On my game all my player data are stored on server and when i need some data i call the server and it give me what i need . All this is called before and after the player is start the level.
But now i add some fonctionality during the game and i load data from server and store on playerpref just before the player start the level.
When the player click on button during the game i get data from playerpref and change it. And after the end of the level i send my data to server to update value.
But its not secure!!
I have only one way to secure this , i need when the player click on button during the level to call my server to change the data value, but the player need internet connction if no he will got error during the level.
How i can protect my data during the player is playing and keep the comfort of the player?
Try one of these or roll your own encryption. I haven’t used either of these so I can’t say how well they work, but that’s probably one of your better options. You could do other stuff in code to make sure that stuff makes sense. Like, if a player has 100 coins, and you go to add 10 coins but they suddenly had 1000 coins. But the end result is if you store data on a device where it can be accessed there is always a chance someone will hack it.
Usually I think the expectation is games with IAP will require a connection for parts like that. And then server calls are done to handle adding or removing coins, items, that sort of thing. But maybe certain things don’t require the internet because they can’t unbalance the game for that person. (music settings, restored energy to play more levels, etc)
Hi, Ty fo this answer, i use already stuff make sense for the number of gold and other things and thats work well.
I need to give you more infos , my player have 100 gold he buy 1 item on shop, this item will be used only during the game to regenate life of player. i can control the buy of the item on shop but i cant contol he use item during the level if i dont call server during the game to compare values, so the player can go on playerpref change the value to obtain 1 more item and use it again etc…
I can control before and after the game but he can cheat during the level.
I will look for this asset but im not sure it will secure correctly my data.
The only way i see is to send call to server when he use item during the level but it can be uncomfortable for the player.
If you have things setup correctly you shouldn’t have to worry about this too much.
But if you are not doing any sever validation and allowing the client to directly modify the data before sending back to the sever it’s not really any different than doing it all on the client and then you could have problems.
If the lifetime of the data is short why are you saving to player prefs? You should just keep it in memory.
I think player prefs has some disk footprint and the location is well known. Directly modifying in memory takes more effort than changing a file on disk.
If you lose connection and reconnect you should just get the data from the server again.
Obfuscating your data may help but if the are going to modify your memory they will probably decompile your program and can figure out the obfuscation algorithm.
An example is client tells server it did X action. Server says yes it’s possible. Adds 10 coins to your account. Sends update back to client with new coin count.
Client never can say add 10 coins (without reason that can be validated)
I just saw your post, we have a similar situation. During our gameplay we rely on the client. But we validate all the results at the end are within legitimate ranges for that level. We know coins, enemies etc.
And we can validate the results the client gives us. We then base our rewards on this data.
The time is also controlled. So maybe they can fake a perfect level. But they can only play one level every 4 minutes.
So they can not really get that far ahead. Then if you have another mechanic like energy, even if they cheat 5 levels until they use all their energy they have to wait for it to refill or buy some. But that is all controlled on the server.
We are not multiplayer so this works for us. If we were competitive multiplayer we would have to do more fine grained server validation through out the game.
So for your case you need to track things if it will really have problems. But you could validate at the end. Did they use 5 potions but only bought 1. Do they have enough gold for that many. Etc.