What are the safety risks of small games?

Affected by the global epidemic , from 2020 Spring Festival begins , Small game users began to surge . Besides wechat applet , Well quickly 、 Tiktok 、 Baidu and other platforms have launched small games .

Small Games meet the needs of users to spend fragmented time , It can also feed back the social relationship of the product . therefore , Compared with large-scale mobile games , Small games are small and exquisite , But it takes up more mobile resources , With fast “ install ” Or features that do not require installation . Its playing method is simple , Usually the theme is leisure and educational , Very popular with users . Of course , Small games are not only games loaded in the form of small programs , It also includes games with small installation package , For example, egrets 、cocos2djs Games written by engine .

Against the backdrop of considerable commercial liquidity , The original games are targeted by many malicious criminals , Or some code resources are stolen by friends , Or insert some malicious links in advertisements . This article will answer where the risks of small Games lie ？ How to carry out targeted governance , Ensure the bottom security of small games ？

01 Hidden risks in small games

Code tampering will cause a series of problems , The most common situation is that the game is pirated 、 Advertising flooding , Even bring privacy risks and economic losses to players .

1.1 Piracy is on the rise

Client developers hate piracy . In general , Lawless elements obtain .wxapkg file , Use the mature decompiler tools on the Internet to unpack , Then modify the code and add “ Skin replacement ”, Replace some image resources , Easily plagiarize original games .

With the once popular “ Synthetic watermelon ” For example , If you search the corresponding applet on wechat , A large number of small games of the same type with similar names came into view , As follows ：

Besides , stay 3dmgame Search on , With cocos2d Packaged installation package “ Synthetic watermelon ” The corresponding version appears from time to time , Many have been revised to XX edition ：

thus it can be seen , There is a serious risk of piracy in small games . The biggest risk comes from some “ Original game ” Conduct “ Secondary package change ”, Quickly package to form a new installation package , The intention is to trap the white wolf with empty hands , There is also no lack of adding some malicious code .

in general , Resource piracy has always been a pain point for some games , Due to the simplicity of the applet structure , An attacker can do this without modifying any code , Steal resources directly in the unpacked file , Then repackage and publish . Such illegal operations are common in the industry .

1.2 Advertisements are all inclusive

We open a popular little game , You will always see a jump advertising link in a few seconds , Most of them are aimed at promoting other games .

at present , A small game is often connected with all kinds of advertisements , Some are promotional advertisements , Some are malicious advertisements , Or modify the genuine advertisement to your own advertisement . Players don't know the real source of advertising . besides , Throughout the game , Some induced advertisements and sharing behaviors have appeared one after another , So that users have no way to judge the real purpose of this advertisement . From this we can see that , Small game tamper proof is imminent .

02 Small game security solutions

In order to mitigate the above risks , Yidun provides a new small game solution . Here, small games not only refer to the security of small programs , It also includes those distributed on different platforms APK Small game bag , Carry out comprehensive safety protection .

2.1 code protection

The emergence of piracy and the implantation of malicious links and advertisements , Mostly because the third party obtains the client code logic , And modify and add malicious content in the code . Yidun provides JS The protection of the , Increase the threshold for code to be analyzed , Functions include for JS The control flow of key code in is confused , Variable name confusion , String encryption , Dynamic de debugging , Anti format and other functions , And take into account the performance through different reinforcement combinations , The following is a comparison between before and after code protection ：

Before protection :

After protection ：

2.2 Resource encryption

Little games apk resources

We can apk The resources inside are encrypted , Include png,.jpg,.js,.html,.json Etc , Prevent resources from being stolen . Besides , For egrets and cocos2djs The resources in the engine are encrypted , And you can take care of flexibility through the black-and-white list .

Applet resources

Due to the special structure of the applet , This type of game resources can be distributed by dynamic subcontracting to enhance security , That is, encrypt the resources in the applet , And decrypt it with its own unique features , such as appid etc. . Another way is to embed your own watermark features in the picture , Prevent intentional attackers from changing packages .

Data protection

Data is presented directly to users , Especially the important data of users , Protecting data is one of the key points of anti-theft . The applet can be updated randomly , To iteratively update the key , Securely design the location of the key , The key is updated randomly and polymorphically , To increase the cracking cost of Pirates . In this way, pirates cannot obtain correct data , Timely and dynamic prevention .