Nothing is secure, it is not your computer, it is the user’s computer. If it must be secure, store it on your own server and have the user connect to download it. Anything else is a waste of your time.
It only takes one 12-year-old in Finland to write a script to read/write your game files and everybody else can now use that script. Most likely nobody will care enough about your game to bother, so you’re safe.
PlayerPrefs is good for a few small bits of info. On many platforms (Windows) it is stored in the registry hive, so big data in there is bad.
Here’s an example of simple persistent loading/saving values using PlayerPrefs:
https://gist.github.com/kurtdekker/01da815d2dfd336a925ae38019c3a163
Useful for a relatively small number of simple values.
This is always best. Most of your time will be spent debugging your own load/save code, which is HARD to get right. Don’t make it harder on yourself by trying to obfuscate things. JSON can be edited in any text editor, making it super-easy to work with.
Beyond that, here are basic Load/Save steps:
https://discussions.unity.com/t/799896/4
Don’t use the binary formatter/serializer: it is insecure, it cannot be made secure, and it makes debugging very difficult, plus it actually will NOT prevent people from modifying your save data on their computers.
When loading, you can never re-create a MonoBehaviour or ScriptableObject instance directly from JSON. The reason is they are hybrid C# and native engine objects, and when the JSON package calls new
to make one, it cannot make the native engine portion of the object.
Instead you must first create the MonoBehaviour using AddComponent() on a GameObject instance, or use ScriptableObject.CreateInstance() to make your SO, then use the appropriate JSON “populate object” call to fill in its public fields.