Mobile Gaming Security
Advanced Security for Mobile Gaming’s Unique Threats
“Mobile games contribute to the majority of consumer spending on mobile devices, with games accounting for 61 percent of revenue generation on iOS and 77 percent on Google Play,” according to Business of Apps. Further, in 2021, mobile games accounted for an astounding $93 billion in revenue, outpacing the combined revenue of PC and console games (Source). Because the mobile gaming market is so valuable and attracts a large volume of users, it’s unsurprising that attackers have also been drawn to the space with the intention of stealing data and/or creating unfair advantages.
Zimperium’s Mobile Application Protection Suite (MAPS) helps game developers preserve fair play, secure users’ private data, and protect company revenue streams. The suite allows developers to embrace security techniques, such as code obfuscation, anti-tampering, cryptographic key protection, and runtime application self-protection (RASP) with minimal impact to game development and negligible impact on game performance.
Mobile game consumer spending reached $89.6 billion in 2021, a 12.7% increase from the previous year, according to Business of Apps.
Preserve Fair Play
“Modding” is a way for hackers to fine-tune games to suit their tastes and is typically done by modifying an existing file or completely replacing texture files within the game file. Examples of modding include changing something visual or changing how a character gains power, and oftentimes, modding is done to gain an unfair advantage over other players. Modding has become much easier with APK modding tools and mod management platforms that support thousands of games, so protecting fair play has become a much bigger challenge in recent years. Zimperium’s code protection and anti-tampering solution, zShield, can help prevent unauthorized mods from impacting multiplayer gaming experience while zDefend can provide pivotal insights about malicious activities on end-user devices (e.g., emulators, rooted or jailbroken devices, debuggers), aiding the cheater detection systems.
Protect Against Piracy
At its simplest, pirated games are those that have been “cracked” by bypassing digital rights management (DRM), technology designed to protect copyrighted content. To do so, attackers reverse engineer the app, locate the associated source code, and tamper with it to bypass this license check. Zimperium’s application shielding solution, zShield, helps prevent reverse engineering and app tampering to ensure hackers can’t reach that valuable source code.
Prevent Bypassing In-App Purchases
In-app purchases (IAPs) are a very popular way to monetize mobile gaming apps. All in-app purchases are tied to game assets that are encrypted and protected so that they are only available to the end user once the payment is approved. Attackers can bypass the encryption to access these paid features for free. Zimperium’s zKeyBox uses white-box cryptography to secure the delivery of content decryption keys.
Secure Gamer Credentials & PII
Because of the financial and personal information stored in mobile gaming apps, hackers try to steal this information via malware, man-in-the-middle attacks, emulators, phishing attempts, and more. Zimperium’s zDefend is an SDK that enables the host application to detect and proactively protect itself by taking actions on the end user’s device, helping to prevent credentials from being stolen on the mobile device. With zDefend, mobile gaming apps can detect threats in real-time and then react accordingly. The real-time intel can also be used to help identify accounts that need to be banned and minimize false positives.
Applying OWASP’s Mobile App Security Guidance With Confidence
Download our whitepaper for practical advice on how to apply OWASP’s mobile app security guidance with confidence.
Top 7 Source Code Obfuscation Techniques
Download our report to learn about the top obfuscation security techniques used by developers around the world.