question

brendan avatar image
brendan asked

Playfab role in Piracy Prevention

quirkster
started a topic on Fri, 01 May 2015 at 3:55 PM

I know piracy prevention is a complex topic with no bullet-proof solution, but I was hoping there might be some simple best practices and ways to use Playfab to provide some basic forms of prevention.

For example, requiring a valid sign-in before exposing gameplay is a start. What would be better is limiting new registrations to players that are validated somehow against the services/platforms they are using (e.g., iTunes, Google Play). I have no idea how to do that on iOS, but Google looks to have offered something if you also enable Google Play Services.

Anti-piracy - Google Play Game Services ? Google ...

And I also wonder if it would be possible to use the following Playfab APIs

ValidateGooglePlayPurchase

ValidateIOSReceipt

...to set up some free/ghost items to simply get a validation response that could be used as a proxy for a validated user.

This is a completely foreign topic to me, so would appreciate any experiences of best practices folks have to share.

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

brendan avatar image
brendan answered

Best Answer
Brendan Vanous said on Mon, 04 May 2015 at 1:15 AM

Specific to piracy prevention, you are correct that there are a number of approaches. If your game has an up-front cost, one way to manage this is with an Activation Code, so that a single copy of the game can only ever be "owned" by one individual. While we don't offer that as part of our public API set yet, that is something we have built in the past for other titles. If this is critical to your game, please reach out to us at devrel@playfab.com to discuss.

The two receipt validation API calls you mentioned are perfect for making sure that in-game purchases are legitimate, which makes them ideal for games on iTunes and Google Play. They're not as well-suited to validating game ownership however, as a zero-cost item purchase such as you mention could easily be triggered by a hacked client. Your best bet for prevention of both piracy and cheating is to have server-authoritative logic which performs the validation, in each case.

Additional piracy prevention measures, such as use of the Google Play Game Service Anti-Piracy check are, of course, also recommended if your shipping platform is a match for the tech in question. For multi-platform paid titles, other means are required to ensure consistency across all shipping devices, In those cases, it's recommended that developers work with us via the devrel@playfab.com alias, in order to determine the best route.

Brendan


1 Comment
Brendan Vanous said on Mon, 04 May 2015 at 1:15 AM

Specific to piracy prevention, you are correct that there are a number of approaches. If your game has an up-front cost, one way to manage this is with an Activation Code, so that a single copy of the game can only ever be "owned" by one individual. While we don't offer that as part of our public API set yet, that is something we have built in the past for other titles. If this is critical to your game, please reach out to us at devrel@playfab.com to discuss.

The two receipt validation API calls you mentioned are perfect for making sure that in-game purchases are legitimate, which makes them ideal for games on iTunes and Google Play. They're not as well-suited to validating game ownership however, as a zero-cost item purchase such as you mention could easily be triggered by a hacked client. Your best bet for prevention of both piracy and cheating is to have server-authoritative logic which performs the validation, in each case.

Additional piracy prevention measures, such as use of the Google Play Game Service Anti-Piracy check are, of course, also recommended if your shipping platform is a match for the tech in question. For multi-platform paid titles, other means are required to ensure consistency across all shipping devices, In those cases, it's recommended that developers work with us via the devrel@playfab.com alias, in order to determine the best route.

Brendan

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Jonas Johnsson avatar image
Jonas Johnsson answered

is ValidateGooglePlayPurchase or ValidateIOSReceipt can recognize if the receipt have been used,
like non-consumable IAP in itunes,

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

brendan avatar image
brendan answered

Yes, we do check for previously used receipts as part of receipt validation/verification, to ensure people can't use replay attacks on your titles.

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.