81% of biggest mobile games are vulnerable to basic cyberattacks
App security provider Promon has uncovered a new Android threat that poses risks to users. In their investigation, they tested 357 of the highest revenue-generating mobile games in order to assess their vulnerabilities.
The tests conducted by Promon examined the games in four different ways, using tools commonly employed by malicious actors to reverse engineer apps or manipulate their behaviors.
Shockingly, the findings revealed that a staggering 81% of the tested apps lacked defense mechanisms against basic cyberattack methods. These apps were unable to detect if a user's device had been compromised. This alarming figure accounts for 289 out of the total 357 games tested.
One particular test focused on repackaging, a technique where code is inserted into existing software to perform hidden background tasks, such as stealing login information. Promon discovered that only 15.7% of the tested apps had the capability to detect repackaging attempts.
Another critical test examined whether the apps were susceptible to hooking frameworks, which enable interception and manipulation of in-app events. When exploited maliciously, this technology can lead to the theft of sensitive data. The investigation found that the apps lacked protection against this form of attack.
Promon also evaluated the ability of the apps to detect unlocked or jailbroken devices, which are often more vulnerable to hackers and malware due to circumvented security features. Shockingly, only one out of the 357 tested apps was capable of identifying such compromised devices.
Promon's head of security, Benjamin Adolphi, stressed the importance of protecting against these basic cyber threats, urging developers to prioritize app security during the development process. He emphasized that mobile gaming companies should bridge the gap between app protection and ensuring an enjoyable gaming experience for all players.
Additionally, Promon highlighted that hooking techniques can be utilized not only by malicious actors but also by users seeking an unfair advantage in games through code modifications and data gathering. Such cheating practices can negatively impact developers' profits as players who cheat have less incentive to spend real money.
In a previous instance, Promon discovered over 60 apps impersonating InnerSloth's popular game Among Us in 2020.
Source: Aaron Astle, Staff Writer at Pocket Gamer