my game is having an online leaderboard and IAP for some item
if all data is stored locally, will most people cheat the score and IAP?
what is best option to secure my game?
Yes people will cheat. You can encrypt the data, but if you include the key within the client people can simply decompile the game and find out what it is, it takes only a couple minutes to decompile.
An online leaderboard is pretty basic, you can have the server verify input from clients.
usually a better solution is to integrate leaderboards with google+ or facebook so that players can compare among their friends instead of again an internet full of people that just submit broken scores
So where am i suppose to store the key?
if i store it on an online database, people still can decompile and get it.
why not use google play services, they have a leaderboard thing
Most people will not.
Some people will.
Just take the easy route and admin the leaderboard, it’s not worth doing anything more in most cases.
Is it an overkill to code the main logic and store the data in online server for an offline game just to prevent people from hacking my game?
Yes. It’s overkill. Start simple, just use “some solution” to post data to your leaderboard. If your best score in the game you have written is 42,000 and someone posts a score of 123million as their first score, then just delete their score, or set it back to 18. Or whatever. If your first title suffers greatly from high-score fraud, do something different next time.
^ This - Fail Faster, just get it out there, and improve later