Ethical hacking guides for Android game devs is your essential guide to building secure mobile games. This deep dive covers everything from common vulnerabilities to the latest security best practices, ensuring your games are protected against malicious actors. We’ll explore real-world examples and provide actionable strategies to keep your games safe and your players happy.
This comprehensive guide will walk you through the essential steps to secure your Android game development process. From understanding fundamental ethical hacking principles to practical implementation, we cover everything needed to build robust security into your game design. We’ll explore how to identify potential vulnerabilities and provide effective mitigation strategies.
Introduction to Ethical Hacking for Android Game Developers
Ethical hacking for Android game devs is about proactively finding and fixing security flawsbefore* malicious actors do. It’s a crucial process for ensuring the safety and integrity of your game and player data. This approach, when done responsibly, helps developers build more robust and trustworthy applications.Security is paramount in the Android game development landscape. Players expect a safe environment for their in-game actions and personal information.
Compromised security can lead to data breaches, reputational damage, and financial losses for both developers and players. Understanding potential vulnerabilities allows developers to implement stronger security measures, reducing the risk of these issues.
Potential Vulnerabilities in Android Games
Android games, like any software, have various potential vulnerabilities. These range from simple coding errors to more sophisticated exploits targeting specific game mechanics. A thorough understanding of these vulnerabilities is essential to build secure games.
- Data Handling Issues: Insecure storage and transmission of sensitive data, like player accounts and high scores, can expose users to potential theft or misuse. Improper handling of user credentials or in-app purchases can lead to unauthorized access.
- Remote Code Execution (RCE): A critical vulnerability where attackers can inject malicious code into the game. This can allow them to gain control over the device, steal data, or even crash the game.
- Injection Flaws: These occur when untrusted data is inserted into a command or query. Attackers can use this to manipulate the game’s behavior or access unauthorized data.
- Authentication and Authorization Problems: Weak or easily guessable passwords, insufficient verification procedures, and lack of proper authorization checks can allow unauthorized access to the game’s resources.
- Denial-of-Service (DoS) Attacks: These attacks can overwhelm the game’s servers or the player’s device, making the game unplayable for legitimate users.
Legal and Ethical Considerations
Ethical hacking necessitates a strict adherence to legal and ethical boundaries. Developers must operate within the confines of relevant laws and regulations regarding data privacy and security.
“Ethical hacking is not about causing harm; it’s about identifying and mitigating risks.”
It’s crucial to obtain explicit permission before testing any application or system. Unauthorized testing is illegal and unethical. Always focus on identifying vulnerabilities and reporting them responsibly to the relevant parties.
Vulnerability Analysis Table
| Vulnerability Type | Description | Potential Impact | Mitigation Strategies |
|---|---|---|---|
| Data Handling Issues | Improper handling or storage of sensitive data. | Data breaches, unauthorized access, financial loss. | Implement robust encryption, secure storage mechanisms, and secure data transmission protocols. |
| Remote Code Execution (RCE) | Attackers execute arbitrary code on the target system. | Device compromise, data theft, game manipulation. | Validate all inputs, sanitize user data, and use secure coding practices. |
| Injection Flaws | Untrusted data is inserted into commands or queries. | Data breaches, unauthorized access, and manipulation of game data. | Use parameterized queries, input validation, and output encoding to prevent injection attacks. |
| Authentication and Authorization Problems | Weak authentication mechanisms and insufficient authorization checks. | Unauthorized access, data breaches, and manipulation of game data. | Implement strong password policies, multi-factor authentication, and proper authorization checks. |
| Denial-of-Service (DoS) Attacks | Overwhelm the game’s servers or the player’s device. | Game unavailability, disruption of service. | Implement rate limiting, input validation, and appropriate server-side security measures. |
Common Vulnerabilities in Android Games
Android game development is booming, but with that comes the need for robust security measures. Games often handle sensitive data, and if not protected correctly, they become prime targets for malicious actors. Understanding common vulnerabilities is crucial for developers to build secure applications and protect user data and the integrity of their game.The increasing complexity of Android game applications, coupled with the ever-evolving landscape of attack techniques, necessitates a deep understanding of potential security flaws.
This section details prevalent vulnerabilities in Android games, emphasizing the critical need for developers to proactively address these issues during the development lifecycle.
Data Handling Vulnerabilities
Data handling in games often involves storing user preferences, high scores, and potentially even sensitive information like in-app purchase details. Poorly implemented data handling can expose this data to unauthorized access. Data leaks can result in financial losses or reputational damage.
- Improper Data Validation: Failing to validate user inputs before processing them can lead to various issues, such as SQL injection attacks, cross-site scripting (XSS), and denial-of-service (DoS) attacks. For example, if a game allows users to input custom levels or high score strings without proper validation, an attacker could inject malicious code or manipulate data structures to compromise the game.
- Insufficient Encryption: Storing sensitive data without adequate encryption exposes it to potential theft. Insecure storage of user credentials, payment information, or game progress data is a critical security concern. If a game’s database or file system isn’t properly encrypted, attackers can potentially decrypt sensitive data.
- Insecure Data Transmission: Transferring data over unencrypted channels like HTTP can leave it vulnerable to interception. If data is transmitted over insecure channels without encryption, an attacker can potentially eavesdrop on the communication and gain access to the sensitive information.
Authentication and Authorization Vulnerabilities
Robust authentication and authorization mechanisms are essential for protecting game resources and user accounts. Weaknesses in these areas can allow unauthorized access or manipulation of game data.
- Weak Password Policies: Allowing weak or easily guessed passwords can easily compromise user accounts. A simple example would be the use of a common password across multiple platforms, or a password that is easily deciphered from personal information.
- Broken Authentication: Vulnerabilities in authentication systems allow attackers to impersonate legitimate users, leading to unauthorized access to game resources. A common weakness is not verifying user identity before granting access to sensitive information.
- Insufficient Authorization Controls: Failing to restrict access to specific game resources based on user roles or permissions can lead to unauthorized access. For instance, a user with limited permissions might gain access to features they are not authorized to use.
Attack Vector Comparison
Different attack vectors target various aspects of Android game applications. This table summarizes common attacks and their impact.
Ethical hacking guides for Android game devs are super important, you know? Learning how to protect your game’s code from vulnerabilities is crucial. Thinking about things like how to handle user data securely is also key. Like, if you’re dealing with sensitive info, you need to make sure you’re following all the right protocols. And, while we’re on the topic of security, replacing a swollen battery in your OnePlus Nord CE 4 here is a totally different kind of problem but important too, and that attention to detail in both situations is what matters when building a secure product.
| Attack Type | Description | Impact |
|---|---|---|
| SQL Injection | Malicious code injected into SQL queries to manipulate or gain access to the database. | Data breaches, unauthorized access to user data. |
| Cross-Site Scripting (XSS) | Malicious scripts injected into web pages to steal user data or redirect users to malicious sites. | Data theft, account hijacking, session hijacking. |
| Denial-of-Service (DoS) | Overloading a server or application with requests to disrupt its operation. | Service disruption, loss of revenue, damage to reputation. |
| Man-in-the-Middle (MitM) | An attacker intercepts communication between two parties to eavesdrop or manipulate data. | Data interception, modification of game data. |
Security Best Practices for Android Game Development
Building secure Android games is crucial for protecting user data and maintaining a positive user experience. Ignoring security can lead to data breaches, compromised accounts, and reputational damage. These best practices provide a framework for developers to proactively address security concerns.Implementing robust security measures early in the development lifecycle is significantly more effective and less costly than addressing vulnerabilities later.
A proactive approach can help prevent common exploits and ensure the integrity of your game and user data.
Secure Coding Techniques
Proper coding practices are fundamental to preventing vulnerabilities. Employing defensive programming techniques helps mitigate potential risks. This includes validating all user input to prevent injection attacks, sanitizing data to prevent cross-site scripting (XSS) attacks, and using parameterized queries to protect against SQL injection. Always avoid hardcoding sensitive information like API keys or passwords directly into your code.
- Input Validation: All user-supplied data, including data from forms, network requests, and file uploads, must be validated. This validation should ensure data conforms to expected formats and ranges, preventing malicious input from compromising the system.
- Data Sanitization: Sanitizing data involves removing or encoding potentially harmful characters from user input. This helps prevent attacks like cross-site scripting (XSS) and command injection.
- Secure Storage of Sensitive Data: Never store sensitive information, like passwords or API keys, in plain text. Instead, use secure storage mechanisms such as encryption and secure key management.
- Least Privilege Principle: Grant only the necessary permissions to your application components. Avoid over-permissioning your application and strictly adhere to the least privilege principle to limit the impact of potential compromises.
- Using Secure Libraries and Frameworks: Leverage established, secure libraries and frameworks whenever possible. Always double-check that the libraries you use are regularly updated to patch known vulnerabilities.
Secure Data Storage and Transmission
Protecting user data is paramount. Implement encryption both at rest and in transit. Secure data storage methods, like using a dedicated database for sensitive information and employing strong encryption algorithms, are crucial. Secure communication protocols, such as HTTPS, are essential for transmitting data securely.
- Data Encryption: Encrypt sensitive data both at rest (when stored in databases or files) and in transit (when being transmitted across networks). Use industry-standard encryption algorithms, like AES, and strong key management practices.
- Secure Communication Protocols: Use HTTPS for all network communication involving user data. This ensures that data transmitted between the client and server is encrypted.
- Secure Database Handling: Employ proper database security measures, including strong passwords, access controls, and regular security audits. Limit database access to only authorized personnel.
Secure Authentication and Authorization
Robust authentication and authorization are essential for protecting user accounts and preventing unauthorized access. Implementing multi-factor authentication and role-based access control enhances security.
- Multi-Factor Authentication (MFA): Implement MFA to add an extra layer of security. This typically involves requiring a code sent to a separate device or a unique password in addition to a username and password.
- Role-Based Access Control (RBAC): Implement RBAC to restrict access to specific resources based on user roles. This approach ensures that only authorized users can access sensitive data or perform specific actions.
- Strong Passwords: Enforce strong password policies to prevent brute-force attacks. Guide users on creating complex and unique passwords. Consider password managers for improved password security.
Security Tools and Frameworks
Leveraging available tools and frameworks can significantly improve your game’s security posture.
- ProGuard: Obfuscate your code to make it more difficult for attackers to reverse engineer and understand your game’s logic. ProGuard is a powerful tool for this purpose.
- Android Keystore: Utilize Android’s built-in keystore for secure storage of cryptographic keys. It’s a crucial component for managing encryption keys.
- Security Scanners: Employ security scanners to identify potential vulnerabilities in your code and configuration. Tools like Snyk and Checkmarx can automate this process and identify potential security risks early in the development process.
Ethical Hacking Methodologies for Android Games
Ethical hacking for Android games involves systematically identifying and exploiting vulnerabilities in the game’s code, systems, and data to assess its security posture. This process, when performed responsibly and ethically, helps developers strengthen their defenses and prevent malicious actors from compromising the game or user data. It’s crucial to remember that ethical hacking is about proactively finding weaknesses, not about exploiting them for personal gain.This methodology leverages various techniques to simulate real-world attacks, allowing developers to proactively identify and mitigate potential threats.
Different methodologies, tools, and procedures are tailored to the specific context of Android game development, encompassing the intricacies of the game’s logic, user interaction, and data handling.
Penetration Testing Procedures for Android Games
Penetration testing for Android games is a crucial part of the security assessment process. It involves mimicking real-world attacks to identify weaknesses in the game’s design, code, and infrastructure. A comprehensive approach includes analyzing the game’s architecture, user authentication, data handling, and communication protocols.Penetration testing procedures typically follow a structured approach:
- Reconnaissance: This initial phase involves gathering information about the target system, including the game’s architecture, available APIs, and potential entry points for attacks. This information is vital for developing effective attack strategies. It’s like gathering intel before a mission, knowing the enemy’s strengths and weaknesses.
- Vulnerability Analysis: This stage focuses on identifying potential vulnerabilities in the game’s code, logic, and security mechanisms. It uses various techniques like static and dynamic analysis to find flaws in the software.
- Exploitation: If vulnerabilities are found, this stage attempts to exploit them to gain unauthorized access or control over the system. Ethical hackers carefully document the steps and results of the exploitation process, providing valuable insights for developers.
- Post-Exploitation: This phase involves assessing the extent of the compromise and determining the impact of the vulnerabilities on the game’s security. It’s about understanding the scope of potential damage and figuring out how to fix the issues.
- Reporting: The final step involves providing a comprehensive report to the game developers outlining the discovered vulnerabilities, their potential impact, and recommendations for remediation. This report should be detailed, actionable, and easy to understand.
Vulnerability Scanners and Static/Dynamic Analysis Tools
Various tools aid in the identification of vulnerabilities in Android games. Vulnerability scanners automate the process of finding known security flaws in applications. Static analysis tools examine the game’s code without running it, looking for coding errors and potential security issues. Dynamic analysis tools, on the other hand, analyze the game’s behavior while it’s running, providing insights into potential vulnerabilities in runtime.
- Examples of Vulnerability Scanners: OWASP ZAP, Nessus, and QualysGuard are examples of general-purpose vulnerability scanners that can be adapted for Android games. They can identify common web vulnerabilities that might affect the game’s backend or user interface.
- Static Analysis Tools: FindBugs, Checkstyle, and PMD are commonly used static analysis tools. They help identify potential coding errors and security flaws in the game’s source code, like SQL injection vulnerabilities or insecure data handling.
- Dynamic Analysis Tools: These tools, like Android Debug Bridge (ADB), allow for monitoring the game’s behavior during execution. This allows for identification of vulnerabilities that might only surface during gameplay, like buffer overflows or memory leaks.
Step-by-Step Procedure for Conducting a Penetration Test
A standardized approach to penetration testing helps ensure thoroughness and consistency.
- Planning: Define the scope of the test, including the target systems and the types of attacks to simulate.
- Reconnaissance: Gather information about the target system, including its architecture, APIs, and potential vulnerabilities.
- Vulnerability Scanning: Use automated tools to scan for known vulnerabilities and identify potential weaknesses.
- Exploitation: Attempt to exploit identified vulnerabilities, carefully documenting each step and the results.
- Post-Exploitation: Assess the impact of the vulnerabilities and determine the level of compromise.
- Reporting: Compile a comprehensive report detailing the findings, impact, and recommendations for remediation.
Using a Vulnerability Scanner to Identify Potential Risks
Vulnerability scanners are valuable tools for automating the identification of known security weaknesses. These tools can quickly scan the game’s code and identify potential risks. A vulnerability scanner typically uses a database of known vulnerabilities to identify potential problems in the codebase.Using a scanner like OWASP ZAP, the process often involves these steps:
- Installation: Install the scanner on the appropriate platform.
- Configuration: Configure the scanner to target the game’s assets and code.
- Scanning: Initiate the scan and wait for the results.
- Analysis: Review the scanner’s output to identify any flagged vulnerabilities and assess their potential impact.
Case Studies and Real-World Examples
Android game development, while exciting, comes with a significant security risk. Understanding real-world breaches and successful ethical hacking engagements is crucial for developers to fortify their games against potential exploits. Learning from others’ mistakes is often the best way to prevent similar problems in your own projects. This section dives into specific examples and the implications for developers and players.
Real-World Security Breaches in Android Games
Game developers face various security threats, ranging from simple data breaches to more sophisticated exploits. Analyzing these incidents provides insights into common vulnerabilities and effective mitigation strategies. Examples include compromised accounts, unauthorized access to player data, and in-game glitches enabling unfair advantages.
Consequences of Security Breaches for Developers and Players
Security breaches in Android games can have severe consequences for both developers and players. For developers, reputational damage, legal issues, and financial losses are potential outcomes. Players might experience account compromises, loss of in-game progress, or even fraud. The trust between the game developer and the user base is often severely damaged.
Successful Ethical Hacking Engagements in the Android Gaming Industry
Ethical hacking plays a vital role in identifying vulnerabilities before malicious actors exploit them. Successful engagements often involve proactive security audits, penetration testing, and vulnerability assessments. These efforts can highlight potential flaws in game code, data handling procedures, or even server-side security. This proactive approach prevents breaches from occurring in the first place.
Analyzing the Root Cause of Vulnerabilities
Understanding the root cause of vulnerabilities is crucial for effective mitigation. This involves investigating the design, implementation, and testing phases of game development. Poor code quality, insufficient security testing, and inadequate access controls are common causes of exploitable vulnerabilities. Pinpointing the root cause helps developers implement targeted solutions to prevent similar problems in the future.
Comparison of Real-World Android Game Breaches, Ethical hacking guides for Android game devs
| Breach Scenario | Vulnerability Type | Impact on Developers | Impact on Players | Mitigation Strategies |
|---|---|---|---|---|
| In-game currency exploit | Server-side vulnerability in transaction handling | Loss of revenue, reputational damage, legal issues | Loss of in-game progress, frustration, loss of trust | Robust server-side security, thorough testing, security audits |
| Account takeover through weak password policies | Insufficient authentication mechanisms | Loss of user data, reputational damage | Loss of progress, stolen in-app purchases, identity theft | Strong password policies, multi-factor authentication, secure user management |
| Exploiting an insecure API | Improper input validation | Data breaches, denial-of-service attacks | Compromised accounts, loss of data | Input validation, secure API design, regular security updates |
This table highlights the diverse ways Android game security can be compromised. Each breach type presents unique challenges for developers and players. The mitigation strategies provide actionable steps for addressing these vulnerabilities.
Tools and Resources for Ethical Hacking in Android Game Development: Ethical Hacking Guides For Android Game Devs
So, you’ve learned the basics of ethical hacking, now it’s time to dive into the practical side of assessing Android game security. Knowing the right tools and resources is key to effectively identifying vulnerabilities without causing harm. This section will equip you with the necessary tools and frameworks to conduct thorough security assessments, fostering a secure development environment for your games.Understanding the tools and resources available for ethical hacking is crucial for responsible security analysis.
A well-equipped arsenal allows for a more comprehensive understanding of potential vulnerabilities in Android games, preventing costly mistakes and ensuring a robust user experience.
Security Assessment Tools for Android Games
Various tools are available to help assess the security of Android games. These tools assist in identifying potential vulnerabilities like buffer overflows, SQL injection, and insecure data handling. Using automated tools is often a great starting point, but don’t neglect manual analysis for a complete picture.
- Static Analysis Tools: These tools examine the code without running it, looking for potential security flaws. Examples include FindBugs, Checkstyle, and Lint (built into Android Studio). These tools can detect coding errors and insecure practices early in the development lifecycle.
- Dynamic Analysis Tools: These tools analyze the game while it’s running. They can help identify vulnerabilities in runtime behavior. Examples include Frida, which allows you to intercept and modify application behavior during execution. This can reveal vulnerabilities that static analysis might miss.
- Network Analysis Tools: Tools like Wireshark can capture and analyze network traffic to identify potential security breaches during gameplay. This helps understand how data is exchanged between the game and the server, looking for unusual patterns or exposed data.
- Vulnerability Scanners: These tools automate the process of identifying vulnerabilities in Android applications. They scan the application for known security flaws and provide detailed reports. Examples include OWASP ZAP, which can be used to identify potential security vulnerabilities in web services integrated with the game.
Secure Android Game Development Frameworks
Secure development frameworks can significantly enhance the security posture of Android games. These frameworks provide best practices and guidelines for building secure applications.
- Android Security Architecture: The Android OS itself has built-in security features. Understanding and utilizing these features, like permissions management and secure storage, is crucial for secure development. Knowing which permissions are necessary for each feature and why is paramount to avoiding unnecessary risks.
- Secure Coding Practices: Adhering to secure coding practices is essential for preventing vulnerabilities. These include input validation, proper handling of user input, and secure storage of sensitive data. By following secure coding standards, you significantly reduce the attack surface of your application.
- Open-Source Security Libraries: Several open-source libraries provide secure implementations of common security functionalities. These libraries are often tested and reviewed by the community, making them a reliable resource for implementing secure features. Leveraging these libraries can save development time and ensure robust security.
Online Communities and Forums
Active online communities and forums can be invaluable resources for sharing knowledge and resources related to Android game security. These communities provide a platform for discussing ethical hacking techniques and staying updated on the latest threats.
Ethical hacking guides for Android game devs are super important, especially when you’re looking at ways to keep your game safe from attacks. One key thing to consider is sideloading apps, like in the article about Avoid Google Play 30% fee with sideloaded stores. This can impact security, and ethical hackers need to understand how these alternative app distribution methods might affect their game’s vulnerabilities.
Ultimately, learning about ethical hacking is crucial for any Android game developer.
- XDA Developers: XDA Developers is a popular forum for Android developers, including game developers. This forum is a good source for learning about Android development, including security-related topics. It can be a valuable resource for seeking help and sharing insights with other developers.
- Stack Overflow: Stack Overflow is a general-purpose Q&A site for programmers. It has a significant Android developer community and can be a valuable source for finding solutions to security issues and discussing related topics.
- Reddit (r/androiddev, r/gamedev): Reddit communities dedicated to Android development and game development often have threads and discussions about security concerns and best practices. It can be a valuable resource for staying updated on trends and security challenges in the industry.
Staying Updated on Security Threats
The threat landscape is constantly evolving. Keeping abreast of emerging security threats and vulnerabilities is critical for building secure Android games. Regularly reviewing security advisories and following security blogs is essential.
- Security Advisories and Patches: Stay updated on security advisories released by Google and other relevant organizations. Patches often address newly discovered vulnerabilities, so keeping up with these is critical to protecting your users and your application.
- Security Blogs and Newsletters: Follow security blogs and newsletters that cover Android application security. This allows you to stay informed about the latest threats and potential vulnerabilities in Android games.
Resources for Learning About Android Security
Numerous resources can help you delve deeper into Android security. These resources provide valuable insights and practical guidance.
- Android Security Training : Google’s official documentation on Android security is a comprehensive resource for learning about security best practices.
- OWASP Top 10 for Android Applications : The OWASP Top 10 for Android applications provides a framework for identifying common vulnerabilities and following security best practices.
- Android Security Documentation : A deep dive into the Android platform’s security features and mechanisms.
Future Trends in Android Game Security
The mobile gaming industry is booming, attracting more players and developers. This rapid growth, however, brings a surge in potential security vulnerabilities. Understanding and anticipating future threats is crucial for maintaining user trust and preventing financial losses. Developers need to proactively adapt their security strategies to stay ahead of emerging risks.
Emerging Threats and Vulnerabilities
The landscape of mobile game security is constantly evolving. Sophisticated attackers are developing new techniques to exploit vulnerabilities in Android games. These include malicious code injection, unauthorized data access, and manipulation of game mechanics for fraudulent gain. For example, malicious actors could inject code that steals user data or modifies game scores, leading to financial losses and user dissatisfaction.
The rise of blockchain and decentralized gaming introduces unique security challenges, with potential for attacks targeting smart contracts and in-game assets.
Future Trends in Mobile Game Security
The future of mobile game security will likely involve an increased focus on advanced security testing and penetration testing to identify and address weaknesses proactively. Real-time threat detection and mitigation will become more prevalent, leveraging AI and machine learning to identify malicious patterns and prevent attacks in real time. The growing complexity of games and the expansion into new areas, such as augmented reality and virtual reality, will require new security solutions to protect against unique vulnerabilities.
A robust security framework incorporating regular updates and patches will be essential.
Importance of Continuous Security Monitoring and Updates
Regular security monitoring and updates are critical for maintaining a strong security posture. Game developers should implement systems that continuously scan for potential threats and vulnerabilities. This includes incorporating automated vulnerability scanning tools, real-time threat intelligence feeds, and regular security audits. Security updates should be deployed promptly to address newly discovered vulnerabilities. Failure to do so can leave games susceptible to exploitation.
Role of Artificial Intelligence and Machine Learning
AI and machine learning are rapidly transforming various industries, including cybersecurity. AI-powered systems can analyze vast amounts of data to identify suspicious patterns and anomalies in game activity. Machine learning algorithms can be trained to recognize and classify malicious behaviors in real-time, enabling faster response times to threats. This proactive approach can significantly reduce the impact of security breaches.
For example, machine learning models could detect unusual in-game transactions or player behavior that might indicate fraudulent activity.
Summary of Future Security Considerations
Mobile game developers must anticipate future threats and adapt their security strategies accordingly. Continuous monitoring, updates, and the integration of AI and machine learning will be essential for maintaining user trust and preventing financial losses. Furthermore, ongoing research and development in security solutions are crucial for a secure and thriving mobile gaming ecosystem. Security should be integrated into the development process from the initial design phase to ensure comprehensive protection.
Ultimate Conclusion
In conclusion, securing your Android games requires a proactive approach. By understanding the vulnerabilities, implementing best practices, and utilizing ethical hacking methodologies, you can significantly enhance the security of your creations. We’ve provided a detailed roadmap to follow, equipping you with the knowledge and tools to protect your games and user data. Stay updated on the ever-evolving landscape of mobile game security, and you’ll be well-positioned to create resilient and trusted games.
