Hello everyone!
I am intending to publish a game on the google play store in which, among other things, the game saves the user’s credits which he can use to purchase items in the game like boosters, etc. In addition to earning credits through gameplay, I will also allow players to purchase credits as an in-app purchase.
My question is, is it ok to save the user’s credits to his device (which I assume he could just plug his phone into a computer, navigate to the user save data and give himself more credits for free), or should I try to use a plug-in to save the data to the player’s google account? Maybe there’s a standard procedure for this that I am not aware of or maybe it’s a non-issue?
Thank you!
If you want to monetize your game through IAP or just prevent cheating of the in-game currency, you need to store that data in a back end database with encrypted transactions, using TLS at the very least.
Everything you store client side can be cheated.
You could save the value on the client’s phone and just check its presence or not (bloom filter, etc.) in your DB. But the server is the authority, period.
As far as monetizing or cheating is concerned, the only way to be safe is to have a server and database you control and manage, using standard secure transactions to retrieve the data.
Hope that helps,
Cheers!
N.