As global mobile app usage continues to skyrocket, cybercriminals are persistently exploring new ways to exploit mobile vulnerabilities. But how well-equipped are mobile games to fend off cyber attacks? To answer this question, Norway-based app shielding firm Promon recently analyzed 357 Android titles, which collectively see $10 billion in annual revenue, and found that 81% (289) of them have no protection against cyber threats.
To conduct its study, Promon carried out several tests using different techniques such as ‘’repackaging’’ and ‘’hooking frameworks’’ including ‘’Frida’’ and ‘’LSPosed’’.
‘’Repackaging attacks modify or extend the code of an existing application and then package it into a new application,’’ the company explains in its latest App Threat report. This could enable a cybercriminal to create a fraudulent version of a mobile app and replace it with the original one on the app stores.
Promon said that 85% (301) of all the Android games included in the study failed to prevent repackaging attacks and likely didn’t have a detection mechanism against code injection. Only 33% of apps with over $100 million in annual revenue, and surprisingly around 20% of those with less than $5 million, managed to prevent the attacks.
Promon summarizes hooking frameworks as ‘’tools used to intercept, modify, and redirect function calls and other events in a running mobile application.’’ While these tools enable developers and security experts to test mobile apps and detect vulnerabilities, they can also be used by cybercriminals for malicious purposes such as accessing users’ sensitive data.
According to the report, only 9.5% (34) of Android apps tested were found to have protection against hooking frameworks. While 3.4% (12) of the apps managed to detect both Frida and LSPosed, 8.4% (30) detected Frida and 4.5% (16) detected LSPosed.
None of the apps with over $100 million in annual revenue could detect LSPosed. In addition, none of those with between $50M-$99.99M in revenue was successful in doing so.
Meanwhile, the company also tested the apps against rooting/jailbreaking, and said that only one app managed to detect a rooted device, which can enable users to cheat in mobile games.
You can check out Promon’s report for more details.