Analyzing Security and Privacy Risks in Android Video Game Applications

Ratiros Phaenthong³ &
Sudsanguan Ngamsuriyaroj³

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 204))

Included in the following conference series:

International Conference on Advanced Information Networking and Applications

400 Accesses

Abstract

In today’s world, where smartphones are nearly universal and their user base is growing rapidly, the security and privacy of users have become paramount concerns. This paper investigates the risks related to security and privacy in video game applications, which have seen a surge in popularity. Our extensive study involves the detailed analysis of most popular 400 free Android games from the Google Play Store in the Thailand region which spread across action, role-playing, simulation, and strategy genres. We conducted an in-depth static and dynamic analysis focusing on aspects such as malware detection, permission requests, third-party tracking, and security of server connections. Our work uncovers the existence of potential malware, incorporation of third-party trackers in apps, discrepancies in permission requests, inconsistencies between third-party tracker identification between static and dynamic analysis, and possibly malicious connections. The insights from this study are intended to assist game developers and end-users to be aware of the security and privacy standards of their games.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic

$34.99 /Month

Get 10 units per month
Download Article/Chapter or eBook
1 Unit = 1 Article or 1 Chapter
Cancel anytime

Buy Now

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 149.00; Price excludes VAT (USA)

Softcover Book: USD 279.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Degenhard, J.: Global: number of smartphone users 2013–2028, Statista. https://www.statista.com/forecasts/1143723/smartphone-users-in-the-world. Accessed 07 Jul 2023
Clement, J.: Google play: number of available games by quarter 2022, Statista (1997) 415–438. https://www.statista.com/statistics/780229/number-of-available-gaming-apps-in-the-google-play-store-quarter/. Accessed 07 Jul 2023
Liu, M., Wang, H., Guo, Y., Hong, J.: Identifying and analyzing the privacy of apps for kids. In: Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications (2016). https://doi.org/10.1145/2873587.2873597
Sobel, K., et al.: It wasn’t really about the Pokémon: parents’ perspectives on a location-based mobile game. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (2017). https://doi.org/10.1145/3025453.3025761
Barth, S., de Jong, M.D.T., Junger, M., Hartel, P.H., Roppelt, J.C.: Putting the privacy paradox to the test: online privacy and security behaviors among users with technical knowledge, privacy awareness, and financial resources. Telematics Inform. 41, 55–69 (2019). https://doi.org/10.1016/j.tele.2019.03.003
Article Google Scholar
Alphabet: Android open source project. https://source.android.com/. Accessed 07 Jul 2023
Alphabet: Platform architecture: android developers. Android Developers. https://developer.android.com/guide/platform. Accessed 07 Jul 2023
Schleier, S., Holguera, C., Mueller, B., Willemsen, J.: Mobile application security testing guide version v1.6.0. The OWASP Foundation (2023)
Google Scholar
Apperley, T.H.: Genre and game studies: toward a critical approach to video game genres. Simul. Gaming 37(1), 6–23 (2006). https://doi.org/10.1177/1046878105282278
Article Google Scholar
Arsenault, D.: Video game genre, evolution and Innovation. Eludamos J. Comput. Game Culture 3(2), 149–176 (2009). https://doi.org/10.7557/23.6003
Article Google Scholar
Vargas-Iglesias, J.J.: Making sense of genre: the logic of video game genre organization. Games and Culture 15(2), 158–178 (2018). https://doi.org/10.1177/1555412017751803
Article Google Scholar
89z: googleplay. https://github.com/89z/googleplay. Accessed 18 Sep 2023
JoMingyu: google-play-scraper. https://github.com/JoMingyu/google-play-scraper. Accessed 18 Sep 2023
iBotPeaches: Apktool. Apktool - A tool for reverse engineering 3rd party, closed, binary Android apps. https://ibotpeaches.github.io/Apktool/. Accessed 27 Sep 2023
JesusFreke, J.: Smali/Baksmali. https://github.com/JesusFreke/smali. Accessed 27 Sep 2023
Exodus Privacy: Exodus Privacy. https://exodus-privacy.eu.org/en/. Accessed 6 Jul 2023
oF2pks: 3xodusprivacy-toolbox. https://gitlab.com/oF2pks/3xodusprivacy-toolbox. Accessed 5 May 2023
VirusTotal: Virustotal, VirusTotal. https://www.virustotal.com/. Accessed 29 Sep 2023
Shearer, C.: get-vtfilereport. get-VTFileReport. https://github.com/cbshearer/get-VTFileReport. Accessed 26 Sep 2023
Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: Proceedings 2014 Network and Distributed System Security Symposium (2014). https://doi.org/10.14722/ndss.2014.23247
Belcic, I.: What is malware and how to protect against malware attacks? What is malware and how to protect against malware attacks? https://www.avast.com/c-malware. Accessed 07 Jul 2023
PortSwigger: Burp Suite documentation. PortSwigger. https://portswigger.net/burp/documentation. Accessed 24 Jul 2023
Ikram, M., Vallina-Rodriguez, N., Seneviratne, S., Kaafar, M.A., Paxson, V.: An analysis of the privacy and security risks of android VPN permission-enabled apps. In: Proceedings of the 2016 Internet Measurement Conference (2016). https://doi.org/10.1145/2987443.2987471
Ikram, M., Kaafar, M.A.: A first look at mobile ad-blocking apps. In: 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA) (2017). https://doi.org/10.1109/nca.2017.8171376
Gamba, J., Rashed, M., Razaghpanah, A., Tapiador, J., Vallina-Rodriguez, N.: An analysis of pre-installed android software. In: 2020 IEEE Symposium on Security and Privacy (SP) (2020). https://doi.org/10.1109/sp40000.2020.00013
Papageorgiou, A., et al.: Security and privacy analysis of mobile health applications: the alarming state of practice. IEEE Access 6, 9390–9403 (2018). https://doi.org/10.1109/access.2018.2799522
Article Google Scholar
Monogios, S., Limniotis, K., Kolokotronis, N., Shiaeles, S.: A case study of intra-library privacy issues on android GPS navigation apps. In: Katsikas, S., Zorkadis, V. (eds.) E-Democracy – Safeguarding Democracy and Human Rights in the Digital Age: 8th International Conference, e-Democracy 2019, Athens, Greece, December 12-13, 2019, Proceedings, pp. 34–48. Springer International Publishing, Cham (2020). https://doi.org/10.1007/978-3-030-37545-4_3
Chapter Google Scholar
Lardinois, S., Beckers, J.: How malicious applications abuse Android permissions. NVISO Labs. https://blog.nviso.eu/2021/09/01/how-malicious-applications-abuse-android-permissions/. Accessed 01 Feb 2024
Johnson, R., Wang, Z., Gagnon, C., Stavrou, A.: Analysis of android applications’ permissions. In: 2012 IEEE Sixth International Conference on Software Security and Reliability Companion (2012). https://doi.org/10.1109/sere-c.2012.44
Li, R., Diao, W., Li, Z., Du, J., Guo, S.: Android custom permissions demystified: from privilege escalation to design shortcomings. In: 2021 IEEE Symposium on Security and Privacy (SP) (2021). https://doi.org/10.1109/sp40001.2021.00070

Download references

Acknowledgments

Our work received partial support from the Faculty of Information and Communication Technology at Mahidol University. I am profoundly grateful to my advisor, Assoc. Prof. Sudsanguan Ngamsuriyaroj, for her invaluable guidance, and to the instructors in the Cybersecurity and Information Assurance program for their teachings. My heartfelt appreciation goes to my life partner, Ms. Haruetai Pratumchart, for her steadfast support, and to my cats, Hacker and Panther, for their comforting presence. I also thank my family for their love and encouragement, and my colleagues at the Royal Thai Armed Forces Cyber Security Center for their understanding and support which is integral to the completion of this research.

Author information

Authors and Affiliations

Faculty of Information and Communication Technology, Mahidol University, Salaya, Thailand
Ratiros Phaenthong & Sudsanguan Ngamsuriyaroj

Authors

Ratiros Phaenthong
View author publications
You can also search for this author in PubMed Google Scholar
Sudsanguan Ngamsuriyaroj
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sudsanguan Ngamsuriyaroj .

Editor information

Editors and Affiliations

Department of Information and Communication Engineering, Fukuoka Institute of Technology, Fukuoka, Japan
Leonard Barolli

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Phaenthong, R., Ngamsuriyaroj, S. (2024). Analyzing Security and Privacy Risks in Android Video Game Applications. In: Barolli, L. (eds) Advanced Information Networking and Applications. AINA 2024. Lecture Notes on Data Engineering and Communications Technologies, vol 204. Springer, Cham. https://doi.org/10.1007/978-3-031-57942-4_30

Download citation

DOI: https://doi.org/10.1007/978-3-031-57942-4_30
Published: 10 April 2024
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-57941-7
Online ISBN: 978-3-031-57942-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)

Publish with us

Policies and ethics