How to Make Your Anti-Cheat Strategies More Actionable with ThreatCast

• Monitoring player data, looking for abnormal in-game statistics and behavior, is a common way for publishers to detect cheaters and ban them.
• However, this data does not provide a full picture and can often result in false bans that can impact the game and publisher’s brand image or reputation, and ultimately their bottom line.
• Real-time threat monitoring can help publishers refine their anti-cheat strategies by incorporating client-side threat data into their decision criteria.

Nokia first popularized mobile games by preloading the Snake game on their mobile phones in the late 90s. The power of smartphones continually improved and now there are millions of games one can enjoy across dozens of genres. In fact, 300,000 games were launched in 2021 alone. Fast forward to 2022, mobile games generated US$92.2 billion in revenue, accounting for more than 50% of the global gaming market and the majority of consumer spending on mobile devices (61% on the iOS App Store and 77% on the Google Play Store.)

With such a high market growth, mobile games have attracted more than just gamers but also reverse engineers, modders, and cheaters alike. These dishonest players could kill a game by ruining other players’ experience and driving them to another game with fewer cheaters. Publishers have long been trying to eliminate the impact on their bottom line by implementing anti-cheat measures to detect and ban cheaters. Some even opted for the legal route by suing the cheat makers, claiming millions of dollars for lost revenue. Despite all these efforts, the video game cheat-making industry remains lucrative and has not shown any sign of slowing down.

This blog will explore how a real-time threat monitoring solution can make your anti-cheat strategies more actionable and accurate by enriching it with client-side insights.

To ban or not to ban

There are many reasons why one might cheat in a multiplayer game. From having a winner syndrome, feeling pressured to keep their status in a social circle, all the way to simply wanting to cause harm or havoc overall, one thing for sure is that all cheaters want to have the upper hand over the regular players. Using common hacks, they can have superhuman speed, x-ray vision, walk through walls, never miss a shot, and much more.

One of the most common ways publishers can detect and solve the problem is by monitoring and analyzing players for suspicious in-game behaviors and statistics before banning them. This method is by no means foolproof and there have been many instances where:

• Experienced players (or prodigies) with better-than-most gaming skills were mistakenly banned for “cheating.”
• Honest players were getting banned for simply playing the game using a controller.

These false positives are problematic as they will ruin the experience of players who often have dedicated hundreds, if not thousands of hours to the game, and spent a considerable amount of money on in-game items and currencies. Even though these bans can be lifted by making an appeal to the customer's service department, it is an unwelcome nuisance that negatively impacts the game and the publishers’ brand reputation. This could ultimately lead to players leaving the game altogether.

Although publishers need to take precautions when determining who the real cheaters are, they also need to promptly ban and prevent them from ruining the gaming experience further. So, how can you effectively do both?

Client-side insights can help

Our real-time threat monitoring solution, ThreatCast, can help you make more reliable banning decisions by improving your anti-cheat strategies with client-side threats data. It enables you to uncover how cheaters attempt to compromise Android and iOS game apps that are protected by DexGuard and iXGuard. ThreatCast can detect different types of threats such as cheating tools, debugging and hooking tools, repackaging attempts, escalation of privilege, emulators, virtual environments, and many more.

These threats can be categorized into three distinct types:

1. Environment threats: These general security threats don’t necessarily directly target your mobile game, but they often serve as the basis of targeted attacks. For example, when your app is being run in a potentially harmful environment such as rooted or jailbroken devices.
2. Application threats: These threats relate to the integrity of your mobile game, and indicate whether there has been any attempt to tamper with your application and modify the code behavior. For example, when an attacker attached a debugging tool to the app.
3. Code threats: These occur when someone attempts to statically or dynamically alter the internal logic of your mobile game and modify their intended behavior. For example, when an attacker modifies the game’s collider interaction, allowing his character to walk through walls.

No more false bans

By incorporating ThreatCast into your anti-cheat strategies, you can increase your confidence in identifying and banning cheaters in your games. The real-time threats data can also help you decide whether the app should terminate the application, limit its functionality, or display a real-time notification to the cheater when detected in your subsequent releases. Additionally, these insights are valuable in helping you determine if you need to adjust your release frequency and strengthen your code protection. You can learn more about ThreatCast here or by connecting with one of our experts.