[Interview] How do game client developers protect apps?

mobile APP security - The post explains how game developers protect their APPs.

 
 

[Interview] How do game client developers protect apps?

 
 
Q : Please introduce yourself briefly.
 
(Manager Hyun-wook Kim, referred here as ‘A’)
A : Hello, I am currently in charge of client management of rhythm game at OOOOO game company that has around 40 employees.
Please excuse me for not being able to reveal our company name during the interview due to some contractual issues. (Laughs)
 
Q : What is the service that you are currently doing?
 
A : We are currently operating three types of rhythm games not only in domestic market but also internationally through Google Play and App Store.
One of them has been in service for around four years since its first release, and there is also a new and upcoming product that is scheduled to launch soon.
 
[ The following image is not related to the post ]
 
Q : Whar are the main age group using the app?
 
A : Although it is difficult to determine specific user age groups regarding the nature of rhythmic action games, according to the status of introduction, age distribution of the application users mainly range from teenagers to the late 30s.
 
Q : Why does this service require applicaion security?
 
A : The most significant data in rhythmic action games is the score that users acquire by tapping notes which also allows them to use a variety of content.

However, the service can face a serious problem when users get scores through hacking and Macros (automatic-play) during the live service.

These problems are directly related to the departure of honest game users. Yet, solutions towards preventing user desertion such as C/S processing, non-user sanctions, and balancing have all made it difficult to operate a live service, and we came up with the final solution to introduce LIAPP to our service.

Illegal scoring has caused serious problems for live services.

 
Q : What made you to be interested in LIAPP? 
 
A : Personally, I have been interested in security since I started developing games at my previous job. I first came across LIAPP when I was building up technical knowledge and looking for solutions to increase security.
 
Q : What there a security problem with the game that you developed at your previous job?
 
A : In the case of games released at the previous workplace, we decided that it was more appropriate to prepare and release security to clients(application) before the problem occurs, so we applied LIAPP as a security defense before launching the service.

I strongly suggest to prepare and release security for the client (app) from the point of time before the problem actually occurs.
 
Q : what if the service was not covered by security?
 
A : As I mentioned earlier, live services do not only generate the intended and anticipated user input at the time of development.
Therefore, to operate live services, it is a must to prevent people from achieving unintended scores so that no one breaks away the fairness with other normal users.
Obfuscation is used with a pro-guard in the case of codes, but this also requires stronger protection as approximate code exposure is evitable if quite an effort is put forth.
 
Q : Is there a reason you use solutions rather than your own security personnel?
 
A : Currently, we maintain our own security staff, but there is a cost-effective problem and we also thought that it's unnecessary to apply untested technical solutions to live services.
So the technical solution was defended in collaboration with a proven solution.

 
Q : So how did LIAPP solve these problems?
 
A : Applying LIAPP allowed strong defense against alternative routing of the clients, hacking tools, and memory modulation in real time and the exposure of UNITY as well as game source codes.

Macros, who needed their own protection, also responded strongly by applying LIAPP to live services as soon as their new app was released.

Since we operate three services, there are 6 apps in total 3 actual android and 3 iOS that we need to manage.
As a result, LIAPP provides an automatic application module called LIAPP Sender, which helps you work with efficiency.

Applying LIAPP allowed strong defense against alternative routing of the clients, hacking tools, and memory modulation in real time and the exposure of UNITY as well as game source codes.
 
Q : What's the status since the introduction of LIAPP
 
A : For services that are around four years old, when comparing before and after LIAPP is applied, the difference in response is very prominent as feedbacks from the CS or community became very positive.
For services that are around four years old, when comparing before and after LIAPP is applied, the difference in response is very prominent as feedbacks from the CS or community became very positive.

For services that are around four years old, when comparing before and after LIAPP is applied, the difference in response is very prominent as feedbacks from the CS or community became very positive.
 
 
Q : What if  you recommend LIAPP?
 
A : When LIAPP is applied, LIAPP can immediately experience the effects of LIAPP's application through statistics on the threat levels expressed on the web or through CS and community of live services.
Especially in the case of games, without hacking tools or basic security measures, you won't be able to bear as much fruit as you've tried.
Based on my experience, LIAPP will be a great partner for the best live service.

Based on my experience, LIAPP will be a great partner for the best live service.
 
Q : Any last words?
 
A : I personally believe that security cannot be basically perfect. It's a continuation of the debate; thus, it's important for those of who consider security to have the best defense available.
In particular, it is necessary for the clients to consider security, and there is no doubt that security defenses are one of the key elements that are essential in providing successful services.