Comment & Opinion

How app piracy can wreck your app business – and how you can fight back

Tapcore on how to beat piracy

How app piracy can wreck your app business – and how you can fight back

The avalanche of apps creates a tidal wave of opportunities for pirates and hackers around the world – and particularly in the BRIC countries of Brazil, Russia, India and China – to hack your app.

In the early days of App Piracy 1.0 the damage was pretty much limited to popular games and apps – and the outcome was lost revenues when users figured out ways to download paid apps for free.

Today, we’re entering a new phase of hacking and cracking that targets F2P apps – mostly games. App Piracy 2.0 is characterised by sophisticated schemes that go far beyond illegal downloads.

Their activities rob you of IAP revenues, strip out advertising and analytics SDKs, muddy your data and degrade the user experience for legitimate players. You are driving your app business blind - and that’s never a good strategy.

What’s more, our internal data shows that app piracy is going to get a lot worse before it ever – if ever – gets better.

This year (in line with recent App Annie data) we forecast revenues across the major apps stores will hover around $40 billion for the Apple App Store and $21 billion for Google Play.

In comparison, the third-party Android market will bring in… $20 billion! The split is here is key since app piracy targets the open Android operating system and flourishes across alternative Android apps stores where Google Play has no power to stop it.

Android apps and app stores are a playground for pirates, and recent research from software firm Arxan confirms that app piracy is growing at a startling rate.

In the 2014 edition of its annual State of Mobile App Security report, the company found that hacking had “steadily increased over the last three years”. More importantly, it wasn’t just paid apps under attack (Among paid apps 97% of top 100 paid Android apps and 87% of top 100 paid iOS apps had been hacked).

A whopping 80% of popular free Android apps have been hacked and 75% of the free iOS apps have been hacked.

A whopping 80% of popular free Android apps have been hacked and 75% of the free iOS apps have been hacked.

What is at stake?

Look at the Big Picture, not just at the hundreds of apps that Arxan examined in its report, and the numbers are alarming.

Let’s start with the latest numbers App Annie’s market forecast (2016-2021), which pegs total app downloads at 197 billion in 2017 (up from 149 billion the previous year).

Dig deeper, and you’ll see that downloads for Google Play and third-party Android stores are going to hit 114 billion and 70 billion respectively. App Annie reckons revenues from these app stores will reach $21 billion for Google Play and $20 billion for the vast number of third-party Android stores.

If you’re a developer you might think it’s time to break out the champagne. After all, the combination of Google Play and third-party stores – and the sheer mass of their audience and devices - has (as of this year) pulled ahead of Apple iOS. What amazing growth and potential!

However, our internal research shows a darker side to the data.

We calculate that – of the 70 billion installs across alternative apps stores and the $20 billion in revenues they are forecast to generate - 15% to 20% of the apps will be pirated. Do the math, and developers stand to lose an incredible $3 billion to $4 billion in revenues.

Watch your back for types of attack

Don’t worry that your app may be under attack - because chances are it has already been compromised by a hacker who has published it on an alternative app store somewhere on the planet.

Chances are you are too busy running your app business to run a check across the hundreds of Android app stores, or you simply don’t have the time to chase a moving target once you find the culprits. Either way, accept the hard truth that a hacked version of your apps exist out there - and out of your control.

This can mean one of three issues and outcomes - regardless of whether your game is freemium or premium.

  1. IP theft: Simply put, someone is distributing your app for free and leaving you out in the cold.
  2. SDK removal: Your game is not only compromised; critical data related to advertising, analytics and payments has been erased completely from your app leaving you without the means or data to monetise your game or feedback to optimise it.
  3. Malware infusion: In this scenario your app’s SDK has been replaced by malicious SDKs designed to ruin user experience and destroy your business model - or worse.

And that’s not all. App pirates can also manipulate your game in a host of other ways. Among these: hackers can cash in on your virtual currency, convince you of fake IAPs and make a variety of gameplay modifications that tilt the playing field in their favour - not yours.

While companies across the space have identified the threat and ways to protect your app from piracy - such as real-time piracy alerts, server-side verification of purchase, direct interaction with marketplaces and a variety of popular DRM solutions - don’t get your hopes up to far.

It’s clear that combatting app piracy is a moving target and an ongoing activity that will command a huge amount of your effort and resources.

For the most part, these are tools and techniques you can employ to discourage the amateurs. App piracy pros, on the other hand, are clever - and catching them costs a tremendous amount of time, energy, and resources.

Rather than monitor your app for breaches, shouldn't you spend your time improving your game?

Don’t just fight back – take control of what is yours

It’s clear that combatting app piracy is a moving target and an ongoing activity that will command a huge amount of your effort and resources.

This is where Tapcore has turned the rampant problem of piracy into an opportunity for app developers to generate extra revenue by showing ads to the pirated app users and earn from each pirated install.

At its core the Tapcore’s solution is a simple SDK. When an app is installed on a device, the Tapcore SDK checks a wide variety of parameters that tell it whether the app is legit, or a pirated install. If the installation is legitimate, the SDK will become permanently dormant.

However, if the app has been pirated, the SDK will “wake up” after 24 to 72 hours (the exact timeline is decided by the developer) and begin to show the app user high-quality, targeted ads.

But it’s not just about optimising ad revenues. The user experience is also important, which is why the Tapcore solution provides the pirated user the opportunity to opt-out of seeing ads at any time

What’s more, users are directed to download the original app on the Google Play store – if they want to come clean and play a proper (legal) version of the game.

App piracy isn’t just a problem for paid apps. It strikes free and freemium apps with the same brute force. Thankfully, the industry is aware of the problem, producing reports and resources that detail the scope of the piracy problem and the actions you can take to control some of the damage.

Unfortunately, these methods may be effective in the fight against some pirates, but there is no guarantee you can stop the pros. While you should protect your app against piracy, you should also investigate solutions that help you take back control of your app.

You’ll probably never beat piracy, but with Tapcore you can be sure you profit from it just the same.


PocketGamer.biz regularly posts content from a variety of guest writers across the games industry. These encompass a wide range of topics and people from different backgrounds and diversities, sharing their opinion on the hottest trending topics, undiscovered gems and what the future of the business holds.