Idyllic Software has been delivering Ruby on Rails, ReactNative and NodeJS consulting projects to their customers since 2010. In particular, they develop awesome websites and mobile apps for their customers across a wide range of sectors including leisure, transportation, healthcare, and their own gaming app, 747, which taught them some valuable lessons about API security.
Once we had deployed Approov, game play increased by more than 3x. It was amazing to see players engaging so enthusiastically once they knew that automated cheaters had been outlawed.
Jinesh Parekh, Partner
The Idyllic team built a gaming app called 747. It’s a real money, skill based betting app where two players are served the same math question simultaneously. Players are paired randomly, and the player able to solve the puzzle fastest wins.
Unfortunately, questions could be captured and solved programmatically. The very real prospect of genuine players losing money to the cheaters is a reputational nightmare and risked the game being dead on arrival. It was imperative that something was done, and done quickly.
The Idyllic team thought like a hacker, realizing that the app could be reverse engineered relatively easily to reveal the API key and that the API protocol could be established by examining the traffic patterns from/to the app. A script could then be created to read the math question, compute the answer and deliver it almost instantaneously.
To keep cheaters out of the platform, they wanted to ensure that only answers coming from genuine instances of the 747 mobile app running in a trusted environment would be accepted. They initially looked at app hardening/shielding solutions but concluded these approaches were too technically invasive and costly for this use case, and they did not protect the APIs themselves.
They found Approov, integrated it into the 747 app, and monitored the usage metrics provided by Approov to ensure the cheating was shut down and watched legitimate game play steadily increase.
We just wanted to stop the cheaters, and when we looked at Approov we immediately felt we had found what we were looking for. It was simple to integrate and deploy, solved the precise problem we were worried about, and came with an awesome support team.