Abstract
In today’s world, where smartphones are nearly universal and their user base is growing rapidly, the security and privacy of users have become paramount concerns. This paper investigates the risks related to security and privacy in video game applications, which have seen a surge in popularity. Our extensive study involves the detailed analysis of most popular 400 free Android games from the Google Play Store in the Thailand region which spread across action, role-playing, simulation, and strategy genres. We conducted an in-depth static and dynamic analysis focusing on aspects such as malware detection, permission requests, third-party tracking, and security of server connections. Our work uncovers the existence of potential malware, incorporation of third-party trackers in apps, discrepancies in permission requests, inconsistencies between third-party tracker identification between static and dynamic analysis, and possibly malicious connections. The insights from this study are intended to assist game developers and end-users to be aware of the security and privacy standards of their games.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Degenhard, J.: Global: number of smartphone users 2013–2028, Statista. https://www.statista.com/forecasts/1143723/smartphone-users-in-the-world. Accessed 07 Jul 2023
Clement, J.: Google play: number of available games by quarter 2022, Statista (1997) 415–438. https://www.statista.com/statistics/780229/number-of-available-gaming-apps-in-the-google-play-store-quarter/. Accessed 07 Jul 2023
Liu, M., Wang, H., Guo, Y., Hong, J.: Identifying and analyzing the privacy of apps for kids. In: Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications (2016). https://doi.org/10.1145/2873587.2873597
Sobel, K., et al.: It wasn’t really about the Pokémon: parents’ perspectives on a location-based mobile game. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (2017). https://doi.org/10.1145/3025453.3025761
Barth, S., de Jong, M.D.T., Junger, M., Hartel, P.H., Roppelt, J.C.: Putting the privacy paradox to the test: online privacy and security behaviors among users with technical knowledge, privacy awareness, and financial resources. Telematics Inform. 41, 55–69 (2019). https://doi.org/10.1016/j.tele.2019.03.003
Alphabet: Android open source project. https://source.android.com/. Accessed 07 Jul 2023
Alphabet: Platform architecture: android developers. Android Developers. https://developer.android.com/guide/platform. Accessed 07 Jul 2023
Schleier, S., Holguera, C., Mueller, B., Willemsen, J.: Mobile application security testing guide version v1.6.0. The OWASP Foundation (2023)
Apperley, T.H.: Genre and game studies: toward a critical approach to video game genres. Simul. Gaming 37(1), 6–23 (2006). https://doi.org/10.1177/1046878105282278
Arsenault, D.: Video game genre, evolution and Innovation. Eludamos J. Comput. Game Culture 3(2), 149–176 (2009). https://doi.org/10.7557/23.6003
Vargas-Iglesias, J.J.: Making sense of genre: the logic of video game genre organization. Games and Culture 15(2), 158–178 (2018). https://doi.org/10.1177/1555412017751803
89z: googleplay. https://github.com/89z/googleplay. Accessed 18 Sep 2023
JoMingyu: google-play-scraper. https://github.com/JoMingyu/google-play-scraper. Accessed 18 Sep 2023
iBotPeaches: Apktool. Apktool - A tool for reverse engineering 3rd party, closed, binary Android apps. https://ibotpeaches.github.io/Apktool/. Accessed 27 Sep 2023
JesusFreke, J.: Smali/Baksmali. https://github.com/JesusFreke/smali. Accessed 27 Sep 2023
Exodus Privacy: Exodus Privacy. https://exodus-privacy.eu.org/en/. Accessed 6 Jul 2023
oF2pks: 3xodusprivacy-toolbox. https://gitlab.com/oF2pks/3xodusprivacy-toolbox. Accessed 5 May 2023
VirusTotal: Virustotal, VirusTotal. https://www.virustotal.com/. Accessed 29 Sep 2023
Shearer, C.: get-vtfilereport. get-VTFileReport. https://github.com/cbshearer/get-VTFileReport. Accessed 26 Sep 2023
Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: Proceedings 2014 Network and Distributed System Security Symposium (2014). https://doi.org/10.14722/ndss.2014.23247
Belcic, I.: What is malware and how to protect against malware attacks? What is malware and how to protect against malware attacks? https://www.avast.com/c-malware. Accessed 07 Jul 2023
PortSwigger: Burp Suite documentation. PortSwigger. https://portswigger.net/burp/documentation. Accessed 24 Jul 2023
Ikram, M., Vallina-Rodriguez, N., Seneviratne, S., Kaafar, M.A., Paxson, V.: An analysis of the privacy and security risks of android VPN permission-enabled apps. In: Proceedings of the 2016 Internet Measurement Conference (2016). https://doi.org/10.1145/2987443.2987471
Ikram, M., Kaafar, M.A.: A first look at mobile ad-blocking apps. In: 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA) (2017). https://doi.org/10.1109/nca.2017.8171376
Gamba, J., Rashed, M., Razaghpanah, A., Tapiador, J., Vallina-Rodriguez, N.: An analysis of pre-installed android software. In: 2020 IEEE Symposium on Security and Privacy (SP) (2020). https://doi.org/10.1109/sp40000.2020.00013
Papageorgiou, A., et al.: Security and privacy analysis of mobile health applications: the alarming state of practice. IEEE Access 6, 9390–9403 (2018). https://doi.org/10.1109/access.2018.2799522
Monogios, S., Limniotis, K., Kolokotronis, N., Shiaeles, S.: A case study of intra-library privacy issues on android GPS navigation apps. In: Katsikas, S., Zorkadis, V. (eds.) E-Democracy – Safeguarding Democracy and Human Rights in the Digital Age: 8th International Conference, e-Democracy 2019, Athens, Greece, December 12-13, 2019, Proceedings, pp. 34–48. Springer International Publishing, Cham (2020). https://doi.org/10.1007/978-3-030-37545-4_3
Lardinois, S., Beckers, J.: How malicious applications abuse Android permissions. NVISO Labs. https://blog.nviso.eu/2021/09/01/how-malicious-applications-abuse-android-permissions/. Accessed 01 Feb 2024
Johnson, R., Wang, Z., Gagnon, C., Stavrou, A.: Analysis of android applications’ permissions. In: 2012 IEEE Sixth International Conference on Software Security and Reliability Companion (2012). https://doi.org/10.1109/sere-c.2012.44
Li, R., Diao, W., Li, Z., Du, J., Guo, S.: Android custom permissions demystified: from privilege escalation to design shortcomings. In: 2021 IEEE Symposium on Security and Privacy (SP) (2021). https://doi.org/10.1109/sp40001.2021.00070
Acknowledgments
Our work received partial support from the Faculty of Information and Communication Technology at Mahidol University. I am profoundly grateful to my advisor, Assoc. Prof. Sudsanguan Ngamsuriyaroj, for her invaluable guidance, and to the instructors in the Cybersecurity and Information Assurance program for their teachings. My heartfelt appreciation goes to my life partner, Ms. Haruetai Pratumchart, for her steadfast support, and to my cats, Hacker and Panther, for their comforting presence. I also thank my family for their love and encouragement, and my colleagues at the Royal Thai Armed Forces Cyber Security Center for their understanding and support which is integral to the completion of this research.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Phaenthong, R., Ngamsuriyaroj, S. (2024). Analyzing Security and Privacy Risks in Android Video Game Applications. In: Barolli, L. (eds) Advanced Information Networking and Applications. AINA 2024. Lecture Notes on Data Engineering and Communications Technologies, vol 204. Springer, Cham. https://doi.org/10.1007/978-3-031-57942-4_30
Download citation
DOI: https://doi.org/10.1007/978-3-031-57942-4_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-57941-7
Online ISBN: 978-3-031-57942-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)