作者：Mary Min

现在，几乎所有手机领域中的人都听过中国开发商Lilith Games与美国工作室uCool之间的官司，即Lilith起诉uCool的游戏《Allstar Heroes》抄袭了他们当下的大热游戏《Heroes Charge》。

这并不是第一次出现一款游戏模仿了另一款游戏的图像/游戏机制。（游戏邦注：还记得NimbleBits写给Zynga的公开信吗？）。不过如果开发者使用其他人的源代码的话则又是另外一回事。如果你看过Lilith所公开的一个关于uCool窃取他们的源代码的视频，你便能够理解我所说的意思：这明显地呈现出了uCool的《Heroes Charge》使用了Lilith所编写的源代码。

Heroes Charge(from cocoachina)

许多手机开发者同行认为应用盗版是“只存在于亚洲”的问题，但是Lilith与uCool之间的争论便证实了这一看法是错误 的。像《Threes》和《愤怒的小鸟》便遭遇了一些应用的非法复制并且这些应用也都出现在了亚洲的应用商店中，而《Heroes Charge》和《Allstar Heroes》则是西方开发商复制亚洲游戏的首个公开记录的法律案件。（这并不是说之前在西方未曾出现过抄袭情况，只是不存在足够明显的证据能够证实应用对于其它作品的源代码的复制。）

实际上，手机游戏开发是一项全球性的业务，一个区域中所发生的事也会对其它市场造成影响。让我进行更详细的解释：

第一款进入一个全新领域并成为该领域的“官方”游戏的盗版或非盗版游戏

《Heroes Charge》也是在最初创造者（在这个例子中便是《Allstar Heroes》）动身前便率先进入一个新领域并在此创造难以被超越的品牌名与用户基础的复制游戏的典例。Lilith还未在美国正式发行《Allstar Heroes》，而uCool则在去年8月便将游戏带到了美国市场。自那以后《Heroes Charge》便吸引了许多关注，并挤进了应用商店前100名畅销游戏排行榜中。这整整领先了对方7个月；7个月足以获取用户，获得盈利并拥有立足点了。所以让人感到讽刺的是，当《Allstar Heroes》在Facebook上表明了自己的立场时，美国市场却认为是《Allstar Heroes》复制了《Heroes Charge》！

问题在于大多数游戏的最初发行通常只限于少数国家。开发者往往缺少足够的资源去进行本土化并面向多个区域营销自己的游戏，更别说支持跨越多个国家的大规模运营了，所以他们总是不能确定一款游戏的表现如何。更不用说在发行后花几个月时间去巩固游戏，推动更新，创造并维持用户基础，以及获得较高的吸引力和盈利等等。向其它国家扩展的前提是先确保一切事物的有效运行。进军全新市场可能需要花费几个月甚至几年的时间。这就像是发行一款全新的游戏一般。

在整个亚洲市场这种情况其实是司空见惯的，但现在这种情形却出现在了全球市场中。这也引出了我的下一个观点：

不能进入一个新区域==错失利益

Lilith之所以如此迫切想要打压《Heroes Charge》便是因为后者赚取了巨大的利益。

在这几年的亚洲市场中，有些人会复制别人的游戏并将其发行于最初创造者未进入的其它市场中。King.com的《Candy Crush Saga》在中国便拥有许多复制者，就像Motley Fool在去年8月份所指出的：“手机游戏市场正在快速发展着—-在中国任何想要创造粉碎糖果游戏的人都利用了其英文或中文版本。”换句话说，在King准备进军中国市场前便有许多盗版游戏涌入这里。到那时候，人们会因为玩过英文版本以及中国复制版本而厌倦了游戏。如果用户失去了兴趣，游戏发行是不可能获得成功的，更别提赚取利益了。

Android的开放平台让应用发行可以无需经过繁琐的审查，而iOS的应用审查过程可能会察觉到一款游戏在游戏机制与图像上与其它游戏具有共同点，但是因为有太多游戏长得相像并且他们每天需要审查无数应用，所以也很容易出现漏网之鱼。亚洲分散的市场让我们很难为每个单一的市场贴上标签，并且每天监视无数个应用商店也需要开发者投入大量的资源。甚至当出现一款类似的游戏时，分析并判断这款游戏是否是复制品也需要花费大量的时间和资源。

为什么是亚洲市场呢？这是世界上最大的手机游戏市场，市场份额更是高达60亿美元。紧随其后的便是北美市场，即拥有30亿美元的市场份额。而游戏复制也不再“只是亚洲市场所具有的问题”。所以我们需要给予较大的关注并采取一些预防措施。

基于服务端的事后保护并不足够

当我在解释为什么应用盗版并不只是出现在亚洲市场的问题时，我经常得到这样的回答：“客户端被泄露并不是什么大问题，因为我们是将所有重要数据储存在服务器上。”但事实却不是如此。

让我们继续引用《Heroes Charge》和《Allstar Heroes》的例子：如果Lilith Games的主张是对的，那么从技术上来看uCool便能够逆向工程并重新装配一款基于客户端的应用，然后通过从客户端上的源代码所获得的信息而宣称数据是储存于服务端。这让uCool能够创造并运行自己的服务器，同时还能复制最初游戏的服务器。并且并不是只有这一家公司在这么做。

大多数成功的应用复制的运行都与其最初的复制对象一样，即带有相似的服务端结构让他们能够独立运行自己的服务。自然地，当开发者在考虑安全性时，他们主要是针对于服务端，因为这是储存数据的位置。但是他们经常忘记：进入服务器的主要通道的客户端。

作为一个产业，我们在执行积极的安全措施方面总是非常迟钝。我们总是在发生一些安全问题后才会做出回应，而不能积极主动地预防这些问题。而在安全问题上与不同的应用开发者共事时，我发现比起事先想出安全问题的对策，事后再解决应用盗版问题的成本将高出4倍。简单地说便是处理盗版问题的成本远高于你的想象。

Lilith为了提交《Heroes Charge》窃取其源代码的证据而投入了许多时间与资源。如果他们在一开始便采取了预防措施的话便能够有效预防源代码被窃取的问题。源代码模糊处理便是一种好方法，但是多名安全专家证实这种措施也会被轻易攻破。如果一款应用不能反编译，它便能够阻止其他人的逆向工程，或者能够阻碍别人去尝试窃取它。

说实话，应用复制，窃取和利用并不只是针对于手机游戏。它也存在于各种类型的应用中。但是它却导致游戏更加难以获得成功，因为在手机平台上，游戏所创造的收益超过了80%。我也希望通过本文能够提醒游戏开发者真正去关注这一问题。

（本文为游戏邦/gamerboom.com编译，拒绝任何不保留版权的转发，如需转载请联系：游戏邦）

Why Western Mobile Game Developers Need to Worry About Asian App Piracy

by Mary Min

By now, just about everyone in mobile gaming has heard about the legal battle between Chinese developer Lilith Games and US-based studio uCool, with Lilith alleging that uCool copied its game Allstar Heroes with its current hit, Heroes Charge.

It’s hardly the first time a game has closely modeled artwork/game mechanics of another title. (Remember NimbleBits’ open letter to Zynga?). But it’s quite another thing for one developer to use someone else’s source code. If you’ve seen the video Lilith posted to support a claim of source code theft by uCool, you know what I’m talking about: it apparently shows clear evidence that uCool’s Heroes Charge contained source code that was written by Lilith.

Many mobile developer colleagues assume that app piracy is an “only in Asia” problem, but the Lilith/uCool controversy shows this is not the case. Western games like Threes and Angry Birds have suffered from illegal cloned apps being released in Asian app stores in the past, but Heroes Charge/Allstar Heroes is the first publicly documented legal case of a Western developer cloning an Asian game. (This is not to say that apps haven’t been cloned before, but usually without such unambiguous proof that this cloning happened by decompiling and repackaging the app’s source code.)

The fact is, mobile game development is a global business, and what happens in one region impacts other markets too. Let me explain:

First Game to a New Territory — Copycat or Not — Becomes That Territory’s “Official” Game

Heroes Charge is yet another instance of a copied game entering a new territory before the original creator (Allstar Heroes, in this case) was able to do so, establishing a brand name and user base that may be difficult or impossible to unseat. Lilith has yet to officially release Allstar Heroes in the US, while uCool published their game to the American market last August. Since then, Heroes Charge has attracted much attention, hitting top 100 grossing in the app store. That’s a seven month head start; seven months to acquire users, monetize, and establish themselves. So ironically, as Allstar Heroes notes in their Facebook post, the US market’s perception is that Allstar Heroes copied Heroes Charge!

The trouble is, most games are usually first released to a limited number of countries. Developers typically lack resources to localize and market their game to multiple regions, let alone support large-scale live ops across many countries, and are usually uncertain whether a particular title will do well or not. Not to mention the inevitable struggle for a few months after launch to stabilize the game, push updates, build up and maintain a sustainable user base, get decent traction and monetization, etc. Expanding into other countries takes a backseat to just getting stuff to work. It can be months, or even years, to have the bandwidth to think about tackling new markets. It’s like launching a new game all over again.

This phenomenon is commonplace across various Asian territorires, but now it’s going global. Which takes me to my next point:

Losing Access to a Region = Losing Lots of Revenue

Here’s a picture of why Lilith is so intent on bringing Heroes Charge down: it makes a lot of money. Compare the performance of Allstar Heroes to Heroes Charge:

The higher the rank, the greater the revenue. Just look at all that money Allstar Heroes could be making!

We’ve seen this happen for years in Asia. Someone takes a game, copies it, and releases the title in other countries that the original creator has not yet entered. King.com’s Candy Crush Saga has numerous clones in the Chinese market, and as Motley Fool pointed out last August, “[the] mobile gaming market moves fast — anyone who wanted to crush candy in China has probably already done so through the English version or a Chinese clone.” In other words, copycat games flooded the China market before King could prepare a China-specific version. By then, the market has tired of the game, partly due to users playing the English version, as well as Chinese-made clones. Decreased interest does not bode well for a successful launch or for revenue.

Android’s open platform allows for easy app publishing with little to no review, and one would think that the iOS app review process would have noticed that one game looked nearly identical to another in both game play and graphics, but so many games look alike and reviewing thousands of apps every day means a lot of them will fall through the cracks. Asia’s fragmented marketplaces make it nearly impossible to keep tabs on every single one market, and to monitor the hundreds of app stores on a daily basis requires resources that a developer can’t spare. Even when a similar game comes on the scene, the time and resources necessary to analyze and determine whether the game is merely similar or is really a clone can be daunting.

Why Asia? Well, it is the largest mobile gaming market, with just under $6B market size. And you know what’s next? North America. With a $3B market. Cloning is no longer “just an Asia market problem.” It’s coming here, to our backyard, and we need to pay attention and take preventative measures.

Sever-Side, Post-Facto Protection Is Not Enough

When I explain why app piracy isn’t just an Asian market problem to colleagues, I often get a response like this: “It’s OK if the client side gets compromised, we store all the important data on the server anyway.” No, it’s not OK.

Consider the Heroes Charge/Allstar Heroes case: if Lilith Games’ claims are true, it was technically possible for uCool to reverse engineer and repackage a client side app, and figure out how and what data was stored on the server side through information gleaned from the source code on the client side — as well as make frequent server pings to Lilith’s game server. This information would make it possible for uCool to create and operate their own servers, and sufficiently replicate the original game’s servers. They’re not alone in doing this.

The majority of successful app clones behave just like their original counterparts, including similar server-side structures that allow them to run their services independently. Naturally, when developer think about security, resources are spent on server side, because that’s where the data is. What they often forget is this: The key to the server is through the client.

As an industry, we’ve been sluggish to implement active measures for security. We are more reactive to security issues after they happen, instead of being proactive about it. But in working with different app developers on security issues, I’ve found that it costs at least 4 times as much to recover from app piracy or hacking, compared to having security measures implemented beforehand. Simply put, hacking costs more than you think.

Lilith spent a lot of engineering time and resources to plant the tell-tale Easter egg inside their source code in order to submit it as evidence to the courts that Heroes Charge was pilfering their source code. They could have avoided all this and protected themselves in the market if they had just ensured the source code couldn’t be stolen in the first place. Source code level obfuscation is a good step, but multiple security experts have demonstrated that this can be easily reversed. If an app can’t be decompiled, it can prevent reverse engineering, or make it so difficult that it discourages people from trying.

To be fair, app cloning, cheats and exploits are not specific to mobile gaming. It exists across every category of apps. However it hits gaming harder, simply because of the sheer size – gaming accounts for over 80% of revenue generated on mobile. And as I hope this post makes clear, Western game developers will need to worry about it more and more.

So what can the average game developer do to protect themselves? I’ll explain in detail in a follow-up post.(source:gamasutra)