Cheats are nothing new to video games. But what may be surprising is just how common they are, especially in some of the most popular games out there. Our latest review of the top 50 highest grossing multi-player games in the Google Play Store (from July 12, 2021) found a shocking 50 percent of the games have working cheats available. Another 18 percent were also found to have a cheat available for older versions. These numbers are understandably cause for concern for game developers both for the impact they can have on revenue as well as on the experience for players who just want to enjoy the game and good competition.
Cheating is big business … and it’s bad for business
There are those who take advantage of cheats and then there are those who create the cheats. From teenagers just messing around to dishonest players trying to cheat their way to winning big in tournaments to professional organizations creating the cheats, cheating can be a lucrative business.
In March 2021, police in China arrested 10 members of a gang they say brought in around $76M USD designing and selling cheats to clients. Subscribers paid either a daily or monthly fee for access to their cheats, of which police found and destroyed 17 in the bust.
All this cheating also has a negative impact on gaming revenue. Consider that a survey we conducted found 77 percent of players said they would stop playing a game if they thought the people they were playing against were cheating and another 46 percent reported being less likely to buy in-game content if they encounter cheating. Even high-profile gamers say they’ll leave a game if cheating is involved.
Can the cheats be stopped?
It’s important for game developers and game publishers to take cheating seriously and to actively take measures to protect their mobile games. Here are a few suggestions for measures you can take yourself that will help protect your games against cheating.
- Follow security best practices: There are a lot of good guides on the Internet for secure coding like the OWASP Mobile AppSec Verification Standard. The best practices in the guide form the basis of a secure game and don’t require any special knowledge by developers. Among the topics included in security best practices are data storage, cryptography and network security including tips for security on the server side such as authentication and session managements.
- Host important game logic on the server: Keep in mind that every piece of logic you run on the client is at risk of being tampered with by a cheater. On the other hand, code that runs on the server is out of reach for a cheater. Therefore, it’s important that key decisions like the outcome of matches or the availability of premium content are made on the server. If it’s not possible to run the code on your server due to impact on performance impact or any other reason, the data sent in by the client should be verified on the server in order to keep it protected. You can’t rely on the client limiting access to content that is already shipped inside the app. Instead, best practice is to make them available through the server only after validation of the availability for the user.
- Make security part of the design process: Adding security on top of an existing app is a difficult task. If you plan for security during your design process you can save some pain at the end of the development process. For example, a bad decision where to host some logic (see last tip) could be hard, time-consuming and costly to change at the end of the development process.
- Keep up with the latest cheating and piracy trend: Security is not something that is built in once and then works forever. Cheaters are constantly finding new techniques to mess with games. Therefore, it’s important to follow the trends and adapt your security measures to stay ahead of the cheaters. By following news feeds from cheating sites, you can be prepared to react early and prevent new cheat techniques from finding their way into your game.
- Actively protect your app: Without protection, cheaters can change your app any way they want, but the good news is that there are ways to detect or prevent modifications of your game. “Runtime Application Self Protection” involves adding code that constantly checks the integrity of the application and locks out versions of the game that are discovered to not be genuine. You can also make the cheater’s life harder by frustrating the cheat development. You can do this with anti-debugging, anti-hooking and root detection techniques.
- Passively protect your app: An important step for cheaters is to analyze the app and find out which part of the code is responsible for certain aspects of the game. By applying obfuscation and thereby disguising the meaning of the code you can make it harder for cheaters, which will hopefully result in them giving up their attempt to create a cheat for your game.
It’s unfortunate that cheating is so deeply embedded in the gaming ecosphere, but as long as there are games and competitions, there are likely to be cheaters. Therefore, it falls to the game developers and cybersecurity experts to do everything they can do to address the issue. Whether it’s working to catch the cheaters or proactively taking strong measures to protect games from cheats, controlling the problem – and making multi-player games fun for the honest players— is everyone’s responsibility.
The Denuvo team is always available to answer questions or comments – feel free to reach out here!