Crossy Road uses Coins as virtual currency. As you collect them, you can spend them on unlocking potentially new characters. I just noticed that, on Android, you don’t have to be logged into Google Play Services.
Does anyone know how these coins are being tracked? They can’t be IAP because you don’t actually make a purchase to get them, and they don’t seem to use Google Play Services (Android version), since you don’t have to be logged in to collect them.
So, this tells me that coins are either tracked locally (encrypted? unencrypted?) or via a third-party server. I really hope it’s not a third-party server, because I don’t want to look into implementing a solution similar to that, or if possible, I’d be interested in an asset that does this.
They probably use something like Game Analytics to track how many coins are made availible, but they are probably also storing some kind of offline data that can later be reported back to a main server, if they are tracking all their coins. It’s not really that hard to implement even if you make the system yourself.
I guess I shouldn’t have used the word “tracked”. I’m really just wondering how this system can be implemented securely without having any contact with a server, or if there is a server involved. My initial thought is that it’s not being tracked on a server, because you can play the game completely offline, and you can still accrue coins. That means players collect coins offline. Then, if that’s the case, how do they prevent users from cheating whatever local file that stores the coin count into a large number to later spend on IAP?
you can make a state-machine keep track of everything and it will practically obfuscate it.
At least from what little bit I read of it. I might can’t use the word obfuscate. But it’s definitely more secure than a player-prefs. Perhaps check into Saving StateMachines
Interesting. Not sure how storing a state machine obfuscates it. And also, not sure what you mean by “everything”. I’d like to know more about what you mean.
They are probably storing the actual save data as some kind of encrypted file on the device itself, look into the C# encryption libraries or platform specific plugins to handle encryption using their native libraries.
Of course the encryption method will only be valid as long as users can’t decrypt them.
Simply put, you cannot. You can make it difficult, but hackers are always one step ahead.
Even big games like Injustice have hack for virtual currencies. The more the game is popular the more it will attract people who want to cheat.
Use some simple protection mechanism(like encryption) and don’t bother. If, and only if, the game get hugely successful you can rewrite the protection with a stronger one if you feel the need.
Well when I say everything, you have to tell it everything you want to save. Which is partly why I never really looked into it much yet, haven’t worked on anything important enough lol.
@GMM@00christian00 I guess those are the answers I was looking for, as well as expecting. Crossy Road having been out for quite a while, and being so popular, I would’ve thought that a more secure system would be in place. But either people aren’t interested in hacking whatever local file contains the coin count, or they are interested and successful, but it’s a very negligible sized group that does it, and/or the majority of the user base doesn’t care or doesn’t know how to.
What would actually happen if a player did hack their coin count? Would they be able to affect the play experience of any other player, or get something for free that they’d usually have to pay real money for?
If not - why worry about it? All such a player has managed to do is to cheat themselves out of a feeling of accomplishment for unlocking the content the ‘proper’ way (but maybe they care more about actually having the content than the achievement of unlocking it anyway).
The answer to this should be yes to anyone developing a free game, otherwise your are doing it really wrong.
And even if it wouldn’t, they are not just hurting themselves but also you, as even as a non paying customer if they are allowed infinite coins they will get tired fast and thus leaving the game, leaving you without a chance to monetize him through other means as advertising or even word of mouth( a non paying user that still play can bring new and paying users to your game, if he drop it I doubt he will).
So in the end if the monetization is done properly it will hurt you anyway, but you cannot do much to avoid it.
I remember reading an article, can’t remember where, about Amazon Underground(where all the apps are free and they pay the developer for the time spent on the app) where somebody put free to play games and put all the iap items for free.
The game got boring fast.
In crossy road it’s technically possible to accumulate enough coins to get all of the coin items without spending a cent. And the super premium items can’t be brought with coins, only cash. So the dev may loose some sales of coins, but it strikes me that the player who will hack a game in the Apple environment wasn’t going to spend much anyway.
People can put through fake orders anyway. I’ve seen it in Hardkour. After a purchase is completed successfully it will create a record of the transaction in my db, and I have a number of obviously fake orders in there with incorrect order numbers. I can reverse it if I want, and I was doing it, but now I don’t bother.