RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2019/06/04 22:56:04

Mobile games

Content

2023: Demos for different target audiences: How to adapt

The article "Demos for Different Target Audiences: How to Adapt" examines the importance of adapting preliminary versions of mobile games to different groups of users. The process of developing a demo is analyzed, taking into account the unique interests and needs of each audience. The importance of testing and the benefits of adapted versions in the modern mobile gaming industry are considered. Read more here.

2021: Dozens of games with built-in Trojan found in AppGallery app catalog

On November 23, 2021, Doctor Web announced the discovery of dozens of games in the AppGallery catalog with a Trojan Android.Cynos.7 built into them, which collects information about users' mobile numbers. Dangerous games were installed by at least 9,300,000 owners of Android devices. Read more here.

2019: Children's mobile gaming apps contain critical vulnerabilities

On June 4, 2019, Rostelecom-Solar announced a study on the vulnerabilities of popular mobile gaming applications for children. An analysis of 14 gaming applications showed that vulnerabilities found in applications can lead to a complete loss of privacy of user data, including payment data.

The gaming industry shows enviable growth stability every year. According to the company's report in the field of gaming analytics Newzoo, in 2018 the global market for mobile gaming applications reached $63.2 billion, which is 12.8% more than in 2017. According to Newzoo forecasts, the domestic market at the end of 2018 will bring gaming players $1.7 billion, and Russia will take 11th place among the top 20 countries in terms of the volume of the gaming market.

Most mobile games contain paid options that are in great demand among the audience. Many users are ready to pay for certain gaming advantages, and first of all - children. However, if the application is not safe, the personal and payment data of players can become the prey of cybercriminals.

File:Aquote1.png
Mobile application vulnerabilities are one of the most commonly used channels used by attackers to gain access to user data. And despite the fact that only free mobile games were selected for this study, however, most of them contain built-in purchases, which means they work with user payment data. Their compromise gives attackers direct access to the money of small players, or rather, their parents,
File:Aquote2.png

Rostelecom-Solar conducted a comparative study of the security of the following popular mobile gaming applications for children: 3D Labyrinth, Angry Birds 2, Asterix and Friends, Cut the Rope, Disney Crossy Road, Dragons: Rise of Berk, LEGO NINJAGO: Ride Ninja, Minion Rush: "Ugly Me," "Lunmi-Mi Games: Children's Games Krosh, "" The Mysterious Affairs of Scooby-Doo, "" Three Kot Piknik. " For analysis, game applications from the "Family" category were selected, according to the criterion of popularity: the number of downloads App Store in and Google Play, as well as positions in the ratings of popular mobile games for children. All applications were considered in options for mobile operating systems iOS and. Android

In more than 80% of Android applications containing critical vulnerabilities, the encryption key is specified in the source code, which gives attackers access to the data contained in the application. And more than half of Android applications containing critical vulnerabilities can lead to a complete loss of privacy of user data.

The most protected Android versions of mobile gaming applications for children are: "Three Cat Picnic" (DevGame OU), "Masha and Bear: Games for Children" (Hippo Games for Kids) and "The Mysterious Affairs of Scooby-Doo" (Warner Bros.). Their total level of security is 4.6, 4.6 and

4.1 points respectively out of 5 possible. The most vulnerable application is the game Disney Crossy Road (Disney) - 0.9 points out of 5.0.

The investigated games based on iOS have a significantly lower degree of security compared to Android counterparts. Only one application - LEGO NINJAGO: Ride Ninja (LEGO System A/S) - managed to demonstrate a security level of 2.6 points out of 5, which is slightly higher than the industry average. The security of the remaining 13 applications raises serious concerns of experts. The least protected games for iOS are recognized as "Three Cat Picnic" (DevGame OU) and "Masha and Bear: Games for Children" (Indigo Kids) - their overall level of security, according to the Solar appScreen assessment method, is 0.0 points.

All investigated iOS-based gaming applications are subject to a critical "weak hashing" vulnerability algorithm that potentially compromises user data. In addition, all iOS applications contain vulnerabilities that an attacker can exploit to execute malicious code on smartphone or execute on the attacks application.

Code security analysis was carried out automatically using Solar appScreener, a Russian software product for checking the security of applications. The solution uses static, dynamic, and interactive analysis methods. In the preparation of the study, the decompilation and deobfuscation module was disabled. Static analysis was performed on the binary code of mobile applications in automatic mode.

See also