70% of gaming apps contain high-risk vulnerabilities

According to Nikita Pinaev, Head of Security Analysis at AppSec.Sting at AppSec Solutions, the most dangerous issues identified included storing sensitive information in plaintext. Specifically, 12 applications contained passwords and tokens in their source code, making it easier for hackers to breach the system. Thirteen applications also lacked integrity checking, allowing attackers to modify game logic.

The expert identified three key security issues. The first is excessive trust in client-side logic. In many applications, critical mechanics, such as reward and progress calculations, are implemented client-side without proper server-side validation. This allows attackers to modify memory data or tamper with local state, thereby disrupting the game economy and the integrity of the process.

The second problem is insecure data storage and insufficient protection of network communications. In a number of games, sensitive data was stored locally without encryption, and network connections lacked sufficient authentication checks. This creates the risk of user information leakage and automated fraudulent scenarios.

The third problem is the lack of effective protection against reverse engineering and modification. Many applications were delivered without code obfuscation or integrity checks, which simplifies business logic analysis and the distribution of hacked versions.

Taken together, these vulnerabilities pose serious business risks, including financial losses and reputational damage to developers.

Users can improve their security by following a few recommendations: install games only from official sources, avoiding third-party stores; be wary of modifications and hacked versions; limit app permissions; keep games and operating systems up to date; and use unique passwords for game accounts.