Hello people. I am currently developing an Android game, and I have an issue about Application.persistentDataPath.
I built a save system for my game, and the file is being saved using Application.persistentDataPath.
The problem is that Application.persistentDataPath refers to Internal SD Storage in Android devices. That’s not the way I’m looking for saving the player progress, because it’s easy to access and share between players. I need to change the path do data/data, to make it more difficult to access (only root users can do it).
Can I manually specify the path to “data/data/com.mycompany.mygame/files”? Or is there any way to do it automatically, with or without Application.persistentDataPath? (Not using PlayerPrefs, because it’s not safe for player progression).
Thanks for now and I hope someone can lead me to a solution.
Although, i would suggest trying some other methods to discourage these files from being shared and reused.
e.g. you may be better off trying to make it harder to load the saved data, instead of just trying to hide where it lives.
One such strategy could be to use a basic 2 way encryption on your save files.
For the private key, you could use something unique or device specific, salt it and/or mix it with a secret in your binary code.
deviceName The user defined name of the device (Read Only).
deviceType Returns the kind of device the application is running on (Read Only).
deviceUniqueIdentifier A unique device identifier. It is guaranteed to be unique for every device (Read Only).
Grab any of those as the app launches, and encrypt your save file using a combo of them (plus some secret string/GUID in your app too, perhaps?)
When loading a save game file, update your code to decrypt the save game file using those values.
Its not fool proof, but it makes it a lot harder for someone to just share files and reuse them. Especially if you combine it with a secret string or randomly generated GUID in your binary! (The idea here is obfuscation - you are making it harder to break, but not impossible).
Ultimately, anything stored client side can never be assumed secure or reliable - if you need a bullet proof solution, you will need to save progress server side, ask users to create accounts with passwords, use one way hashing (e.g. Bcrypt or something similar) and store those credentials etc. etc.