Blog

Why mobile games and app protection is paramount in today’s times - Irdeto Insights

Written by Reinhard Blaukovitsch | Apr 9, 2020 4:00:00 AM

While most of the world is trying to deal with the COVID-19 pandemic, cyber criminals are not on lockdown. Cyber criminals are trying to take advantage of the emergency by stealing sensitive data, taking control of a user’s device and then repurposing it to direct further attacks. In times of prolonged uncertainty, citizens expect protection. Protection from the virus. Protection from bankruptcy. Protection from isolation. And protection from various forms of criminal activities in the world of video games. In particular, protection in the various mobile games they may be playing and the mobile apps they may be using.

Secondly, people are also looking for physical distancing activities to keep themselves entertained. Ideally activities that allow them to (virtually) connect with others socially and provide a sense of community. Game developers from around the world recently kicked off a new campaign — #PlayApartTogether — to encourage both social distancing and a sense of belonging. The World Health Organization (WHO) threw its weight behind the #PlayApartTogether initiative and is even providing guidelines. Due to the inherent nature of being indoors with gaming and immense global popularity, the WHO see this as a win/win strategy. Keep people inside but somehow keep them together.

Thirdly, the need for a stronger sense of fairness is developing. Not only is the coronavirus hitting countries and communities in disproportionately unfair ways, but the global gaming community is increasingly in need of a #PlayFairTogether campaign. While we are all at home immersed on our cell phones, laptops or game consoles, a growing army of cyber criminals are reverse engineering games, cloning games, creating game cheat sheets, tampering with the actual game code and much more. Social distancing and an arguable excess of free time has reminded us all how imperative it is to be fair (including with videogames).

Mobile game protection done properly

There aren’t any signs that reverse engineering games, game cloning, creating game cheat sheets, tampering with the actual game code and other gaming vulnerabilities will magically disappear any time soon. On top of it, video game forums and the inherent intense competition between games publishers to rapidly release new titles mean some areas of security are left on the back burner.

We predict that cybercriminals will increasingly target the games industry in the coming months. Many cybercriminal underground forums already have sections dedicated to gaming sales. As with the market for stolen credit card accounts, there is an abundant and active market for stolen gaming accounts, cheats and hacks.

Denuvo by Irdeto believes the strength and unique capabilities of its software effectively allows games producers to keep games and apps safe against cheating, piracy, hacking and the growing portfolio of threats evolving every day. We want to empower video game producers and take the lead in preventing against:

  • In-game currency hacking
  • Copycat and clone game productions
  • Game balance disruption
  • Lost monetization and revenue
  • Lowered ratings
  • Decreased downloads
  • Competition with copycat and clone games

We strive to help game producers provide safe and fair environments for their users. But some areas require special attention.

“Even with the prevalence of free-to-play, the dangers of hacking and pirating mobile games are very real. Without proper security in place across all platforms, publishers could be exposing themselves to revenue loss and reputational damage.”-

Christian Koidl – Team Leader Mobile – Denuvo by Irdeto

Using client-side measures to help prevent attacks

When it comes to protecting your mobile games, there are many different angles of attack. It is important for you to have multiple layers of security. Denuvo by Irdeto has repeatedly seen that optimal protection means securing your app against:

  • Client-side attacks
  • Network attacks
  • Server-side attacks

While all three types of attacks need to be mitigated, protection at the client side is of utmost importance. It is not only a crucial part in comprehensive protection but assists in keeping rogue actors away who want to harm game balance, manipulate the game or even steal your source code. This needs to be avoided at all costs. The graphic below provides an illustration of client-side vulnerabilities.

Regrettably, there are more threats underneath your fingertips.

Fortunately, Denuvo by Irdeto also protects against malicious attacks through our anti-debugging and virtualization checks.  Since we obfuscate our security code through virtualization, we are able to add a higher level of security than others.

We also have other important features like anti-debugging, root detection and hook detection that add strong layers of protection around your game or app. We spend a lot of time profiling games and apps and consider this an important and integral part of mobile app protection.

In addition to concealing the important game code to make it harder to reverse engineer, Denuvo by Irdeto offers a range of runtime application self-protection (RASP) checks against most of the known client side attacks.

All check plugins are fully configurable to adapt to the diverse security needs of our customers.

The combination of profiling and static analysis of the app allows us to get the best of both worlds; namely a high level of security and negligible impact on performance.

Finally, we put continuous effort in extending our arsenal of check plugins and obfuscation techniques to cover new threats. In other words, we do everything we can to stay one step ahead of attackers.

Hide and steal with hidden apps

Even before the corona crisis, hackers were distributing malicious hidden apps via hyperlinks in popular gamer chat apps and cheat videos. They are also creating their own content with links to fake apps. Often these apps masquerade as the authentic apps but serve random unwanted ads and discretely collect user data.  Fake versions of apps such as Call of Duty, Spotify and many others are used to take advantage of unsuspecting users. As stated in a recent McAfee report, “hidden apps are the most active mobile threat category, a 30% increase from 2018.”

While mobile allows us to get immediate information and services at our fingertips — for work, social interaction, entertainment, research or distraction— the bottom line is that it needs to be done reliably and safely. With people leaning on video games during these difficult times and mobile games increasingly being played and produced, mobile protection can’t be ignored.

If you are a game publisher, game platform, e-publisher, video publisher or independent software vendor, we’d like to help you out.  Denuvo by Irdeto believes players need to increasingly pay more attention to their online security and demand more security from the platforms (including online forums, social media platforms and especially game servers and social media) that store or access their profiles.

We know gaming companies are fully aware of their status as targets and are constantly adding new security features to their infrastructure.  With more than 1000 employees in 15 offices around the world and 140+ partners. Denuvo by Irdeto is fully prepared to assist in keeping your environment safe.

Want to know more? Please contact Denuvo by Irdeto.