Menu Close Back

With Unity Support, Guardsquare Helps Improve Mobile Game Security

With Unity Support, Guardsquare Helps Improve Mobile Game Security

Mobile gaming is big business. A full 21% of Android and 25% of iOS apps downloaded by users are some type of game, and games account for 43% of all smartphone usage. It’s global, too: In 2019, there were more than 2.2 billion mobile gamers worldwide. 

According to App Annie’s 2020 State of Mobile report, mobile gaming is estimated to hit a cross-platform grand total of $100 billion in revenue this year. Games like Candy Crush, Pokemon Go, and Fortnite can easily generate millions of dollars in revenue for their makers annually. Overall, mobile games account for about 77% of all app revenue across the two major app marketplaces. Mobile gaming apps are predicted to become even more ubiquitous and profitable in the coming years. 

Game developers can see the dollar signs, but so can fraudsters. Video game publishers lose as much as 40 percent of their in-game revenue to hackers and thieves each year. Clearly, gaming apps are a major target for fraud schemes, and it’s time to better reinforce their defenses.

The Rise of the Unity Platform

So how can game developers fight back more effectively? At Guardsquare, we’ve been paying close attention to the steady rise of the Unity platform. Today, more than half of new mobile games and more than 60 percent of VR/AR games are built using Unity. As we thought about how to combat the issue of mobile gaming hacks, it only made sense to turn our sights on special security tools for this development environment.

Today, we are ready to level up.

Below, we’ll share more about exactly what we’ve been working on by illustrating some of the common ways hackers target mobile games as well as how Guardsquare can help game makers defend against these attacks.

Why Mobile Game Security Matters

Mobile games are a popular target for several types of fraud, and the stakes are high. Mobile app developers face major losses in revenue and reputation when hackers or bad-faith players attempt to bypass rules, hackers target mobile games for piracy or cheating. 

They can come from many directions, too. Sometimes these hackers are professionals with malicious intentions, and sometimes they’re solo players who see mobile game security as a challenge and want to “beat the system”—and then pass their cheats on to friends as a form of bragging rights. 

Some common types of attacks against mobile games include:

Bypassing License Checks & In-App Purchase Checks

Some hackers are gamers themselves and want to play the game without paying for it, so they decide to bypass licenses and/or in-app purchase checks. We’ve seen this across other app types, but gaming is particularly vulnerable to it. The average per-user annual in-app spend in the U.S. is $79 by recent calculations, with $44 of that spent on gaming; so you can see how bypassing in-app purchases would quickly add up for game studios.

Additionally, these hackers may not only bypass the license checks themselves but also distribute “tweaks” or modified apps to give unpaid access to others as well. Once it is relatively easy to get a game for free, why would users choose to pay? This is a strong example of why game builders must implement complete, layered mobile game security techniques to protect studio revenue.

Cloning Games Ad-Free

For games, in-app advertising represents about 80% of all monetization strategies, and 52% of ad buyers say ad fraud is their biggest concern related to in-app advertising. How does this type of attack work? Fraudsters make and distribute clones of games that run the same as the official versions but don’t have any ads in them. Alternatively, they may make and distribute tweaks for removing ads from free apps and to give users the "premium" experience without paying. Any game studio that relies on advertising for revenue (which is most of them, especially when it comes to mobile games) will understand how hard this can hit the bottom line.   

Cheating to Get Ahead

For hackers with the goal of playing games with an unfair advantage, they may also find ways to manipulate the code to get in-app features that they would otherwise need to pay for or earn through gameplay. So what? Well, this, too, can cut off valuable revenue streams for game developers. Beyond this initial financial hit, reputation is at stake. A whopping 77% of players say they’ll simply stop playing a game if they think competitors are cheating.

Some examples of common cheating tactics include:

  • Using aimbots for higher-accuracy shooting
  • Passing on fake GPS locations (to e.g. catch a Pikachu they might not otherwise have access to in Pokemon Go)
  • Modifying game parameters to allow themselves to jump higher or run faster
  • Time stamp spoofing to cut game time down or get rewards that are time-dependent

Fairness is paramount in games, and players expect to compete on a level playing field. Gamers who learn of others cheating on a regular basis may give up on the game, thus costing the developers even more revenue. 

Unity infographic image link

 

How Guardsquare Helps Game Companies Fight Back

Game makers can fight back against hackers by implementing complete and layered mobile game security protections. This is why Guardsquare today unveiled its built-in support for Unity apps via both our DexGuard (Android) and iXGuard (iOS) apps.

Guardsquare features that are now available for Unity include:

  • Code Hardening, which obfuscates code to prevent hackers from accessing, reading, and reverse-engineering apps.
  • Runtime Application Self-Protection (RASP), which secures the connection between iOS and Android apps and their servers, monitors apps in real-time, and mounts automatic responses to different forms of attack
  • Unity Metadata Protection to prevent the leakage of critical app data.

Both iXGuard and DexGuard are easily integrated into the typical mobile gaming app development process without adding technical complexity or impacting performance. With Guardsquare’s advanced protections in place, mobile game developers can protect their reputations, eliminate the risk of lost revenue, and ensure games deliver a fair and fun playing experience.