People Are Great At Finding Exploits (See What This Brainiac Did)

My zombie survival game demo has a “nag screen” done so that after you’ve played the game, it opens the browser and comes to Dead Wake game website. I added a simple version parameter after it opens the webpage, just to get a bit of information about who got in the site from which version.

So, for example, if you try the demo it will open browser in an website address like this:

Now, this worked pretty okay, until I saw mysterious urls in my analytics page:

“Version=1?” I thought.

Then I realized that some guy had decided to type different version info directly in the browser (I suppose she really wants the game…). So basically, somebody did a tiny “hack” in my system.

So, the bottom line here is:

  • If you want to use Google Analytics to track your players, you can open browser window but it’s a good idea to give some code name to each version. Like instead of version=0.9.8 it could say “version=YARD” or “version=GUTS” or something like that.
  • Consider serializing/encrypting the information if you want to keep it more hack proof.
  • If you are using some other system (like the game discussing directly with your server – which my game actually does when submitting scores, but I don’t track these numbers right now) then of course this type of things are hardly needed.

And the other bottom line is that no matter what I do… I’m always getting surprised on how creative human species is. It’s fraking amazing what kind of ideas and ways people figure out to solve things, when you give them something to ponder.

Juuso Hietalahti


  1. Ah but you can cheat, by entering utm_nooverride=1 at the end then the first time they load the page it sets the cookie data, but it isn’t altered from that point on, so if they play around with numbers it won’t be altered.

    It’s true it doesn’t look as pretty, but that’s the price you pay I guess, in the end like you say there’s always that one person that tries to break the rules :D

  2. then they would change utm campaing to something else ;)

    And… I kind of wanted to keep it pretty clean link ;)

    And yeh, I definitely could use that. I’ve been using analytics way too manually (and kept saying “I should use more of these” ;). You are so right.

  3. If you want to track it through Google Analytics and you don’t want people to cheat the system then you should use campaign tracking.

    So you would link them to “http://www.deadwakegame.com/?utm_source=GameDemo&utm_medium=NagScreen&utm_campaign=V1.9.8”

    They’re probably less likely to cheat the system, and in analytics you can track say the number of purchases from each version or source or medium etc :)

Comments are closed.