I am a bit confused about the titleID and client calls. What if a "hacker" writes his own java/android code that creates a user in my game (by using my titleID) and then uses an API call like AddUserVirtualCurrency to give himself lots of currency. Then, won't he be able to login into MY app with that user (since the user was added to the database) and use the currency he gave to himself?
Thanks to the team behind Playfab for this platform.