Ask Slashdot: How Serious Is Hacking In Mobile Games?

Origen writes: As a developer contemplating trying out the mobile game scene, a GDC session about hacking/tampering looked interesting — but I wasn't able to attend. The presentation isn't available online, but it was paired with a whitepaper [contact details required], which can be downloaded. I'm surprised by some of the information presented and the potential for damage/mischief. Not so much that these issues are unheard of — they've existed for years on other platforms. What I find surprising is the lack of support at the OS level on mobile devices to defend from many of these types of hacks. Have we learned nothing from the pains of the past? How significant are the points about hacking/piracy in the mobile space that are discussed by this whitepaper?

If you don't control it it's compromised.

OS level protection wouldn't do much if someone's really dedicated, they'll just remove those protections if needed. Assume everything coming through an internet connection is compromised, don't trust your game client.

Nothing learned?

[Dutch+Gun]

On the contrary, mobile devices and hardware are awash in security features. Hardware based chain-of-trust, encrypted storage, signed applications, detailed permissions... these are all lessons learned from their big brother operating systems. Modern mobile OSes are actually far more difficult to maliciously subvert than PC systems, but of course, many of those features mean they're also closed systems, and aren't nearly as flexible. It's definitely a trade off. We see that pretty clearly with Android vs iOS, where iOS has a miniscule amount of malware simply by virtue of being a closed system.

In terms of game development, I think the focus is more on hacking the client than hacking the OS. As a former MMO dev, the rule was that you really can't trust *anything* the client gives you. Simple as that. It makes development a hell of a lot harder, but time and time again we see new MMOs or multiplayer games (presumably created by inexperienced developers) that break this cardinal rule and get hacked all to hell and back.

Re:OS Level protections = DRM

[renderhead]

I know this is a troll, but in case anyone is mislead I want to clear up a factual error:
Jailbroken iPhones absolutely can make purchases from the App Store. I have a history of jailbreaking my phones when they get old to enable certain mods and extensions that are not supported by Apple (for example, I had a notification center on my iPhone before Apple released theirs in iOS 7). It didn't change anything about the way I ran or installed my official App Store apps, and I never downloaded a pirated app.