Mobile gaming: protecting privacy online

Mobile gaming and data collection

With more than two and a half billions enthusiasts worldwide, mobile gaming is a booming market: according to the most recent study carried out by SELL (the French union for publishers of gaming software), 2021 was a landmark year for the mobile gaming industry. From Candy Crush Saga to Call of Duty and Fortnite, the range of games available to play on smartphones is wide and varied. There are understood to be close to 36 million players in France, from casual users to the more committed, who prefer playing on their mobiles to playing on traditional consoles.

But the enjoyability and ease of use of mobile gaming can mask one major downside: threats to the privacy of online gamers. Like many applications installed on our smartphones, which we use every day without stopping to think, a lot of video games feature data collection programs that record everything we do - some are even designed to gather data without us knowing.

This is an area which Spirals, a project team at the University of Lille Inria Centre, has chosen to home in on: understanding how web browsers and mobile applications work, and identifying security breaches or threats to user data. A joint undertaking involving CRIsTAL (Centre de Recherche en Informatique, Signal et Automatique de Lille  - the Lille Centre for Research Into IT, Signals and Automation) and the institute, the team - which has 11 permanent researchers and 30 to 35 PhD students, postdocs and engineers - devotes part of its focus to the challenges surrounding the use and protection of data online.

Pierre Laperdrix, a research fellow at the CNRS and a member of Spirals, studies tracking, which involves collecting data on users of online services (browsers, applications, etc.). “The digital world has helped to create a data-sharing society and economy”, explains the IT researcher. “Data collection is used in some cases to improve services offered to digital users, but more often than not it is done for commercial purposes. The nature and the quantity of the data that is collected, which can then be shared or potentially sold, is hidden from users. More importantly, so is how it is used.”

One of the uses to which data is put is to build “user profiles”: based on analysis of online behaviour (sites visited, applications used, products bought, etc.), these profiles attract attention from businesses.

“This data collection, which is geared towards the target audience, can be used for other purposes, which may be more harmful for digital citizens, including when sensitive data is involved (including information on health, political opinions and users’ identities)”, stresses Pierre Laperdrix. “It is essential that digital users be made aware of these risks and take back control of their data.”

Alongside his colleague Walter Rudametkin, plus two PhD students from Spirals, Antonin Durey and Naif Mehanna, the researcher has just completed a large-scale study, the methodology and conclusions of which will be presented at The Web Conference 2022, featuring the eloquently-titled paper: “The Price to Play”. The objective of their research was to identify “trackers” (programs used to collect information) in mobile games.

“We wanted to conduct an overview of the different types of tracking practices across different categories of games (casual games, role-playing and adventure games, educational games, etc.), the aim being to determine whether the fact that games were free or not had any influence on data collection”, explains the IT specialist. The researchers devised a protocol for analysing the source codes for these games, allowing them to detect lines of code indicating the presence of trackers. When it came to carrying out this extensive study (more than 6,750 games were analysed in detail), they used a service which gave them access to fee-based games (more than 400 of them) and the audit platform Exodus, an application scanner.

One striking result of this study was that contrary to what you might have thought, paying for a video game does not necessarily protect you from tracking. The researchers detected the presence of trackers in 65% of fee-based games - and in more than 85% of free games. They were able to draw more specific conclusions, showing for instance that casual games had the highest proportion of trackers, while educational games were least likely to have them (without being completely exempt). “Casual games are played more sporadically than educational games, which require sustained use”, explains Pierre Laperdrix. “As such, it’s not surprising to find a greater number of trackers in casual games, given that the aim is to collect data over a brief period of time.”

Not only will it benefit the wider community of IT researchers, but the research carried out by Pierre Laperdrix and his colleagues, plus the analysis they provide, will also benefit internet users and citizens. “We often present the fruits of our labour to the wider public, who realise just how much data is being collected. This helps to raise awareness, and may lead to more sustainable changes in habits, which could be included in new practices for software publishers”, concludes the researcher.