Cheating affects game developers and publishers by undermining revenue strategies, integrity, and player trust in the game. What are the main techniques? And how can the gaming industry effectively prevent cheating?

According to a survey with some 10,000 participants from China, Germany, Japan, South Korea, United Kingdom, and the United States, 60% state that they have been negatively impacted by other players cheating. The same survey also indicates that these gamers will purchase less in-game content, and even stop playing, if they feel that other players are gaining an unfair advantage through cheating.
Cheating is fast becoming a real problem for the gaming industry, and robust app security measures are required to protect mobile gaming experiences.

Common cheating methods

Memory editing

Live memory editing is a technique that allows players to change the game’s memory in real time while the game is running. Hackers can use this to gain an unfair advantage over other players by modifying values such as player health, currency, or other attributes. 
GameGuardian is a popular cheat engine app that allows players to modify Android games. Hackers can also use it to inject malware, steal user data, bypass in-app purchase mechanisms, and extract sensitive information such as encryption keys.

Code injection

Cheaters can also employ code injection techniques to modify game memory and create mods based on new attributes. These include hooking, DLL injection, and memory patching. Code injection can enable malicious actors to gain unauthorised access to player accounts, steal in-game assets, and create automated scripts that level up characters. All of these can disrupt the normal gameplay experience.

Botting

Emulators can allow players to automate actions, beating out human players, and undermining the overall experience of the mobile game for all players. While emulators have a lot of legitimate uses, cheaters may also take advantage of them to impact the rate of play, and trick the game logic into awarding unfair advantages to cheaters. The setup for this cheating technique is quite complex, but it’s arguably one of the most powerful hacks for any mobile game that requires farming or grinding for resources.

Exploits

Players can take advantage of bugs and glitches in the game to gain an unfair advantage. For example, they might be able to duplicate items, generate unlimited in-game currency, or make their characters invincible. Hackers perform exploits by finding vulnerabilities in the app or game code. Once a vulnerability has been discovered, they can deploy techniques such as script writing that takes advantage of the vulnerability.

As cheaters who take advantage of code vulnerabilities can progress faster, and obtain advantages without having to pay for them, exploits may result in loss of revenue.

Data file editing

This method involves modifying the game’s data files, such as configuration or resource files, to change the game’s behaviour. This includes editing graphics or audio files to change the game’s appearance or modifying parameters to change the game’s difficulty level. Data file editing can be a security threat for several reasons, as it may:

• Introduce malware if the cheater includes malicious code in the modded files
• Damage brand reputation by making games unplayable
• Invalidate the game’s digital signature
• Provide hackers and other malicious actors with unauthorised access to player data

Binary code patching

Lastly, cheaters can employ binary patching. This involves modifying the game’s executable file by adding, removing, or changing machine code instructions. Examples of binary code patching include using hacked versions to give players unfair advantages, such as increased resources or unlocked levels, and memory editors that allow modification of the game’s memory while it’s running.

Patching the binary code of a game might cause unexpected behaviour, crashes, and game-breaking bugs. These can ultimately damage a game’s reputation.

How to prevent game cheating

The key to tackling game cheating is addressing the issue at its root by protecting the game’s code and making the game harder to reverse engineer. App hardening makes your app more resistant to reverse engineering and tampering, and offers protection against intellectual property theft, loss of revenue, and reputational damage. App hardening methods like code obfuscation, anti-debugging, binary packing, and white-box cryptography offer strong protection against reverse engineering.

However, code protection alone is not enough. Developers also need protection against runtime attacks. With a comprehensive app shielding solution, game developers and publishers can prevent a wide range of cheating:

• A combination of encryption, anti-tampering, and runtime integrity checks can prevent memory editing
• Techniques such as runtime integrity checks and anti-debugging make it more challenging to inject malicious code 
• With a combination of secure communication protocols, tamper detection, code obfuscation, and jailbreak detection, app shielding can make it more challenging to modify the communication between games and servers
• By adding runtime application self-protection (RASP) to the mobile game, app shielding blocks emulators and bots
• App shielding protects games against data file editing by using data file encryption and tamper detection