When you develop your own game, you want to show it to players the way it was intended. But the more popular your game is, the more it will attract cheaters. There are many different reasons why outsiders might try to modify your game and illegally use your distribution and monetization capabilities. A small portion of them may seem harmless, but the other half can have a very negative impact on your online player community.
For example, a program such as creehack has a lot of advantages for the attackers, but it can cause a lot of damage to the creators, so developers are often looking for a way to protect their game from such programs.
Every game founder looks for his or her own way to protect themselves from Internet intruders. Unfortunately, there is no perfect plan for absolute security, but we can recommend a few rules and Google Play services that can help with your overall strategy.
The most basic rules are:
● be honest;
● manually do integrity checks on the server;
● also do automatic integrity checks on the client side;
● be fair;
● take care of security.
Internet attacks often come from untrusted resources, such as modified APKs, emulators, and hacked devices. They may be harmless on their own, but when you discover them on your device, you can decide how your game will react to them.
Google Play provides APIs for online games. They can help you better find similar situations, in order to choose the right actions.
Do a manual integrity check on the server
This operation is beneficial because the Google Play license gives you a guarantee that the player is using your unmodified binary, as well as the SafetyNet attestation, which allows you to know the state of the device where your binary is running.
These checks are great for online games that are server-driven and relate to key points in your game, such as game startup, login, player picks, and so on. Doing client-side checks without linking them to specific moments makes them unprotected for online cheater removal.
It is best to integrate checks in this way:
● generating a one-time number;
● requesting a response;
● receiving the response;
● transmitting the response;
● response evaluation.
Automatic client-side checks
These checks are not suitable for all games. Some games may be designed to work offline, such as paid or single-player games.
For games that are registered for automatic integrity protection, Google Play does license and protection checks against unauthorized entry to your game. The only requirement is that the game must be published using the Android App Bundle. The plus side of this kind of protection is that it will improve and change over time, and no effort is needed on your part.
Need to be fair
Gaming apps that have shopping inside have a balanced, fair economy that provides the best overall experience of the game, favorably affecting your business growth. Internet scammers can manipulate purchases to be better than other players or to get monetary gain. Such scams are detrimental to your business and other players. Google Play Billing has tools that can be embedded in the game app to make it easier for Google to spot the scammers.
Take care of security
Secure Android development is a very important topic, especially for game app creators. Attackers can do irreparable damage if they find out about your game’s weak security. A game vulnerability can put players at risk, and you could face penalties from the relevant authorities. To avoid this, we recommend using security best practices. Try to be careful when dealing with data, permissions or network traffic.