App-shielding tech provider Promon has revealed its discovery of a new threat to Android users, testing 357 of the biggest revenue generators in the mobile gaming space.
Each of the 357 games were tested in four different ways with various tools that are commonplace among bad actors in order to reverse engineer apps or change their behaviours.
Tests and findings
In total, a huge 81 percent of the apps tested had no defence to shield them from "basic" cyberattack methods and weren’t even able to detect whether devices were compromised. The 81 percent represents 289 of the 357 total games.
One test carried out by Promon was repackaging, where code is inserted into the source code of existing software to be repackaged; this tactic can be used to make an app perform secret background tasks like acquiring login information. Promon found that only 15.7 percent of tested apps had repackaging detection.
Another test was whether the apps were at risk by hooking frameworks - tools that intercept, modify and redirect in-app events. When used maliciously, this technology allows the stealing of sensitive information and manipulating an app while it runs.
Promon also looked at whether the apps could detect unlocked, jailbroken devices, as these can be more vulnerable to hackers and to malware as a side effect of circumvented security features. One single app of the 357 could identify this.
"These are basic tools and techniques leveraged by cybercriminals every day, and protecting against them should be a priority for developers when building these apps," said Promon head of security Benjamin Adolphi.
"While attracting millions of players, mobile gaming companies should consider bridging the gap between mobile app protection and ensuring that all gamers enjoy the game."
Promon also noted that hooking can be used not only in nefarious ways against the user, but by the user, giving themselves an unfair advantage in games by modifying code and gathering data. This could have a negative impact of profits for developers in turn, as cheating players have less incentive to spend real money.
In 2020, the company found more than 60 apps were pretending to be InnerSloth's Among Us.