Melon Gaming Game Producer Dwinanto Prayoga On Rethinking Mobile Gaming Security

Roberto Popolizio
Published on: July 28, 2024

Information is the new gold. Whether you’re a business or an individual, cybercriminals are always finding new ways to breach your security defenses and steal your sensitive data.

It takes one data breach to compromise your financials and personal information.

So, how can you secure your online privacy and security beyond the mainstream advice found all over the internet, that hackers already know as much as you do?

In this new interview series by Safety Detectives, we bring you exclusive insights from top executives and leading cybersecurity professionals. Join us as they share expert tips, real-world experiences, and untold truths about protecting and securing your valuable information.

Our guest today is Dwinanto Prayoga, Game producer at Melon Gaming.

Melon Gaming is a game development company that provides a powerful and user-friendly game engine and editor, along with a range of services and partnerships to help both professional and independent game developers create and publish their games across multiple platforms

Based in Jakarta, Indonesia, the Melon Gaming team now counts 15 qualified game engineers, and has established partnerships with multiple gaming platforms and distribution channels, such as Google Gamesnacks, KaiOS, Facebook Instant Games, Cashtree, Ensoft, and Yandex Games.

What are the most overlooked cybersecurity threats affecting end users in the gaming industry? Why are these threats particularly concerning?

Both gamers and developers must remain vigilant and proactive in addressing these threats to foster a safe and enjoyable gaming environment.

Mobile games are frequently targeted by malware disguised as legitimate applications. Cybercriminals frequently exploit popular mobile games to distribute malware disguised as legitimate applications. These can steal your personal data or compromise your device functionality. For instance, malware can be embedded in pirated or unofficial versions of games, leading to severe security breaches for unsuspecting players.

Phishing remains another prevalent threat in the gaming community. Attackers often impersonate popular gaming platforms to trick users into revealing sensitive information, such as passwords and personal details. These scams can occur through emails, in-game chats, or fake websites.

Many gamers use the same username and password across multiple platforms, making them vulnerable to account takeovers. If one account is compromised, attackers can gain access to others, potentially leading to identity theft or financial loss. This is just the icing on the cake on the frequent data breaches that expose user credentials.

Cheating not only affects competitive balance in mobile games, but also poses security risks. Cheaters often use modified game versions or bots, which can introduce vulnerabilities or malicious code into the game environment. This can lead to data breaches, user data manipulation and consequently a decreased trust in the gaming platform

The first and foremost thing that Melon Gaming has done to address these issues, is ensuring our SSL encryption. SSL encrypts the data exchanged between the gamer’s device and the game server, making it harder for attackers to intercept sensitive information, such as your login credentials or payment details. This is particularly important in preventing phishing attacks and account takeovers.

When you see that a game server has an SSL certificate, you know that you are connecting to the legitimate server and not a malicious one. Less risks of phishing and man-in-the-middle attacks this way.

Last but not least, most data protection regulations require mobile apps to encrypt sensitive data.Mobile game developers should implement SSL to avoid the potential legal issues and fines. Gamers should always check the URL of the server they are connecting to to confirm SSL coverage. Just look at the URL in the browser’s address bar: If it begins with HTTPS (the ‘S’ stands for secure), it indicates that the connection is secured with SSL. Click also on the padlock icon next to the URL in the address bar to find detailed information about the SSL certificate (validity, issuing authority and whether the connection is secure or not).

What common cybersecurity beliefs and practices do you passionately disagree with? Why?

While antivirus packages often include additional features that can enhance security, these extras are often unnecessary, they may even lead to frustration. In fact, many gamers prefer antivirus solutions focused only on malware protection over bloated antivirus software that can significantly impact the performance of their gaming device.

That is surely a reason why many users now think that antivirus software may not be worth the investment, and prefer to rely solely on good security practices, such as regular updates and cautious browsing.

A tip from my experience here: I always scan my pc before anything, using Avast (premium version).

What are some things that people should START doing today that they’re currently not doing to protect their information?

There’s two things gamers and game developers should be particularly aware:

1. Do not answer emails that look suspicious

2. Beware of special offers (spyware!)

A study analyzing free games on the Google Play Store revealed that 87% of these games included at least one type of spyware, compared to 65% of paid games. Free games typically incorporate both ad trackers, which focus on advertising data, and analytics trackers, which monitor user interaction with the game. This is particularly prevalent in casual games, which tend to have more trackers due to their high user turnover and short engagement times.

The games with the most trackers are usually the short and simple ones, such as Candy Crush or Clash Royale. One way to get a better idea of whether a mobile game is reliable or not, is reading the reviews. Trustpilot is the platform where I go to double-check on any software I am going to use.

In your opinion, have tools and technologies improved enough to help end users secure their online privacy effectively? What improvements can be done in this area?

It’s ok, but we must keep adapting. It’s an ongoing thing, a cat and dog thing. Even governments are sometimes failing in recognising potential threats. Just look at what happened here in Jakarta not long ago.

There are 4 lessons game developers can learn from this episode:

1. The Importance of Data Backup and Recovery

The Indonesian incident highlighted the catastrophic consequences of inadequate data backup protocols. Gaming companies should implement comprehensive backup strategies to ensure that data can be restored quickly in the event of an attack.

Regularly testing these backup systems is essential to guarantee their effectiveness during a crisis.

Continuous vulnerability assessments and timely patch management are crucial
The gaming sector has faced a significant increase in cyber threats which often exploit unpatched vulnerabilities. Companies must prioritize regular security audits and updates to their systems to mitigate these risks.

Robust Authentication Mechanisms

Implementing multi-factor authentication (MFA) can significantly enhance account security, making it more difficult for attackers to gain unauthorized access to player accounts and sensitive data. Encouraging players to adopt MFA can also help protect their virtual assets and personal information.

Investing in Security Infrastructure

Investing in advanced security technologies, such as encryption and intrusion detection systems, is essential to protect both the company’s and players’ data from evolving threats

How can our readers follow your work?

Website:  melongaming.com

LinkedIn: https://www.linkedin.com/company/melon-gaming-limited/