Hand Tour app Cottage cracked three sins: behind the production of gray industry chain!

In 2013, the scale and revenue of the hand tour industry have achieved substantial growth and strong development momentum. Authoritative data show that the actual sales revenue of China's mobile game market soared from 3.24 billion in 2012 to 11.24 billion yuan in 2013, an increase of 246.9%, the hand-tour users from 2012 to 89 million rapid growth to 2013 310 million, the increase of up to 248.5%. Huge number of users and rapid user growth is making our country become a big country of mobile games.

However, in the rapid development of hand-tour at the same time, due to regulatory, audit and other aspects of loopholes, mobile phone game software is cracked after injecting malicious code, theft of user property, theft of user equipment information is not uncommon. Today, a wide range of hand-travel app market, bustling behind hidden multiple hidden dangers, so the hand-travel app on the back of the "gold bomb" charges.

"Chain reaction" triggered by "2048 "

"2048" is a phenomenon-level game, its popularity in the world even beyond the "Flappybird", more than 23 million people have played or are playing this game. However, most of the "2048" players do not know, they play on the phone "2048" is not the original "2048", but a copy of the original "2048" game. Even the original "2048" itself, is a copy of the "threes!" game.

At present, the world's most popular this section of "2048" is the biggest feature of the game by hovering over the advertising bar to make money, free for players. With this, "2048" will be high AppStore game free top, and "threes!" because the price of $1.99 is ranked eighth in the AppStore game fee list.

"Threes!" has excellent game ideas, excellent game experience, and the first advantage, but the "threes!" in the competition lost to the cottage version of the app "2048". Therefore, "2048" The great success of the 19-year-old, on behalf of the future game producers hope that the web version of the game "2048" maker Gabrielecirulli disappointed, also led to the "threes!" Developers Ashervollmer and Gregwohlwend, two outstanding game producers, withdrew from the world of hand-travel.

Industry experts believe that, "2048" the success behind the more dire consequences of the whole hand-tour app industry has been overshadowed by the benign development, it will give the hand-tour app developers to convey a wrong message: Since the copycat can be successful, then developers why bother to innovate it?

three deadly Sins of the hand-tour app hack

Small knitting wire domestic focus on the field of mobile security Love Encryption (www.ijiami.cn) Technical Director Mr. Lin Wei learned that hackers will hand-tour app cracked, will take the following actions: The popular game makeover, into a cottage version upload application market; Inject malicious code, steal user privacy or arbitrary charge; Embed ads, push ads, and earn ad fees.

First of all, the game cottage problem is repeatedly forbidden. "Cottage" These two words in our country long-standing, and the cottage wind has already spread to the hands of the field of travel. Last year, China's hand-tour market broke out an unprecedented hand-skimming war, hand-tour was cracked, the internal resource files were stolen, resulting in a lot of developers to devote a great deal of effort to develop the creative results, into a "free game", revenue dropped sharply. Therefore, the industry will be known this year as the hand of the "intellectual property Year" to actively deal with the bad wind of the cottage.

Second, it is injecting malicious code. According to security experts, popular hand tours are often targeted by virus makers, implanted malicious code two times after packaging into new applications, through some unsafe application market to spread. Hackers use these malicious code to the user's mobile phone remote control, the implementation of the replacement or deletion of the user's mobile phone data, stealing user privacy after secretly uploaded, download fee software, call the designated telephone and other dangerous operations. such as the previous time is very popular Flappybird hand tour encountered a virus injection, the version of the application has been altered to send and receive text messages, background download software and other rights, once run, will steal the charge SMS, background download popularization and application, directly resulting in the loss of user charges.

Finally, it's an implant ad. According to Mr. Igamilin, hackers will hand-travel app cracked, with their own advertising SDK to replace the software built-in advertising SDK, these ads will be suspended window reminders, notification bar reminders, ad display and other forms appear in the user's phone, inducing users to click, then hackers, Packaging party and illegal advertising channels three parties to the user click ads, background download software generated by the illegal promotion of benefits. In this way can achieve rapid profitability, there is data show that a 10-person packaging team through this way of profit, the monthly pure profit can reach 1.5 million yuan.

"In the 2014 ninth game Project Fair as a special guest, love encryption has been the site of developers friends to hand-tour app hack For example, the mobile application security of the keynote speech. In fact, hackers to crack the mobile app phenomenon intensified behind, is a huge gray interest chain in trouble, its lucrative mode of making money to make a lot of hackers desperate. "said Mr. Lin.

Protect your mobile app to create a security solution

We might as well understand the hacker's behavior from the technical point of view, so that we can see more clearly how the hacker is targeted at all aspects of a game-like app to crack. From the information that Mr. Ai has provided to us, we can see that in order to make the security scheme of the mobile app more specific, love encryption technology personnel through the hacker's cracking behavior further subdivided, including: in-game purchase hack, game resource file tampering, simulator run, Game script recording, game memory modification, the game use accelerator, Game account, password, local archive and other privacy data transfer and tampering, malicious code injection, ad modification, WPE Brush volume, game rules modification, third-party Payment SDK Vulnerability mining.

Among them, in-game purchase hack, memory modification, third-party Payment SDK Vulnerability Mining refers to the cracker by tampering with the game source code, memory, etc., so that the game inside would have to pay for the purchase of props, coins and other resources, into a free, like the Temple Escape 2 Infinite Gold version is this situation, The fee threshold that developers rely on to survive is broken to zero, seriously reducing the revenue of mobile app developers.

Game resource file modification refers to the cracker through the reverse analysis of the application source code, the APK in the resource file changes, the game background music, text, pictures, characters, maps and other information, inserted ads, viruses or copied into a cottage version.

WPE brush volume, simulator operation, game script recording, advertising modification, game rules modification, archive modification and other methods are through the opponents of the app's various restrictions to modify, remove. Changes in the application should belong to their own advertising revenue fell into the hands of the tampering, can only be collected once the game package can be unlimited, need to meet the conditions to open the level becomes easy and so on, developers about the rules of the game is broken, which reduces the game app to users of the challenge and appeal , which puts the app at risk of survival and, on the other hand, lowers the developer's product revenue directly.

Injecting malicious code, game accounts, passwords, local archives, and other privacy data dumps and tampering is the way the cracker adds malicious code or viruses directly to the APK through static injections, stealing the user's private information and property for possession or illegal sale.

For these malicious acts, simple protection has been difficult to ensure the full security of hand-travel applications, should be targeted at different hand-travel applications to protect the focus of different aspects of protection, such as the love of encryption specifically for the hand-travel app security protection has developed a set of effective protection solutions. First of all, love encryption provides targeted security assessment and processing recommendations, source protection, apk to prevent two packaging, so library encryption three basic services to ensure that the game apk static state of absolute security. Secondly, love encryption security analysts will refer to the "Love Crypto Hand Tour industry assessment scheme" to the apk for in-depth research, summed up the game apk Vulnerability information, targeted the development of the game APK security solution.

Hand Travel app through the exclusive hand-travel app security solution, can effectively prevent unpacking, packaging, source translation, from the root of the two to eliminate the occurrence of the crack, to prevent all cases of static cracking and dynamic injection; Prevent third-party scripting software, acceleration software, screenshot Software, prevent the simulator to run, protect the game internal advertising, Rules, payment SDK security, and secure local storage data.