Jump to content
  • Advertisement
Sign in to follow this  
seworks

Unity Security for your Mobile Games

This topic is 1231 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi guys,

 

I am new to GDNet and wanted start off by saying hello!  I met one of the GDNet co-founders, Kevin Hawkins, at a conference and when I learned about GDNet, I had sign up and meet you all!

 

I am in the mobile app security space, and we are about to begin a global program for indie game developers that will help protect game apps from 2 things: (1) decompiling/reverse-engineering which leads to piracy, IP theft, modification/tampering/repackaging, and (2) runtime memory hacking which leads to imbalanced gameplay (e.g., free gold, unlimited hitpoints, etc.)

 

I wanted to get a sense for how important these issues are to you.  I know that this is a particularly big issue in Asia, and that it is starting to grow in the US, but I wanted to hear directly from you.

 

Have you thought about protecting your games?  What are your biggest concerns?  Have you looked into different solutions to protect your games?  What has been your largest barrier to adopting a security solution?

 

I don't want to be too commercial as I am just getting started in the GDNet community.  I really want to hear more about your thoughts and concerns when it comes to mobile games and security.

 

Let's get the conversation started!  Thanks and looking forward to talking to you all!

 

- jeff

Share this post


Link to post
Share on other sites
Advertisement

Welcome to the site.

 

Since you may have missed it, and since yours is borderline commercial, there are many areas on the site to posts. If you are looking for people, those go in the Classifieds system. If you're talking about a game-making products or tools for sale, those go in The Marketplace. If you're looking for discussion about your product, read the sticky post in the Your Announcements forum to see where it should go.

 

For the discussion topics about security in general, those are appropriate for this sub-forum.

 


help protect game apps from 2 things: (1) decompiling/reverse-engineering which leads to piracy, IP theft, modification/tampering/repackaging, and (2) runtime memory hacking which leads to imbalanced gameplay (e.g., free gold, unlimited hitpoints, etc.)

Two good things needing protection, for some games. 

 

The first one is commonly addressed through subscription models of SaaS.  The client is free, but features are paid. Anybody can download the clients for online games, it is the account credentials that give you access to your features.  Of course, if your game is entirely offline, there is only so much you can do before you are annoying your paying customers and getting nothing in return. 

 

The second one normally only makes sense in multiplayer games; in a local-only game they can modify their own values all they want without impairing anyone. The solution to that is well-known to network play developers: Only give the client enough data for them to display public information to the player, and validate everything they send back.

 


(a) Have you thought about protecting your games?  

(b) What are your biggest concerns?  

(c) Have you looked into different solutions to protect your games?  

(d) What has been your largest barrier to adopting a security solution?

For my history: 

(a) We have tried various things. The most solid we've found is the SaaS model, make the client free to download. On mobile, the next best is to use the various Store libraries to verify that they've got a receipt or authorization for the product. Anything else is an escalating battle, it needs to protect the product from piracy until the costs are recovered and some profit is made, usually 2-3 weeks. Very few protections are able to survive that long.

(b) From telemetry, the biggest concern for the products I've worked on has been hacking and attacks from Eastern Europe (Romania, Poland, Ukraine, Czech Republic, etc). When we are not sold in the region or localized to any of their major languages, they are still appear high up the telemetry list. When we do sell in the region, the highest I've ever seen was a 2% registered rate for non-SaaS products. The only reliable way to get money from consumers in that region is a SaaS model, and even then, those accounts are frequently stolen cards. Some regions have no respect for paying content creators nor any morals when it comes to theft and fraud.

(c) Many, over the years. You've probably seen quite a lot of the hate EA has received for assorted DRM techniques. It is not the dev teams who adds the restrictions. Even with protections, many of the popular games quickly drop to above 90% piracy rate globally. 

(d) Remember that the game publisher does not own the computer. Any security system you adopt can be overcome, any data you transmit can be intercepted and used by the client. The only way to prevent someone from using data is to never give it to them in the first place. That is why so many major games have moved to SaaS, always-online models.

Share this post


Link to post
Share on other sites

Appreciate the posting tips frob!

 

I agree with you 100% on going as much towards SaaS as possible to ensure the highest security/protection.  The funny thing is that there are still a lot of developers (even major ones), where many game values are maintained on the client-side.  Most likely a performance vs. security trade-off.  It's unfortunate that there has never been a full-proof way to protect the assets that are on the client.  In such a situation, it's simply about raising the bar as high as possible, but it sounds like in your experience, that bar can only be raised so high...

 

You mentioned how very few protections are able to survive for 2-3 weeks, and that you tried out many solutions over the years.  There are not a ton of these types of solutions in the mobile app space (as far as I know)...I'm curious as to which ones have you tried, or have seen other publishers try.

 

Thanks frob!

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

GameDev.net is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!