companies should consider putting an end to cheating several levels up at the code level. With an effective multi-layered mobile app security plan, gaming studios can make cheating much harder to accomplish. Security techniques like obfuscation can protect the internal logic of apps, while runtime application self protection (RASP) can detect and address threats. Read on for more information about these kinds of protections.
With so many people willing to either create or buy cheats, mobile games are a popular target for hackers.
3. Gamer Expectations are High
Consumers today expect on-demand, instantaneous experiences. Games can go viral overnight, and users can access games from all over the world, 24/7, all year.
This on-demand economy means that gaming studios need to release new and updated games quickly and smoothly to compete with other game-makers. Ideally, they also need to release them across many platforms, and the games need to be incredibly fast and responsive. These conditions may contribute to the popularity of Unity, which is used to create more than half of all new mobile games today.
However, even though speed of release and of the game itself are of the essence, game-makers cannot afford to cut corners on security. It’s critical that studios incorporate protective measures into app code from the beginning, before the game or any updates are released. Hardened application code and real-time monitoring for abuse can empower studios to stop bad actors and protect the studio’s reputation.
As studios push out more and more games to satisfy player demand, hackers will find unprotected code, gaps in security measures, and lags in monitoring. Game developers will need to ensure well-secured code and real-time security alerting are in place to keep players satisfied that games are safe and fair.
Steps to Make Games Safe, Fair, and Profitable
Mobile gaming has unique security considerations due to the format. But like mobile apps across all industries, mobile games can benefit greatly from increased security protections. Two core ways to strengthen the security of a mobile game include:
- Code Hardening, which obfuscates code to prevent hackers from reverse-engineering games and gaining insight into their internal logic. For example, in Guardsquare’s solutions for games built in Unity for iOS—iXGuard—and Android—DexGuard—this includes protection for Unity metadata, helping to prevent the leakage of critical app data, which could be used to reverse-engineer and modify a game.
- Runtime Application Self Protection (RASP), which monitors the integrity of the application and of the environment in which it is running in real-time, and automatically responds to different threats without impacting game performance.
These security measures, layered together, ensure that the internal workings of an application are shielded, preventing hackers from copying games, bypassing in-app purchases, and avoiding license checks. With the proper protections in place, gaming companies can ensure a fair, equal playing field for honest players and maintain the financial stability of their game.
