1. Situation

As you know, the gaming industry is huge, even bigger than Hollywood! The gaming industry produced around $93 billion in revenue in 2014, which is expected to grow by 9% to around $111 billion in 2015. When we call ourselves gamers, credit goes to the all those mobile game developers. One of the segments to watch out for is mobile gaming. The world has seen a rapid growth in the number of mobile device users because of which the mobile gaming segment has already crossed the handheld devices segment and will soon cross the PC gaming segment too. While all this sounds great, the mobile game developers who want to remain in this market have to understand that their share of this pie is also at risk.

Mobile apps, and games in particular, are seeing an increasing number of hacking attacks. Most mobile game developers haven’t started to understand the impact this can have in the long term – on revenue, on brand reputation, and more. The cost involved in securing the application is less than a fraction of the potential revenue loss because of a hack.

2. Revenue Loss Dude To Mobile Hacking

In the rush to get apps in the market, most of these developers keep security at the backseat. Often, time to market is everything for them and that can prove to be costly. Some real world examples show how mobile game developers have lost 50% or more of their potential revenue because of hacking.

2.1 Real Life Example Of Monument Valley App

Monument Valley is a paid mobile game available on iOS, Android and also Amazon Kindle for $3.99. It is an excellent game with brilliant visuals which has won them many awards like Apple iPad Game of the Year in 2014 and Unity Awards for Best 3D Visuals in 2014.

In a statement made by the mobile game developers, Monument Valley was installed on 10 million devices but they actually sold only 2.4 million copies. Moreover, only 5% of the install on Android and 40% of installs on iOS were paid for!

In an infographic published by the developers, the company reported 2.4 million sales accounting for $5.8 million in revenue. If we assume that everyone who purchased this installed it on at least two devices, it still leaves around 5.2 million installs that are not accounted for! That’s $6.3 million in lost revenue!!

3. Common Threats In Gaming Apps & Solutions

Securing a mobile game application can be a complex task. The threats vary depending on different factors – type of games, platforms, the game architecture and more.

3.1 Game Assets, Art, Code Or Data Can Be Reverse Engineered, Changed, Repackaged And Launched In The Market. Bigger Problem – Some Might Also Have Malware

Let’s take the example of a really popular game – Flappy Bird. In 2014, within a month of launch, Flappy Bird became the Top Free Game in iOS App Store. Interestingly, the developers claim they were making around $50,000 a day from in-app advertisements and sales. Just a month later, there were 60 different Flappy Bird clones being added, every single day! 79% of these clones were also reported to have malware.

3.2 Flaw In The In-App Purchasing System Allowing Hackers To get Access To Item For Free

In July 2012, there was a flaw in the Apple in-app purchase system which allowed hackers to purchase in-game currency and other items for free. This resulted in 8.4 million false purchases, made through just one hacker’s website! Over 115 games were known to be affected including many of the top games at the time such as Fruit Ninja, Temple Run and Plants vs. Zombies. Each of these false purchases would have normally cost between $0.99 and $99.99. The total lost revenue was estimated to be between $8.3 million and $840 million!

3.3 Unauthorized Installations And Piracy

There are dozens of third party app stores around the world especially for Android apps. In many cases, app developers work with these third party app stores to host their apps and receive revenue. Some of these app stores end up hosting pirated versions of apps that people download. Not only does this deny any revenue to the actual app developers, most of these apps also contain malware, thus bringing bad name as well.

Multiple mobile game developers have reported 90% or higher piracy rates for their games. The large bulk of piracy is seen coming from China and Russia.

4. Some Security Tips

 

4.1 Think Security, Everyday!

Well, the first and foremost security tip is to think about security every single day. Michael Dell, in a statement in 2014 said that, “Security has to be something you do every single day.” It is important to think from day one how hackers can take advantage of your game’s design and architecture. It is easier, both in terms of time and money, if taken care of early on.

4.2 Use Intrusion Detection And Obfuscation Techniques

Look at protecting key gameplay values as well as your checks for out of bounds values with obfuscation techniques and detection techniques making them harder for hackers to get at and control
Developers need to consider what gameplay features hackers will want to attack. In this consideration, take into account which gameplay features can be kept on the server and which will need to be in whole or in part on the client.

4.3 Prevent Piracy By Adding A Line Of Defense

While this is the most difficult part, it can be controlled to a large extent by employing some methods. Add server lever authentication before players can login and play. Add a method which requires the client to download something from the server that is required to play. Finally add protection on network layer, in memory layer and on disk layer of a game that deals with the portion of code responsible for authentication.

5. Most Importantly, Let Appknox Help

Well, we specialize in mobile security and consider it our job to ensure security for you and your business. Let Appknox help and you can concentrate better on making your app more usable, fun and popular!

As a game developer, here is what Appknox can do to help you:

  1. Check third party in-app purchase services like PayPal, Freecharge, etc. and see if they are perfectly implemented
  2. Find vulnerabilities through which users can skip levels, make free purchases, disrupt normal gameplay, etc.
  3. Get advise on taking correct security steps that can prevent you from damage
  4. Verify whether the security mechanisms you have implemented are working correctly or not