Mobile gaming applications (apps) have become increasingly pervasive, including a growing number of games designed for children. Despite their popularity, these apps often integrate complex analytics, advertising, and attribution infrastructures that may introduce privacy and security risks. Existing research has primarily focused on tracking behaviors or monetization models, leaving configuration-level privacy exposure and children-oriented apps underexplored. In this study, we conducted a comparative static analysis of Android mobile games to investigate privacy and security risks beyond permission usage. The analysis follows a three-phase methodology comprising (i) designing study protocol, (ii) Android Package Kit (APK) collection and static inspection, and (iii) data analysis. We examined permissions, manifest-level configuration properties (e.g., backup settings, cleartext network traffic, and exported components), and embedded third-party Software Development Kit (SDK) ecosystems across children-oriented and general-audience mobile games. The extracted indicators are synthesized into qualitative privacy-risk categories to support comparative reporting. The results showed that while children-oriented games often request fewer permissions, they frequently exhibit configuration-level risks and embed third-party tracking SDKs similar to general-audience games. Architectural and configuration decisions play a critical role in shaping privacy risks, particularly for apps targeting children. This study contributes a holistic static assessment of privacy exposure in mobile games and provides actionable insights for developers, platform providers, and researchers seeking to improve privacy-by-design practices in mobile applications.

翻译：移动游戏应用日益普及，其中包括越来越多专为儿童设计的游戏。尽管这些应用广受欢迎，但它们通常集成了复杂的分析、广告和归因基础设施，可能带来隐私和安全风险。现有研究主要关注追踪行为或盈利模式，而对配置层面的隐私暴露及面向儿童的应用探索不足。本研究通过对Android移动游戏进行对比静态分析，探究权限使用之外的隐私与安全风险。分析遵循三阶段方法，包括：（i）设计研究方案；（ii）Android应用包（APK）收集与静态检测；（iii）数据分析。我们检查了面向儿童与大众移动游戏中的权限、清单级配置属性（如备份设置、明文网络流量和导出组件）以及嵌入的第三方软件开发工具包（SDK）生态系统。提取的指标被综合为定性隐私风险类别，以支持对比报告。结果显示，虽然面向儿童的游戏通常请求较少的权限，但它们经常表现出配置层面的风险，并嵌入了与大众游戏类似的第三方追踪SDK。架构与配置决策在塑造隐私风险方面起着关键作用，特别是针对儿童的应用。本研究对移动游戏中的隐私暴露进行了全面的静态评估，并为开发者、平台提供商和研究人员提供了可操作的见解，以改进移动应用中的隐私设计实践。