Any way to store sensitive data on mobile devices

Get help using Construct 2

Post » Tue Feb 25, 2014 3:32 pm

Hi!

I'm desperately searching for a way to store sensitive data on mobile devices. Since the local storage could be manipulated by the user, this is no option for me.
Of course I could save the data on a server, but I want some parts of my game be player offline as well.
Are there any suggestions, ways how data could be saved on my device securely?
No matter if implemented or not to construct, if there's a technique I'll find a way to write a plugin.
B
5
Posts: 13
Reputation: 849

Post » Tue Feb 25, 2014 4:05 pm

Hi!. Even when I am no expert in the topic of information security, my suggestion would be that more than trying to find a tecnology or workaround with construct to be able to perform this, try to model all that data so your can keep your sensitive data in the place it should be (a secured server, or a well defined backend server-side programmed construct) and all the data needed to play (wheter it is offline or online) withind your game application. If that is an unacceptable answer I would suggest to try and create a temporal model of information and security mechanism so that the user could manipulate data while playing offline but when the app comes back online it would try and verify information against a server and validate wether the urser could update that data on the server side.
B
10
S
3
Posts: 75
Reputation: 864

Post » Tue Feb 25, 2014 7:17 pm

It all boils down to .. How seriously you want to take the security? Are we talking about game scores, save files, banking info or something really seriously secret?

For high scores and game saves, it's not worth to spend a lot time and effort. Perhaps use some encryption (with hidden keys) and that's it.

For serious stuff, you are more or less helpless since the platforms these days aren't secure enough to provide trustworthy environments for applications.
B
16
S
4
G
2
Posts: 233
Reputation: 2,560

Post » Tue Feb 25, 2014 7:44 pm

It's like anything else if they want in they will get in... Locks help keep honest persons honest.

Having said that if you are thinking of selling assets based upon credits or cash etc... perhaps you can encrypt some of your variables so as not to be easily deciphered preventing users from sharing and or stealing assets... As was mentioned before I would back up user data on server side as well to verify tampering.

Good luck!
B
28
S
5
G
2
Posts: 76
Reputation: 3,085

Post » Tue Feb 25, 2014 10:01 pm

Have a look at the CB Hash plugin https://www.scirra.com/forum/viewtopic.php?t=62215&start=0. You can save your data alongside a security md5 - if either are tampered with then they won't match and you can choose to reject the saved data.
B
73
S
19
G
66
Posts: 2,198
Reputation: 42,193

Post » Wed Feb 26, 2014 7:06 am

I just don't want people to manipulate data offline and then play against other people online. Since there is PVP in my game, this wouldnt be fair for my other customers. (And probably my honest, paying customers will stop playing).
Even when I use Hash technology the user will have access to it and would be able to decrypt the data :(
But thanks for all your answers and ideas!
B
5
Posts: 13
Reputation: 849

Post » Wed Feb 26, 2014 7:23 am

I don't know the type of game, but I have a suggestion.
If the player plays some levels or a story mode offline, he can find items and so on.
He can use them in the online mode. The ingame money is saved on a server. The items he can find in the offline mode aren't good and he have to upgrade them in the online mode to make them better.
The player only can get ingame money in the online mode.
This would be my suggestion.
It isn't a really good idea, but I hope I could help you.
B
4
G
1
Posts: 25
Reputation: 373

Post » Wed Feb 26, 2014 9:46 am

@EliasGames: That's a nice idea and I already thought about this. But even when I just can get the "good" items online, I have to save them on my device to make them accessible offline.
B
5
Posts: 13
Reputation: 849

Post » Wed Feb 26, 2014 9:50 am

@Nimmermehr7,

You'll never stop cheating.

But using your online save setup senario, when they come online to play, check if online = offline stats (the ones you don't want them changing offline, and if it doesn't match ban them, tell them they cheating ;)
B
65
S
16
G
9
Posts: 1,429
Reputation: 12,708

Post » Wed Feb 26, 2014 10:29 am

@Nimmermehr7

It's hard to stop cheating. A few weeks ago I wanted to make a online game and at the moment I'm only waiting for the multiplayer update. I didn't think about cheating. The problem is: If you'r game is downloaded really often, then someone releases a cheat app for it.
If you have a server, then you can see if someone didn't play often or didn't win much matches online, but have great items, you could kick him then.
And I think that the most won't cheat if there isn't any cheat app for your game.
I haven't any other suggestion, so the onliest thing I can do is to wish you good luck to find a way, that no one can cheat in your game.
I'm sorry :(
B
4
G
1
Posts: 25
Reputation: 373


Return to How do I....?

Who is online

Users browsing this forum: el3um4s and 8 guests