question

HitRock Games avatar image
HitRock Games asked

Can I use CloudScript generated GUID instead of Device ID?

DeviceID will be used only for guest accounts. After the player link the recoverable login:

  1. Unlink the DeviceID
  2. Generate GUID in CloudScript and saved to the Internal Player Data
  3. Link this GUID on the client and save the GUID in local storage as encrypted string (LinkAndroidDeviceID)
  4. Add a "log out on all devices" button in the game that will reset the GUID

I do not want to link DeviceID on Android devices because then another person can access the account (if the player sells their phone or temporarily grants access to their account). Players have reported similar cases.

GUID will be a permanent login token until reset. If the scammer somehow gets the GUID then he can use it to steal the account. With DeviceID the same problem. But the GUID can be reset if there are suspicions that someone is playing on your account.

Or is it best to use ONLY a recoverable login? For example, if a player has linked GooglePlay account, then unlink DeviceID and do not use LoginWithAndroidDeviceID?

Authenticationdataandroid
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
JayZuo avatar image
JayZuo answered

It depends on your requirement. It will be more secure if you only provide recoverable login. But LoginWithAndroidDeviceID gives players the convenience.

We'd recommed you always encourage the players to add at least one recoverable login method. And in your step 4, you should not only reset the GUID but also unlink it with UnlinkAndroidDeviceID.

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.