koobas.hobune.stream
Player Pref Security - iOS
I want to know about if we store data in iPhone via Player Pref, then its how much secure? Because I want to store important data.
Based on high score, I want to give real prices to game player so its definitely chances of data manipulation (hacking) via any other manner. So I want to restrict this and in play store I have noticed that game players has hacked leaderboard entries.
So for securing data, any kind of encryption, shall I need to use? or juts its apple so I don't need to do anything....
I found this plugin for encryption and description. Its really easy to use as well...
For this suggestion thanks to @Luke-Houlihan
But based on given key, they are doing encryption. So definitely key finding is really tougher within code,
what is your suggestion?
Doing encryption, I hope is better than just storing data using PlayerPref.
Sure, it's more secure than no encryption: but you are leaving the potential hacker a copy of the file to hack-away at. Once they figure out the encryption and keys, and post it online; so vanishes any security you may have had from the encryption. You have my suggestion as an answer: store the data online, with limited, user authenticated access to read non-user data, and write only player-specific data. You CAN use public-key-encryption for this because, the private-key can be changed on the server at anytime, and you can block users that fail to authenticate or otherwise appears to be attempting to hack the system. I would even take it step further, and perform all calculations that would say.. change the number of dollars in a users account, be performed on the server, rather than having the PC tell the server "how many dollars in this account".
Encrypted is more secure than non-encrypted(plain) though. :)
If the file is stored on their own computer (as PlayerPrefs are), I can guarantee that if enough people want to, they will (eventually) hack into the PlayerPrefs settings.
This might not matter so much for single-player games, but when you start introducing in-game purchases, and/or multiplayer, this is when it becomes an issue. Usually this information would instead be stored online, with limited accessed only through secure and user-specific authentication.
