Just about every parent has allowed a child to download what appears to be a harmless game to amuse their children onto a device they use for work. But as it turns out, many of those gaming apps may not be nearly as innocent as they seem.
A report from Rubica, a provider of services for securing endpoints, finds that the issue is not so much the relative security of the initial gaming application installed, but rather all the secondary applications that are downloaded to enhance the gaming experience.
Th Rubica report ranks the top 20 free mobile games aimed at children with scores that range from “safe” to “unsafe.” Out of the 20 games played and tested by Rubica, more than 61 secondary apps can end up being downloaded after the initial gaming application is installed. The gaming application rated as being most unsafe by Rubica was Sonic Dash from Sega, followed by Rolling Sky from Cheetah.
Fruit Ninja from Halfbrick Studios, meanwhile, received a “not recommended” rating, while Hot Wheels: Race Off from Hutch Games should only be installed with parental supervision, the report finds. Only Super Mario Run from Nintento received a perfect safe rating.
Rubica president Roderick Jones, a former detective with Scotland Yard, noted the games tested were all downloaded from iTunes and Google Play Store so no one should assume that applications that passed security tests conducted by Apple or Google should assume those applications are inherently safe. In fact, Jones notes that cybercriminals are becoming more adept at creating fake secondary applications designed to fool children into thinking they are a legitimate extension of the game. Those applications then surreptitiously gather data such as contact lists from the machine they are installed on that could be used later to launch, for example, a phishing attack against the parent that would contain very high degree of detail about that individual. Of course, the more detail in that phishing attack, the more likely it becomes the parent will click on a link or download a file loaded with malware.
Jones said cybersecurity professionals need to put in place mechanisms that either prevent these gaming applications from being downloaded in the first place or aggressively scan to make sure they are legitimate. Given that fact that most people already use smartphones, tablets and PCs for both work and play regardless of who owns them, it’s unlikely most organizations will be able to ban gaming applications.
Many children these days are also very adept at bypassing security controls. The issue is that many of these gaming applications make it very challenging to determine where the data they collect is really going because there’s often a lack of transparency into the relationship between the game publisher, the app store and an ad network trying to monetize the “free” game.
As such, Jones said it’s incumbent on cybersecurity teams, like it or not, to expand the reach and scope of their cybersecurity defense strategy to include gaming applications. Despite how entertaining those applications are, it may turn out that they are anything but child’s play.