The concept of cracking games and then pirating them online is largely a concern reserved for the premium PC games space.
But on mobile, even with the prevalence of free-to-play, the dangers of hacking and pirating are still real, and they can affect monetisation and even a company’s reputation.
Mobile security firm AppSealing has conducted research into exactly how widespread hacking - or the ‘mobile game black ecosystem’ as it calls it - to highlight the dangers for developers.
You can check out the presentation here, which dives deep into the major problem areas, which kind of games are affected most, where the issues stem from and what can be done about it.
To give more colour to the report, AppSealing CEO James Sungmin Ahn discusses the company’s services and the situation at hand.
Could you explain a bit about AppSealing and what services you offer?
James Sungmin Ahn: Applications have become the most vulnerable and attractive targets to hackers today.
Any loopholes at the development stage help hackers to exploit the application sensitive data and manipulate the code. AppSealing's innovative solution is uniquely positioned to address such security gaps and protect applications from known and unknown threats.
Our service seals applications with runtime application self-protection features in minutes without writing a single line of code. The service comes with a real-time monitoring dashboard which tracks the hacking attempts and delivers smart reports to make complex decisions.
What are the other industries that use your services?
AppSealing delivers Robust Application Security to industries globally who are willing to protect their applications. Our services are used by brands from Fintech, O2O, Movie apps, E-commerce, Publics apps and other customer-facing applications
What is AppSealing's pricing plan? Is it affordable for small studios?
AppSealing has an easy way of integrating without writing a single line of code. We also have an affordable pay-as-you-go pricing model for indies and small studios who can apply advanced application security at the lowest cost, where we only charge for monthly active devices (MAD's).
You also get to use our service for free with all features if your monthly active devices (MAD's) is less than or equal to 15,000. Check out our pricing page for more info.
What is the ‘mobile game black ecosystem’ and how does it affects developers, publishers and consumers?
As the games industry has its own ecosystem that includes game and app stores, game engines, ad networks, analytics platforms, etcetera, game hacking has formed its own unique ecosystem.
This includes modded APK sites providing hundreds of thousands of apps for a premium price or for free, cheating engines(apps), and paid cheating and modding services, so, we created the term of 'mobile game black ecosystem’ to describe it.
As the black ecosystem's usability and value gets stronger and more attractive, the damage to developers and publishers could get worse.James Sungmin Ahn
These hacks can cause game balance to get disrupted, lost monetisation, lowered app store ratings and downloads, and an exodus of free and paying users which can shorten a game’s lifecycle. Then there’s also the issue of facing competition of your own game with copycats and clones.
As the black ecosystem's usability and value gets stronger and more attractive, the damage to developers and publishers could get worse.
How widespread is mobile game hacking? Are there any areas within the sector where it’s most prevalent?
It's pretty widespread. Most games, especially popular games, are exposed to cheats. Modded games are available and these are updated just as the original games are. The APAC region is the most prevalent region using cheating apps and modded games
What are the largest security attacks being addressed to mobile games?
Cheating is the largest security threat since it is simply made by cheating apps, and players are able to access and operate them quite easily.
Why are most cheating app developers and publishers based in China?
Historically, China has Shanzhai culture' which has made Chinese people less uncomfortable with or even have a preference for copycat products or services. Due to this cultural background, cheating apps and relevant services have developed a lot and the end user's adoption has been very active as well.
Do you have any case studies you can share about the impact of hacking and how things improved once this was dealt with?
When we started, we had many titles that deployed AppSealing services as their users were concerned about cheaters.
We were able to monitor closely what happened just after our security tools were deployed. Most of the titles reached a hacking ratio of around seven to ~15 per cent from their monthly active devices, and within few months it dropped less than three per cent.
This means the cheaters realised that hacking and cheating was not prevalent in these games, so normal players were dominant.
What can developers do to stop their games getting hacked?
It's very hard for game studios to prevent cheating or hacking by themselves. So, we strongly recommend they consider robust, professional security technologies. Being easy to deploy a crucial point for games developers as game development is agile and fast.
If developers are not able to deploy third-party security service, the below points could help, but this will not fix the key issues they face.
- Compiling option to hide symbols
- Check APK signature/hash value of “classes.dex”, native libraries
- Apply obfuscation to the code
- Encode data with base64
- Separate variables into “for store” and “for display”
- Encrypt data on the device
- Set blacklist of cheating tools, and detect while game is running
- Use HTTPS for server and client communication
As well as dealing with existing threats, how can developers prepare for new hacks?
There is no complete security solution. AppSealing's white hat hackers constantly research new hacking techniques and develop defense strategies.
New logic derived from this activity are reflected in AppSealing on a regular basis to continually improve security.
In order to apply more robust security features from each update, developers only need to upload and download the app again.
AppSealing launched iOS services last month. How do you plan to protect iOS users and how easy it is to integrate security to iOS applications?
- AppSealing provides you with a unique and innovative security feature for your application that detects if they're being run on a jailbreak device and prevent them from attacks.
- AppSealing verifies whether an app is forged or not at the time of the app launching, eliminating the possibility that arbitrarily inserted code can operate.
- AppSealing’s service can help you block the app’s operation when the debugger is analysing the program.
AppSealing has made it easy for iOS developers to add comprehensive security features with its SDK-based service which doesn't require any coding.
Just download the SDK, import it to your project, build, and secure your iOS application with advanced features like jailbreak detection, integrity protection, anti-debugging and more.