Security and Data Risks to Bloop Boop

On By therratosIn Studio 3

Like most games, Bloop Boop is careful when it comes to its security and privacy to make sure the game runs correctly and safely and that all player data, including analytics, IAP information and Google Play details remain safe and secure to avoid breaching peoples privacy. However that wont stop people from trying to get around these systems in order to, break the game, steal personal information, modify the APK or do something else they aren’t meant to.

Some risks that can happen are,

  1. People no paying for coins – This would involve then loading the game on PC and trying to backwards engineer the game to get the source code. Then modifying how many coins they have thought code before rebuilding the game and putting it back on their phone. Methods around this would be to check how many coins hey had, before and after they load the game and seeing if there is a difference, if there is then delete the difference. Another would be check how many purchases they made and calculate how many coins they should have. However since this quite a low tier game I doubt this would happen.
  2. People trying to steal other peoples IAP details – There is always a risk of people trying to steal other peoples credit card when it comes to IAP. Since the purchase isn’t necessarily through us but instead Google Play Store and we just check things off a list it passes, the risk of this happening is quite low as they would have to go though google as we don’t save any of those details, it would be a major privacy breach if we did.
  3. Privacy statements not correct – There are many details you need to be careful on when you write your own privacy statement as it outlines what data you will be receiving from the user and using in your game. This can cause issues with people if you try to take excessive amounts of data and access from people, Pokemon GO’s first privacy statement shows this well with them gaining full access to your google account and have full reins to do what they want with it if you play their game. Actions like these can cause legal action against you and we will be certain to avoid this with only taking data we need like names and friends.
  4. EULA issues – An End User License Agreement is document that is agreed between both parties of the software. Just like the privacy statement you need to be careful with what you write to make sure you aren’t doing anything stupid with it. Stating that you gain access to profiles and all contents inside would breach privacy laws stating that you own the software and all its aspects will stop others from taking and copyrighting your game.

One account of an existing data leak would be the famous example of Value’s Half-Life 2 game leak in October of 2003. This was when A German man named Gambe sent a email to one of the employees of Value with a link inside that contained a virus. The employee click on that link and Gembe suddenly had access the the entire Half-Life 2 game source code. He then proceed to post the entire game onto the internet, causing extreme damages to the company as a whole.

Gembe then started to brag about his accomplishments to Value directly and instead of threats in return, Gabe Newell decided to offer Gembe a job as a security manager for Valve as he did such a good job of breaking into their system. Gembe accepted and went to get on the next plane to America before being stopped by German forces as there was American FBI waiting for him for when he landed as he was going to be trailed and prosecuted for breaking into their system and causing so much damage. Gembe then spent a lot of time in jail in Germany for that crime.

 

Leave a comment