With everything electronic there is an inherent threat these days that someone somewhere will eventually crack it and use it illegally in one way or another. Hackers, for what they are worth, are the reason why some of the companies include some extra millions for security in their budgets.
The rapidly increasing mobile gaming market has brought with it not only tons of business opportunities that even the likes of Nintendo have recognized, but also hordes of hackers who have engineered various procedures to get their way.
The industry has reached $100 billion but due to its comparative nascence some developers are not fully aware of the potential revenue they are still losing.
While there are numerous modes of exploitation employed by hackers, the most highlighted ones include reverse engineering of a legit game that get repackaged and released again dozens of times in the form of clones – the name Flappy Bird would suffice in place of an example.
Then there are more direct problems like games being pirated and the purchasing system being compromised alongside the very real issue of hackers ruining the game experience for others who might decide to call it quits or turn to hacking themselves in order to make sure they are not at a disadvantage against others.
So when a game is at a threat of losing the $50,000 it earns a day and gets cloned 60 times a day (Flappy Bird), the developers should look for solutions. The developers should strike a good balance between code that is on the servers and code that is on the client so that hackers don’t get everything they want. There on, obfuscation and detection measures should be in place besides the data that is on the client (in case where it cannot be moved to servers); however, the key is to use them intelligently so as to not damage the gaming experience.
Where obfuscation doesn’t work hiding techniques and whitebox cryptography should be used to keep the important data away from hackers.
Moving on to another nightmare for mobile gaming developers, purchasing systems that get hacked. The first and foremost thing that needs to be in place is a purchasing system that makes use of a developer run server. It should also include a step that doesn’t provide the user with purchases before validating it from the app stores.
However, hackers in the mobile gaming market (and others) often find ways to go around the system and damage it somehow to get their way, for this, a self repairing code will greatly benefit alongside a server alerts system.
It goes without saying that storage of purchase status and quantities should be obfuscated and hidden as much as possible.
In order to mitigate hackers damaging the game experience, developers need to make sure they are move as many gameplay features to the servers as they can without damaging the gameplay experience in any way. Once that is done, the features that remain on the client need to be obscured as much as possible – specially variable that are of more importance.
For these important features, legitimate values should be established and a check maintained on them. Reports citing something different should be acted upon and banning should be practiced on the game’s account layer. Another important tip for all the developers is to make sure they are in touch with the hacking world and related news so that they can prepare themselves for anything new that pops up.
Now we move on to pirated games being installed through unauthorized procedures. As hard as it is, one has to safeguard as much as they can and the first thing to be in place for that should be authentications against servers before anyone can play.
Next, your game should prompt some part of the game to be downloaded from servers like a character’s progress (saved game files) or a character’s record. Lastly, you have to make sure that you have stringent protection systems in place at network, in-memory as well as on disk layers to safeguard code that is in place for the authentication process and the save game data etc. being received from servers.
Needless to say, whether it is mobile gaming or other, it is always better to pre-plan against hackers; and by that I mean at the initial design stages.
One last tip; do not be predictable when dealing with hackers. For instance, immediate response to whenever something is detected (or a response like crashing a client etc. at a specific time after the hacking attempt) allows the hacker to understand how and when you react. Your response should be delayed as well as highly randomized so that your reaction processes remain as alien to the hacker as possible. This should sometimes confuse the hacker as to which ones of his actions has triggered the reaction.
Of course there are security companies for that precise reason and although you might not like the idea of investing in that when your game is already earning or is not even earning yet, remember that Monument Valley, an acclaimed premium game registers 10 million installs though the developers say it was sold only 2.4 million times!