5 Mobile Gaming Security Threats Game Developers Need to Know About

With the mobile games market worth $90.7 billion, and Microsoft’s acquisition of Activision Blizzard highlighting continued growth potential for mobile gaming, it’s little surprise that mobile games have become an enticing target for many hackers. While some gamers just want to save a few bucks, other threat actors want to gain an unfair competitive advantage or financial edge. Both types of hackers, however, can have a serious impact on a game developer’s reputation and revenue.

So how can mobile game developers better protect both the integrity of the game and the secret sauce of the content they create?

The answer: app hardening.

In this blog, we highlight five security issues mobile game developers need to know about and how app hardening can help prevent them.

1. Cheating

Every game seems to attract cheaters in some form, but when it comes to cheating within your mobile game, your reputation as the game developer is at stake. After all, part of the integrity of a mobile game is that everyone has a level playing field. When fair play is challenged, even gamers who are loyal to your brand will seek out other gaming experiences. This can lead to substantial revenue loss and, as mentioned, reputational damage for the game creators.

2. In-app Purchase Bypass and Piracy

There’s no question piracy is an enormous problem in mobile gaming. Piracy denies revenue from actual publishers and undermines the entire gaming industry. If malicious actors can successfully reverse engineer your app, they can easily steal your intellectual property (IP).

While some hackers are hardcore gamers who just want to bypass license checks, others may decide to redistribute modifications to give unpaid access to others. In fact, many untrusted third-party app stores host pirated games that are ad-free, bypass licensing, or eliminate in-app purchase checks.

Worth noting is that a threat actor may repackage a mobile game to not just attempt to make it more attractive than the original with bypassing license checks or ads patching; the threat actor may also add malicious code to the existing app for the express purpose of data capture. It doesn’t matter what is better in the repackaged game because their purpose is to steal user data they can exploit or sell on the dark web.

3. Ads Patching

A slightly different take on piracy, ads patching can have a near immediate impact on a mobile game’s ability to generate additional revenue. A simple Google search shows just how much of an annoyance in-app ads can be for mobile gamers. From how-to videos for blocking or disabling ads to third party sites offering ad-free versions of games, ad content in games is enough of a nuisance to some gamers that they will seek ways to get around the interruptions.

Though not always malicious in intent, ads patching can have a big impact on a mobile game developer. For example, ads patching can appear as:

• Removing all ads - In this scenario, a threat actor can reverse engineer your app and repackage the game without any ads. These repackaged apps are often made available on alternative app stores, attracting gamers who do not want to deal with ads.
• Reducing ads and redirecting profits - Similar to the process of removing all ads, someone can reverse engineer your app, repackage it, and make it available on third party app stores. Unlike with complete ad removal, these repackaged apps reduce the number of ads and then redirect profits from those ads. Basically, the threat actor makes income off your IP.

4. Bots

Mobile games are designed to provide a level of enjoyment and entertainment, yet many gamers today are focused more on their own personal gain and leaderboard rankings. This has led to an increase in the use of bots. In one scenario, gamers can use bots to play in assistant mode. Essentially an assist during gameplay, bots can enhance gamers’ performance and likelihood to win the game.

In another scenario, bots have become increasingly popular because many games are intentionally designed to make gamers commit time and energy to the game. With bots, gamers can set them to play the less exciting parts of games and collect in-game resources so gamers can level up faster. This approach also creates opportunities to gain access to more content faster, leading to the creation of a lucrative black market for nurture game accounts where gamers can buy characters already set at the levels they are looking to reach.

This clearly undermines the game economy and can call into question the validity and security of the game itself.

5. Player Privacy

Player privacy is a growing area of concern, especially as younger generations make up an increasing number of mobile gamers. Younger players often don’t understand how to protect themselves and their data; it is, after all, easier to persuade unsuspecting players looking for cheat codes or ways to level up faster to download a copy of a game that could be infected with malicious code. If your mobile app has been repackaged or modified, you may unintentionally impact player privacy, which can damage your brand reputation and the health of the gaming community.

How App Hardening Can Help

Application hardening can protect your mobile game from redistribution and minimize the risk of piracy and theft. Obfuscated code can make it challenging for hackers to understand the internal logic of your game, mitigating the risk of app modification.

Additionally, runtime application self-protection (RASP), when layered with code hardening techniques, ensures gamers cannot cheat by faking GPS coordinates, spoofing timestamps, or modifying unprotected game parameters. This additional protection creates a level playing field for your mobile games, and prevents the potential loss of both users and revenue.

Guardsquare’s DexGuard and iXGuard solutions protect Android and iOS applications against reverse engineering and tampering attempts using a combination of code hardening and RASP techniques. With its built-in support for apps that use the cross-platform Unity game engine, Guardsquare’s solutions are a great security option for game developers and studios.