The mobile gaming industry witnessed exponential growth in recent years, attracting a vast and diverse player base worldwide. Between 2017 and 2021, the number of mobile gamers skyrocketed from 1.177 billion to 1.799 billion, a growth further accelerated by the global pandemic. However, this momentum slowed, and by 2023, the number of mobile gamers decreased by 132 million[1]. Despite its initial rise in popularity, the industry now faces challenges in retaining users, prompting a closer examination of the underlying factors contributing to its gradual decline.
The popularity of mobile gaming can be attributed to several key factors.
As technology has advanced, even entry-level smartphones can now handle complex games. This means that the cost of the phone is no longer a major barrier to entry for mobile gaming, leading to a larger player base overall. Unlike console or PC gaming, which may require dedicated time and equipment, mobile gaming provides a convenient way to pass the time while waiting for a bus or during a work break. Many games previously restricted to console or PC are now available on mobile. This accessibility and portability are precisely why certain games, such as PUBG, maintain a larger mobile community than their PC counterpart.
Furthermore, mobile games are often free to play or significantly cheaper than their console or PC counterparts which typically require the user to make a substantial initial investment. This affordability broadens the appeal of mobile gaming beyond traditional gamers, as users can easily download and test games without making a significant financial commitment.
For developers, mobile gaming presents multiple opportunities to generate additional income and become profitable investments compared to PC and console games, which heavily rely on initial sales for profit. If these games fail to generate substantial sales initially, developers may have trouble recouping their investment as they are limited in their monetization methods (nobody wants ads in a game they’ve paid $40+ for!). Mobile games on the other hand provide developers with the opportunity to sustain revenue streams through advertising and other monetization strategies, which are more diverse compared to the limited options available for PC and console games, and generally meet less resistance from players..
When I decided on creating my first mobile game, I was drawn to the idea of it because of how accessible it is. Make a free game, add some advertisements, and ship it off to the races.” - Game Developer[3]
By leveraging these strategies, developers can grow and diversify their revenue streams, generate a substantial income, and drive industry growth through in-app advertisements for other mobile games.
For example, freemium games offer players access to core gameplay at no charge, but also offer the option to spend real money for extra features or content. Although the monetization of free mobile games is controversial, with some players strongly opposing the idea, it can be highly profitable. Candy Crush Saga, one of the first freemium mobile games, was one of the first mobile games to achieve over $1 billion revenue and maintains a healthy 500 million players a year[4].
In 2022, mobile gaming accounted for 45% of global gaming revenue and although the mobile gaming industry remains sizable, it no longer sees the exponential growth it did before the pandemic. Some factors contributing to this decline are beyond control, such as the return to office-based work. Therefore, developers must prioritize managing controllable factors, such as cheating, to diminish their escalating impact and ensure the continued success of mobile gaming in the long term.
A cheat for every occasion
Compared to traditional console/PC games, cheats tailored for mobile games vary significantly in their nature and execution.
Cheats for both Android and iOS platforms are widely accessible, and many no longer require jailbroken devices, which makes them more readily available and increases their potential impact. Moreover, they bring along additional threats and risks that can adversely affect both players and developers, many of which users remain unaware of.
Numerous types of cheats are impacting the mobile gaming landscape, and they’re quickly developing. Let's delve into some of the most popular ones and examine their effects on both players and developers:
APK Mods
APK mods and in-app purchase mods (IAPs) allow players to gain unfair advantages, such as unlimited in-game currency or enhanced abilities. And they are remarkably widespread. We recently ran tests on 100 mobile games of various types, and found a working mod for over 80% of them.
However, even those that work can also compromise the integrity of the game and many others simply don’t function as advertised - users may download the mod only to find it does not work or it directs them to a private server.
Additionally, APK/IAP mods require the user to download software onto their device, potentially exposing them to nasty malware and other malicious security threats. These mods may download third-party advertisements onto the users device, which are not endorsed by the game developer and can be difficult to remove, or may be used to harvest information about the user without their consent.
Botting and Scripts
Automated software programs, or "bots," are used to perform in-game tasks without human involvement. By automatically completing time-consuming tasks, such as gathering resources, acquiring currency, or farming XP, bots eliminate the grind aspect from a game and enable players to progress quicker than intended.
Botting is frequently observed in casual and hyper-casual games, such as Township and AFK Arena. In these examples, bots are used to automate in-game tasks and are scripted by macro recorders. Players are required to set up their farms with identical layouts to ensure the macro recorder script is able to automate tasks, such as harvesting crops and collecting rewards.
Memory editors are commonly used to script mobile games. These versatile tools enable players to modify in-game values, primarily on local server-based mobile games. Essentially, any data stored on a player's phone is susceptible to manipulation. Using these tools, players can edit values such as currency, gems, skill, and health. Popular memory editors include:
● Game Guardian
● Cheat Engine
● SB Game Hacker
The issue of botting is particularly severe in competitive and PvP-focused game genres, such as Mobile MOBAs and FPS. Bots affecting these genres can offer an aim advantage, extra sensory perception (ESP), zoomed out maps, and automated actions. These scripts are easily found online, often for free, and are easily accessible.
Once again, users who download cheat software also put their devices at risk. Many bots, particularly those free to download, require users to grant third-party access to their device (giving them permission to snoop through everything on their mobile phone, yikes!)
Emulators
Within the mobile gaming landscape, software emulators have emerged as a valuable tool for both developers and users. Emulators essentially create a virtual smartphone environment on a PC, enabling users to install and run Android apps, including mobile games, on desktops running Windows, macOS, or Linux. Developers use emulators to test new features or updates before their official release.
Playing games via emulators can introduce changes to controls, potentially making gameplay easier, and also opens doors to cheating through third-party tools like bots, which can operate alongside the game. Emulators can make cheats harder to detect, allowing cheaters to evade anti-cheat measures and complicating cheat prevention efforts.
While some game publishers prohibit the use of emulators and enforce anti-scripting measures, others embrace the advantages they offer. For example, publisher Lilith officially partnered with the BlueStacks emulator for their mobile strategy game, Rise of Kingdoms. BlueStacks features a built-in script function and "MOBA Mode," enabling users to control characters with a mouse and keyboard, thus enhancing accessibility.
Lilith encouraged users to enhance their gameplay through the emulator, whose slogan is "If You Must Repeat It, You Can 'Script' It," enabling users to automate tasks and focus on the gameplay aspects that interest them. Some claim that scripting or botting endorsed by the game publisher is not cheating at all, while others argue that it undermines a fair gaming environment.
Private Servers
Another popular form of cheating in mobile gaming involves the use of private servers, which operate independently to official game servers and essentially function as copies of the game with no affiliation to the official version. Private servers can provide players with an altered gameplay experience, granting them access to exclusive items, unlimited currency, locked characters/levels, and modified game mechanics. This appeals to players who wish to progress quickly without making in-app purchases, or to players seeking an alternative gaming experience.
But how does this affect my game, you might ask? While it may seem merely frustrating and insensitive that someone has copied your game and is profiting from it, the impact goes beyond just inconvenience.
Private servers pose a particular threat to mobile games, which often rely on player traffic and advertisements to generate an income as opposed to profiting from the initial download cost. Private servers closely mimic official servers, potentially deceiving users into believing they are still playing on the official platform. This means that any inappropriate advertisements or faulty game mechanics may be wrongly attributed to the game developer, damaging their reputation.
It's easy for users to fall into this trap. They download a cheat promising unlimited currency, and an app appears on their home screen. The instructions prompt them to log in to their account and play on this version of the game for the cheat to activate. Everything looks and functions the same as the official game. Following the initial download, there is nothing to indicate the user is playing on a private server. To the unsuspecting user, it seems they've found the perfect solution - a cheat that generates unlimited currency! When users are bombarded with sketchy advertisements, have difficulty finding opponents, or experience unplayable game mechanics, it's the official developer who often shoulders the blame.
For many users, functional private servers are simply more enticing, luring them away from official servers. After all, why would someone choose to play on an official server when a private server offers the same game without any restrictions (unlimited currency? All characters unlocked? It’s a tempting offer!) This decrease in player traffic translates to a reduction in revenue generated from downloads, advertising, and in-app purchases – the bread and butter which keeps many mobile games afloat.
Declining player base + Damaged reputation + Loss of revenue = A fall from the charts straight into the app store graveyard
Software-based cheats, such as APKs, bots, and especially private servers, pose an increasing threat to users. Beyond the danger of exposing their devices to malicious malware, intrusive third-party advertising, or becoming unwilling participants in cybercrime, users also stand to lose something many value even more than their devices - their accounts.
Account Purchasing
The sale and purchase of boosted accounts is a growing market and can make a significant profit. Accounts in demand aren't limited to end-game profiles with exclusive items or those offering a competitive edge. Even early-game accounts can be profitable, as players use them as smurf accounts to support their main profile.
But where are sellers getting these accounts from?
While there are a number of methods, one of the most concerning is account hijacking. When users download what is advertised as a cheat or private server, they may be prompted to input their account details (e.g “login to your account to activate the bot!”). These details are then recorded, changed, and the account becomes inaccessible to the legitimate owner. The compromised account is then sold on online marketplaces, such as G2G.
For example, there are nearly 2,000 Pokémon Go account offers currently listed on G2G, one of the most prominent online account marketplaces. Large-scale account seller, the 'CNL Team', has over 100 Pokémon Go accounts available for purchase. Concurrently, this seller is marketing 3.4k other accounts across various games, indicating their operations are not confined to a single mobile game. The 'CNL Team’ offers a comprehensive suite of services, including account sales, in-game currency top-ups, game items and boosting services, achieving over 90,000 orders in the past 90 days alone.
This substantial activity suggests the presence of a team, or even a whole business, employing specific methods to amass such a significant inventory of items and accounts.
If selling accounts is profitable enough to warrant high-functioning vendor operations like the “CNL Team”, it undoubtedly poses an escalating threat to the mobile gaming landscape.
“Surely there aren’t enough people handing over their account details to sustain the entire account market?” you might be thinking, and you’re right!
According to research conducted by Intorqa, vendors are utilizing tools originally designed for legitimate purposes, such as web scraping, data extraction, and automated security testing, for malicious activities, including hijacking player accounts.
Credential stuffing, for example, involves automating login attempts with leaked passwords to gain unauthorized access to accounts. As many individuals use the same password for several accounts, this can be highly successful.
Brute-force attacks continuously employ numerous password combinations to crack accounts, and get emails, and then extract substantial amounts of data such as other passwords and sites used.
There are many methods hackers employ, which makes them hard to mitigate against. For further insights into account fraud within the gaming industry, explore our blog post - The threat of account fraud in video games [5]
So, how do account sellers manage to have so many high-ranking accounts?
Most account sellers aren't super skilled game whizzes who climb ranks in a matter of seconds. While some do manually build up accounts and sell them for profit (though this is pretty rare!) there are various methods sellers use to make their accounts more valuable.
As previously mentioned, bots can be used to automatically carry out tasks without human intervention, and account sellers use them to boost up their accounts whilst keeping any human intervention to a minimum (unlike humans, robots work for free, which results in a larger profit)
When this is no longer possible, some sellers will employ people by the hour (often in lower income regions) to boost their accounts and perform tasks/engage in battles for them. Intorqa has found evidence that many account sellers are able to fraudulently alter account stats using cheats, eliminating the need for account boosting altogether.
But one question remains: If account sellers can boost accounts for sale, can players hire them to boost their own accounts?
Yes, they can, and “Boosting Services” are also having a significant impact on the mobile gaming industry.
Boosting Services
Boosting services offer assistance in propelling players’ in-game progress, also known as cheating-as-a-service. This can involve skilled players logging into the account and improving player stats, like climbing ranked ladders or acquiring rare in-game items, or by having skilled players joining the players’ team and working with them to achieve a specific goal e.g leveling up a building or winning a specific trophy.
Players seeking a competitive advantage may utilize boosting services to achieve high ranks, unlock exclusive rewards, and gain entry into competitive scenes. These services offer a faster path to these desired outcomes.
Boosting services also hinder player skill development by allowing them to advance to higher ranks without acquiring the necessary skills to compete effectively against their opponents. This impacts game integrity by eliminating the challenge and engagement players typically invest in overcoming obstacles, which are fundamental aspects of many mobile games (as they say, it’s not about the destination, it’s about the ✨journey✨!)
Boosters themselves often use cheats to make their ‘job’ even easier with little risk - after all if they get banned it’s someone else’s account.
Additionally, boosting services pose a risk to player security, as they frequently involve players granting the service provider access to their accounts, thereby exposing their personal data to potential breaches. Some players have even reported instances where they lost access to their accounts after using boosting services, only to be coerced into repurchasing them!
On online account platforms like PlayerAuctions, Pokémon Go features an impressive array of 393 boosting services. On G2G, a larger online marketplace, over 2,100 boosting services are advertised for the game. The widespread availability of these services highlights a significant demand driven by players seeking to advance their in-game status through fraudulent methods, underscoring the impact boosting services are having on both game integrity and player experiences.
What can Intorqa do to help?
Cheating, account purchasing, and fraudulent boosting services present significant challenges for game developers, profoundly impacting their business and reputation. When players resort to cheating, developers lose out on crucial revenue streams. This loss is further compounded by the damage done to their hard-earned reputation, which can take years to build but only moments to crumble.
The ongoing struggle against fraud demands constant vigilance and technological advancement, forcing game security teams to waste valuable time and resources which they’d almost certainly prefer to invest elsewhere.
Intorqa plays a vital role in maintaining game security by actively monitoring player communities to detect the sale and distribution of cheats. With access to exclusive communities where cheats are developed and shared, Intorqa empowers developers to stay ahead of the problem and intervene before cheats become too widespread.
In addition to our comprehensive monitoring services, Intorqa offers expert testing of bots, mods, and scripts that may be impacting your game, enabling us to understand their features and functionalities. This intelligence enables your engineering team to develop robust strategies to minimize the impact of cheats effectively.
By staying ahead of market trends and understanding the cheat market, Intorqa helps security teams mitigate against cheats effectively. We also monitor legitimate player feedback, analyzing community reactions to game updates, which further enables you to craft an enjoyable gaming environment for your players.
Conclusion
The detrimental impact of cheating not only undermines the hard work of game developers but also threatens the integrity and enjoyment of the gaming community. With player numbers rapidly declining after the surge during the pandemic, it is essential developers do everything possible to maintain a player base.
Of course, some games are more secure than others and harder to find working cheats for. But that doesn't fully negate the risk. Vulnerabilities will arise, often in the form of bugs, which bad actors will exploit. For example we've seen instances where a glitch has allowed players to use two accounts to duplicate in-game items, which quickly leads to traders using bot accounts to take advantage of it, duplicate and sell items en masse, and harm the economy.
As cheating methods advance, they will continue to impact mobile games. Given that many mobile games rely on revenue generated through advertising and in-app purchases made by players, it is crucial to retain players to ensure this revenue stream continues. However, being able to purchase currency, accounts, and items online reduces the amount of income generated through in-app purchases and damages game reputation. Private servers can further impact mobile games by luring players away with promises of modified gameplay, which reduces the revenue generated through downloads, advertising, and in-app purchases.
Many mobile games rely on players overcoming challenges and unlocking characters/items to progress. However, cheating can significantly accelerate this process, or eliminate the need for it entirely, diminishing the longevity of the game. This leads to a decline in player numbers as cheaters may lose interest quickly, and legitimate players may stop playing if they believe the game is compromised by cheats.
The overall impact of cheating extends beyond just players to developers and the wider mobile gaming industry. Declining player numbers and reduced revenue directly affect developers and the industry as a whole.
While mobile cheats present unique challenges, advanced monitoring tools, exemplified by Intorqa, offer invaluable insights into their operations, enabling engineering teams to develop effective countermeasures and maintain a sizable player base which enables them to profit. This proactive approach not only mitigates the negative effects of mobile cheating but also reinforces the overall security and fairness of the gaming industry.