Home   >   Industry Voices

“Security is a challenging skillset, and scarce”: Steeve Huin of Denuvo talks mobile and metaverse hacking

We interview the COO of Video Games at Irdeto about the latest battle in the war on piracy, hacking and cheating
“Security is a challenging skillset, and scarce”: Steeve Huin of Denuvo talks mobile and metaverse hacking

Next week at Pocket Gamer Connects Helsinki, leading security firm Denuvo by Irdeto will share a 90-minute security workshop designed to give developers the knowledge required to protect their games and security resources.

During devcom and Gamescom 2022 last month, Denuvo by Irdeto issued a pair of releases about new game services. The industry’s first Nintendo Switch Emulator Protection was revealed, plugging a hole where pirates could play cracked PC games by emulating the Switch version on their desktop. This was swiftly followed by an announcement that the company was joining the AWS For Games initiative, becoming available at the click of a button to game makers working with the Amazon Web Services suite.

The 50-strong games team had already, in June, revealed Denuvo SecureDLC, a programme to protect downloadable game updates. These increasingly essential parts of a game's lifespan had previously been less secure than the base game and open to abuse.

Is this busy summer of releases a sign of growth for Denuvo by Irdeto after the pandemic years? “We have very strong relationships with our customers. I don’t think we’ve ever lost a customer,” he proudly tells us as we quiz him about game brand Denuvo’s strategy, and the rise of mobile and the metaverse. We're sitting down just around the corner from the Koelnmesse centre where the great and the good of the games industry gathered. What’s the big mission for Denuvo by Irdeto this year?
Steeve Huin: At the highest level, we’re a company helping game publishers and developers into the future by helping them to secure their businesses.

If you look at the starting point of the company, it was really just focused on securing digital sales on Steam and on PC. But we expanded, from protecting PC games being sold, to also doing that on mobile. We saw that there’s an evolution in the industry towards things like free-to-play and a multiplayer environment where cheating is a huge problem for the business of the game developers.

It’s fascinating because as we did that, there’s been a shift. Not so much from the game publishers because they’ve always loved working with us and trusted us.

“Some people are taking the Switch version and running an emulator on PC. Instead of taking the uncrackable PC version, they will attack the Switch”
Steeve Huin, Irdeto

But from the consumers. I’ll simplify it: imagine a company that does DRMs for games – and everybody hates DRMs! – shifting to a company that’s there to support the game community and prevent cheating. So it’s more supporting the gamers. We’ve gone from, “Let’s make sure you only get access to the games you paid for” to, “We’ll keep the cheaters off you.”

We also have console protections as well. And we launched the protection of DLCs. Which is more and more used as a way to extend the life of the games. And up to the point of us launching the solution, anyone can basically get the DLCs for free! You buy a game protected by Denuvo (and if it’s not protected by Denuvo, it’s already hacked). But even if it was protected by us, the DLCs could be copied around. So we basically made sure that now, going forward, the business of the publishers is protected.

But the new stuff we’re launching is Nintendo Emulation Protection. We’ve seen a significant issue in the industry, here. Denuvo is extremely good at protecting the PC parent. But what some people are doing is taking the Switch version and running an emulator on PC. So instead of taking the uncrackable PC version, they will attack the Switch and run it on a PC. So our next step in helping the game publishers is to make sure you don’t actually let another platform leak. You protect all platforms.

The second new thing that we’re officially launching at Gamescom is the partnership with AWS. We’re joining that venture to make things simpler for developers. We’re trying to make as many tools available as possible for developers to protect all the things they’re doing. Our AWS partnership will make things even easier to get to.

Developers go, “I need to secure my game.” Click, click, click. And it’s supported, so they go through the AWS contracts that they already have in place. It makes things simple from a legal and billing perspective - there is no new supplier, if you like. But perhaps that’s more relevant to a bigger company than it is to a small one. A bigger one can usually have rigid processes when it comes to suppliers.

What are the unique challenges of mobile?
Well, there are a few. We look at games that are not protected, say, on an Android store today. If it’s a popular-enough game, you will find on a website, somewhere, a version that’s stripped of every ad, where all the in-app purchases are pre-filled so that you don’t have to spend money.

“When you have a small team, they have better things to do than worry about security! It’s a skillset that is very challenging to have, and scarce”
Steeve Huin, Irdeto

What’s happening is that all the monetisation avenues are taken away from the developer. So people are publishing an app for free, and never getting any money back. That’s why we’re there to help them, to help protect mobile games companies from being exploited.

If you look at the market right now, Denuvo is really the only one that’s coming from a gaming background. We’ve tailored our technology for gaming, optimised for performance so that it doesn’t impact the battery life. It doesn’t eat up too much space in the binary and things like that – which is a big challenge. We’re working with some of the AAA studios, who are at the limit of the size they can post to Google or Apple. And so we need to help them fit us with that much space, and that much constraint in terms of performance, so that they can still run on whatever five-year-old mobile phone. So that’s why we’re different and why we’re appreciated by the community.

You mention AAA studios. But in terms of how your business works, is Denuvo the right solution for an indie developer working with a one- or two-person team, creating something at home?
It is. One, on the simplicity of operation level – it’s actually suited for anyone. It’s perfect for the indies because you don’t need to know security; you don’t need to understand it.

The way it works to use our technologies is that the game developer just needs to send us the file, for instance, the APK. We will apply the security and give them tools so that they can then do it on every new build going forward. They don’t need to know anything about it. It’s literally one step in their process that we need to add. That’s the beauty of it. That’s particularly important when you have a small team, say a team of three. They have better things to do than worry about security! It’s a skillset that is very, very challenging to have, and scarce.

From a cost perspective, we’ve certainly tried to educate against the myth that security is expensive. It protects your baseline, which means there’ll be fewer pirates, and some people will become real players who will spend money. It’s usually a simple conversation.

Somebody that becomes a customer tends to stay. They tend to be convinced by how strong the product is, but also they tend to love working with the team. We have most of the AAAs working with us, but also many smaller studios.

What about the footprint, the file size? When you’re working with a mobile developer, is the software that you apply likely to bloat the file size?
You’re talking a kilobyte, maybe a megabyte – on a game that’s going to be hundreds of megabytes, if not gigs. It is absolutely not much. That’s why I kind of started with this, when you asked: what’s the differentiation? That’s it. A general security product will not understand how games work and how you need to protect it for security. So with somebody else, you’ll have to overlay general security across the entire game, making it a lot bigger.

What does the industry need to do to educate developers about the need for security?
Well, the first step is: that you need security! Because if you don’t have it, then that means you’re going to hurt your business. You’re not going to be able to monetise your game as well.

And I think it’s fascinating; it’s a passionate discussion sometimes because people also believe that any publicity is good. This means that there are many, many people playing it – yes, but you’re not making money! “But it doesn’t matter because there are more people playing it...” It’s a perspective, I guess?! It’s something that needs to be carefully considered.

“If you don’t have security, that means you’re going to hurt your business. You’re not going to be able to monetise your game as well”
Steeve Huin, Irdeto

What’s nice about mobile - something I really like, compared to PC – is that when you think about PC platforms, you need to protect it from day one. That’s because the games, once they launch, typically don’t evolve that much. But with mobile, most of them tend to have an evolution every week, every two weeks. This means you can apply security at the point where that makes sense. You don’t have to do it on day one. We’d be happy to apply the security! But in practice, you could decide to apply it at the time when you start to feel, “Okay, this is enough… My game is known enough. Now I need to protect it, and make sure that everyone who comes in is really fuelling my business, as opposed to burning my business.”

When free-to-play games are stripped of all the monetisation aspects, they become a cost to the game developers. They’re a cost because it’s still tapping into the servers. So apply security. If you’re not convinced – wait until the right time. But I think there needs to be a strategy at some point to apply security.

Forget the idea that security is expensive, and you can’t afford it. That’s the biggest myth that’s out there for some reason, and that’s simply not something that’s proving true by our standards anyway.

The metaverse is the big topic at the moment. What are the security implications there – does it present some challenges to companies like yours?
Challenges, no. Opportunities, yes! It’s a huge opportunity because there are going to be significant security challenges to ensure that you have the right person connecting. I think identity is a big topic. I often think of passports, and the need for identities to be validated, and having a list of people that have a warrant on them, who basically shouldn’t be allowed in the country, and things like that.

Theft is an important topic too. It becomes interesting if you imagine a world where it’s interoperable, where you can start moving your assets, your Gucci glasses and whatever, between places. There will be a need for federation and management of all these things.

Denuvo by Irdeto will share a 90-minute security workshop at Pocket Gamer Connects Helsinki next week! At that two-conference you can also discover tracks like Global Trends, Mapping The Metaverse and The Developer Toolkit. Find out more about Denuvo by Irdeto at the links on the right.