Community service announcement


#21

It says, “may” collect.

Besides, apps on ios devices cannot even read imei or mac adress etc. Only uuid which is irrelevant.


#22

It says “may” so that they can say they told you so, not because it doesn’t happen. And even if you are correct regarding what an application can or cannot see on iOS, what does that mean for all the Android users, who never gave permission for this kind of data to be collected (at least, according to the store policies, if this data is being collected, it needs to be disclosed to use at the time the application is installed).

2018-07-10_16-42-27


#23

This is from a transfer that happens before you even log in or have an account:

Example%202

This is part of what is transferred immediately after your account has been verified but while you’re still looking at the loading screen:

If you read a crash report, you will find even more goodies that you probably don’t really want floating around in the possession of a company that has said they are not responsible for what happens with any data they collect once that data has been shared with another party.


#24

I have no idea what any of that means but I liked it just because it sounds important…


#25

I believe those are mac addresses?


#26

The first shot has the Mac addresses (I blocked mine out). The second one has multiple identifiers unique to my device. The “Android_Odin” is the least important of these, since I am on Oreo. Starting with Oreo, each application has a unique identifier that is created when it is installed. As long as the “Android ID” does not change (it won’t without a factory reset) and the signing certificate for the application does not change since the last time the application was installed, “Android_Odin” will remain the same for that application.

There is more data included in the crash reports. “Android Serial” is the actual serial number for my phone. The IMEI is not included in this information, which is good, since the above info is transmitted every single time time you launch War Dragons.

IOW–if PG wanted to, they could make it FAR more difficult for a banned account to come back with a new account. But they don’t. They choose to use the Android ID, which is changed with a simple factory reset.


#27

OFC, if I were spekaing for PG, the reason I would give for using a less restrictive ban would be “any ban that lives through a reset would prevent new players from starting the game if they were to purchase a used device.”

BUT, as a security guy who doesn’t work for PG, my response to that would be the market for used devices is so large and the player base for WD is so small that the scenario you are proposing is very unlikely–IOW, the benefit to the existing players outweighs the potential risk to attracting new players. Even on a fully rooted/jailbroken device with a user who is comfortable with the Linux command line, modifying some of these numbers is very risky (specifically, the cell MAC and the IMEI). And within the player base, I would be shocked if more than a handful of people could even modify these two values, and even more surprised if they could do so without bricking the device.


#28

Now I need milk.

Make that whiskey…