The indie status of Starsand Island has come under renewed scrutiny following an independent security disclosure. This article reports on allegations contained in an independent technical disclosure and does not present the claims as confirmed findings.
The report alleges the title may have contained potential security vulnerabilities while collecting player data for servers linked to Kingsoft/Seasun Games.
The report, published by independent researcher NattKh, provides a technical breakdown that appears to support corporate-link concerns first raised by The Phrasemaker in February. Despite being marketed as a cozy, offline experience, the disclosure characterizes the game as a corporate-backed product. It alleges the title may have utilized enterprise-grade telemetry without clear disclosure to consumers.
The Phrasemaker Investigation: A Timeline of Allegations
Our ongoing investigation into the project has documented a series of anomalies that remain unaddressed by the developers:
- Feb 12, 2026: We flagged what we described as a possible overpraise attack where thousands of suspicious, potentially AI-generated Steam reviews appeared within hours of launch. While the developers denied involvement, the source of the botting remains unknown.
- Feb 13, 2026: We published evidence regarding a potential Kingsoft/Seasun connection, uncovering that studio Seed Sparkle Lab was reportedly founded with investment from the multi-billion dollar conglomerate Kingsoft.
- Feb 15, 2026 Update: A formal inquiry was submitted to Renaissance PR requesting transparency.
Transparency: Renaissance PR’s Strategic Silence
Following our formal inquiry in February, the investigation reached a standstill. We were informed by Renaissance PR that a definitive response was pending due to the Lunar New Year holiday in China, which had temporarily closed the development offices.
While we initially withheld further reporting to allow the studio a professional window for a response, no such clarification was ever delivered.
Alleged Technical Proof of Corporate Ownership
The March 16 disclosure by NattKh introduces new evidence that has not been independently verified by the publishers. The researcher points to Canadian Trademark Registration #2413552, which reportedly lists the owner of Starsand Island as Zhuhai Kingsoft Digital Network Technology Co., Ltd.
The report also alleges that the game binary contains the channel ID pc_jinshan (Jinshan 金山 is the Chinese name for Kingsoft). These findings are alleged to indicate that the project, which raised $311,566 via Kickstarter as a budget-limited indie project, may have been operating on Seasun’s proprietary XGSDK framework, the same technology used in corporate titles like Snowbreak.
Note: While ‘Jinshan’ is the Chinese name for Kingsoft, the developers have not yet clarified if this identifier refers to the parent corporation or a shared technical framework used by multiple studios.
Full Technical Disclosure: https://gist.github.com/NattKh/d79c3035f03d49f0d8e3a8374350d098
Starsand Island: Allegations of a Silent Patch
The researcher identified what they described as critical vulnerabilities in the payment infrastructure, alleging that it may have accepted unauthenticated requests over unencrypted HTTP.
Following a reported private disclosure to Valve, the developers released Version 0.3.2721 on March 9. While official notes vaguely cited log file fixes, the audit maintains this may have been a silent patch. The researcher claims it effectively locked down the telemetry and payment endpoints originally flagged in February.
While The Phrasemaker has reviewed the technical breakdown provided by NattKh, we have not independently verified the binary code of the latest patch or the full scope of the claims described in the report.
Steam Community Discussion: https://steamcommunity.com/discussions/forum/7/797838226728655300
Editorial Disclaimer
The technical details regarding data telemetry, security vulnerabilities, and binary code mentioned in this report are based on independent third-party disclosures and community analysis. These claims have not been independently verified by The Phrasemaker at the time of publication.
At the time of publication, these claims remain allegations based on third-party technical analysis and should not be interpreted as confirmed findings regarding the developers or publishers involved.
Have you heard of Kimi Antonelli, The Youngest F1 Polesitter?