koobas.hobune.stream
Will users be able to access public variables in any way on android?
Hey everyone of the Unity community, I've been looking around here and the web, but I haven't been able to find much information on the subject, I know that android allows your files to not be accessible except by the game itself, however I myself know that these measures don't always keep players/users of games out of the internal files. My question really is if I were to make a public static variable that could be purchased, would there be anyway of a user getting access to said variables/files? I have read up on serialized fields and setters and getters and what not, I'm just wondering what the standard approach to this is? I am almost finished with the dev. stage of my game and would like to get a little more knowledge on the matter. I was working with PHP and PDO and learnt a lot about SQL's security gaps and now it concerns me a little that maybe the rest of my application is not as tight as I would like it to be. Any information at all on the subject would be greatly appreciated as well as methods to ensure the overall security of the applications inner workings and how we would prevent people from being able to modify say.. public static int player_level for example, I did a crash course of C# over the course of 4 months and php for 11 days, so I would not say I am an expert in the matter at all. Thank you for reading this and hopefully helping me with these concerns of mine, as I am an avid gamer myself and would like to help propel the industry to higher standards one day. as a side note, I have heard about json and various other types of datatypes (I'm not even sure if this is the correct terminology) and haven't read up on it much as I have been focusing on beefing out my game for the most part of this journey. I forgot to mention that I do realise serialized fields apply to private variables, and allowing access to them through the editor. I will be obfuscating, and I don't feel I have the knowledge to make a fully authoritative Server to handle all data requests, and would also like my game to be able to be played outside of the internet (I do have high scores though and will be working on dateTimes on the server)
I wish you added your comment to the answers, as it really did answer my question Fafase! ^^
Turned it into an answer for you.
In essence, if you have a single-player game, you let your players cheat. It's not like you're losing anything on it. If you're working with a SP game that's got free parts and the user has to pay before they unlock the rest, don't let the user download the paid parts before they actually have paid for the parts.
If you're working with an online game, have the values rest on the server - things like how much the user has of a certain resource or whatever.
thank you for the extra clarification and movement Baste :) keep up the good work ^^ may the launch day that never comes be a little closer now.
public variables in your file doe snot mean public like read/write on your device. If a user deconstruct your app (there are tools that do so) he will also have access to your private variables...most likely as assembly language but still.
The way users hack your app is not based on the access modifier (private, public protected internal). They run an app that reads all values on your ram and report the ones matching. For instance you have a score a 100, you enter 100 on the app and it returns that it found x locations with that value. Then you kill an enemy and now your score is 150. the app will look at all the values that were 100 and are now 150, there will probably only be one and that is your score in the ram. Now the app knows the address and you can give any value.
There is no way to prevent that, just ways to make it harder using encryption. If your game is stored on server, like most F2P (what a pain...) then you track users with unusual behaviours, like +100 000 in one day when average is 10 000, or a sudden 5000 gems but no IAP.
Thank you very much for the insight, it certainly clears up a lot of concern I was having, SQL syntax made me worry too much haha. So really the best way is to just either add as many blankets as possible and/or implement a strategy to be able to deter$$anonymous$$e whether or not users achieved "unmanageable" values within the games constraints then, hey? I thank you for the quick response, and I may continue my happy (and sometimes stressfull, especially when it comes to php->pdo) dev'ing. And yea, reading into storing the game server side didn't sound too appetizing to me, a lot more work but understandable depending on the type of game being produced, I will be working with that in a later project, but for now I have chosen a "simple" project, being the only dev of this indie $$anonymous$$m. Thank you fafase and I hope this can help anyone who has questions about this subject as well.
