So I'm planning to have a virtual currency in my game. You can of course use this to purchase in-game items and what not. The user will also be able to purchase more of this virtual currency using real world money through PlayFab.
My question comes when the user is offline. Obviously they won't be able to purchase anything through PlayFab but they will still need to have access to their virtual currency when playing the game. My thoughts were something along the lines of..
When online
- Use PlayFab to securely initiate an increase and decrease in currency.
- Locally keep a 'lastValidCurrency' that is only updated by PlayFab directly when online.
When offline
- Use the 'lastValidCurrency' value when offline.
- Once the user is online again, we check 'lastValidCurrency' against the server value returned by PlayFab. If the currency doesn't match then we update 'lastValidCurrency' to the server value.
Obviously this will work for the most part, but a determined cheater will disconnect his internet, change the money value, purchase the items he wants, then reconnect to the internet. His money will rollback but he gets to keep everything he purchased.
How would I go about defeating something like this?
,Hi, I'm interested in integrating my game with PlayFab and had a couple questions about how things are done and also some practicality questions.
So I will start with my general question first.
- I am a developer that solely owns my studio by myself and I develop games by myself on single user licenses and the PlayFab Essentials plan looks like a good starter plan. So let's say my game starts to gain traction. At what user point (mau) will I need to upgrade my plan?
And now some case use questions.
- My game currently has a problem with people cheating virtual currency and items because everything is stored locally. I've tried encrypting my files but this only goes so far since the game key has to be stored in the game code which is accessible to anyone with reverse engineering knowledge. So what I want to do is store everything in the cloud (on PlayFab) and only be able to update the values securely at intervals when playing. So onto my actual question, is PlayFab good at handling something like this? I would be storing a virtual currency, items, and other things of value which can be purchased on a secure storefront or earned from in-game activities.
- I was reading the documentation and it seems PlayFab has a ticket based authentication kind of system correct? Is this ticket completely secure? Meaning can I safely use this ticket as a means of verifying game content or is there a high possibility a ticket can be faked?
- I guess this is kind of a sub-question to the question above but can I use PlayFab to also authenticate a user and allow them to play on a game server or should I stick to something like using Steam's Authentication Tickets? Obviously pirate's exist and if they are allowed to access my game's online servers by getting past the system then it would be a problem.
- This is kind of a weird one but, I was looking in the documentation about receipt validation and I only see references to Google Play and IOS. Does receipt valiation only work with these platforms or can we use them for other IAPs?