Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: How Serious Is Hacking In Mobile Games?

Posted by Soulskill on from the going-for-the-high-score dept.

Origen writes: As a developer contemplating trying out the mobile game scene, a GDC session about hacking/tampering looked interesting — but I wasn't able to attend. The presentation isn't available online, but it was paired with a whitepaper [contact details required], which can be downloaded. I'm surprised by some of the information presented and the potential for damage/mischief. Not so much that these issues are unheard of — they've existed for years on other platforms. What I find surprising is the lack of support at the OS level on mobile devices to defend from many of these types of hacks. Have we learned nothing from the pains of the past? How significant are the points about hacking/piracy in the mobile space that are discussed by this whitepaper?

5 of 86 comments (clear)

  1. Re:If you don't control it it's compromised. by rioki · · Score: 5, Interesting

    I would simply take the same approach you should take with PC games. If it's single player, don't bother. You are wasting resources, resources you can use to make your game just a little more awesome. (more awesome == more sales) Wit multiplayer games, the key point is the server. The server should not trust clients and use heuristics to detect suspicious behavior. Then give administrators the means to moderate their users. (Or a vote system.) Bad behavior is a real issue with multiplayer games, but that is not limited to cheating.

    But since we are talking about mobile games; are users cheating you on the premium currency? Treat is like any other piracy, ignore it and try to win users by making the cooler more awesome game. Maybe communicate that you are an independent developer and need the money to make games.

  2. Re:OS Level protections = DRM by cfalcon · · Score: 3, Interesting

    As a note: a lot of games already try to detect jailbroken iphones and refuse to play. Because OBVIOUSLY, if you are jailbroken, it must be to cheat at their stupid games. That's like refusing to run if your machine has a local admin account, or the root user has a fucking shell attached. Ludicrous.

    Anyone who wants more of this shit hasn't had the first thought on the topic yet.

  3. The paper is marketing bull by nomaddamon · · Score: 3, Interesting

    Most of the advises given (if not all) are ineffective and in some cases make things worse.

    Code and data obfuscation only provides false sense of security (and a large paycheck for your "security" vendor) - If i have access to binaries, have root OS access and skills to de-compile the app, obfuscation/encryption (with local key) is only a small nuisance (compared to skill required for decompilation/repackaging/on-the-fly modification)

    Moving data to server-side provides a simpler attack-vector - i can MTM the (hopefully) secure connection and alter data sent to app - i don't even have to decompile the app to hack it

    On-the-fly binary validation does not work (again, if i have OS level access) - i can disable/fake it.

    The numbers in the paper are classic marketing bull - when are you more likely to buy an 99$ in-app purchase?
    - if you can do it for free (Apple MTM bug)
    - if you actually have to pay for it

    TLDR:
    You can't protect against hacking/repackaging if the hacker has access to binaries and root.
    You can't protect against data modification if the hacker can install hes own CA on the device.

  4. Re:If you don't control it it's compromised. by wonkey_monkey · · Score: 4, Interesting

    the key is to not trust the client. for highscores/top-times, run a simulation of the game run on the server from the inputs.

    How do you know you can trust the reported inputs? And you can't run a simulation if your game has (truly) random elements, nor can you allow for all device idiosyncracies.

    Now if you'll excuse me, I need to continue work on my Arduino-controlled Wiimote holder so I can finally get a perfect game on Bit.trip Beat.

    --
    systemd is Roko's Basilisk.
  5. Take a page from the China mobile game scene by Anonymous Coward · · Score: 0, Interesting

    Piracy in China is rampant, one of the worst in the world but the development scene for Chinese mobile game is booming

    Game developers, in fact, all app developers can learn how the Chinese app developers are doing ---

    1. They expect their app to be pirated

    Not only they expect it, they hope people would pirate their app the more the better

    2. Chinese app / mobile game developers do not make game to sell

    All their games / app are free. Free to download, free to copy, free to pirate, and they do not place limit on their games / app - whatever game downloaded is the *FULL* version, no crippleware

    Instead, the Chiense app / game developers earn money from in-game purchases, and they are raking boatloads of $$$ from it