Some of the scoreboards have been receiving fake score submissions. Here is an example:
The same thing happened to a game I’ve made. Is there a way to protect one self from fake submissions and is there a way of moderating the scoreboards?
The most simple (and popular?) way users fake high scores is by using root access to edit saved data.
Few simple steps you can take in order to make it harder:
- Don’t hold the score as is in the memory or on saved state. For example multiple/divide by a factor & add a constant. Even better option is to implement an encrypted shared preference.
- Add a check-sum to the structure holding the score (CRC32, MD5).
- Validate the score to check no one played with it when loading from saved state or reading/writing in the memory.
- Use ProGaurd to obfuscate your code. If you’re making money use DexGuard which is much stronger and will also make software piracy harder.
Two techniques I would recommend…
- Add a maximum and minimum value to your leaderboard in the Developer Console. If you have a leaderboard for total stars and there are only 180 stars in the game, set 180 as the maximum value. That will ensure cheaters don’t end up adding these fake looking scores.
- Check out the players.hide() call. This will hide a player and all of his/her scores from the public leaderboard so that nobody else can see them. Please note this REST call is not built into the mobile libraries; you’ll need to create your own mini web app (or make curl calls directly) to use this call.