I am currently considering different measure of saving variables in my game, and playerprefs looks like a really easy and secure method of saving, but before I delve into using it I want to make sure that it’s not all too good to be true. My first question is how credible is the data saved by playerprefs? Is it possible that someone who plays my game can easily go and modify value to help themselves cheat? Is the data encrypted or well hidden enough that the effort would be too much for the average computer user or gamer? Is the data “permanent”? will it be there if your computer restarts, or if my game closes. Next I am curious about the advantages and disadvantages to playerprefs. Is it slow? Is it bulky?
The PlayerPrefs (short for Player Preferences where player refers to the UnityPlayer) are just a way to store any data on the clients machine. The main goal is to provide a solution that works on all platforms (web / standalone / mobile / …). The implementation varies and it is generally not considered as “safe”. As the name suggests it’s primarily ment for storing preferences like player name, volume settings, quality settings, … However it can be used for any kind of data.
The PlayerPrefs are not encrypted or protected against modifications. Actually it’s impossible to make something “safe” when it is stored and processed on a client. You should ask yourself what level of security you need and how you actually measure it
Just some hints: Standalone and webbuilds can be quite easily decompiled, so almost any encryption you implement on the client can be broken. On mobile it’s a bit more difficult, but if on Android with a rooted device nothing is impossible.
To prevent 90% of all scriptkiddy attacks you could save a hash value along with the actual data. This would make simple editing a bit difficult. If you have any real sensitive data, store it on a server.