1) I've been saving them to the ini and sadly it can be hacked relatively easily, but that said the vast majority of people don't as it hasn't affected my game much from what I can tell.
2) I use coins and have had no issues
3) No clue
1) I've been saving them to the ini and sadly it can be hacked relatively easily, but that said the vast majority of people don't as it hasn't affected my game much from what I can tell.
2) I use coins and have had no issues
3) No clue
Ok, thanks.
1. An INI is a text file, so I guess if you have access to the file (on a jailbroken device), it can be fairly modified
2. No idea
3. It should work (never tested), I do not see any specific reason for it not to
To protect your ini data you could generate a random key at the beginning that follows some sort of rules, or have a list of pregenerated keys that it checks when it starts up.
Then use that key and a salt to hash the data (like number of coins) and then check the values at the start of the app.
This would prevent users from just setting their own values for coins and unlockables, but it wouldn't stop them from just copying the data file from another user that has purchased everything.
Also this wouldn't protect against memory modification, but it should stop script kiddies.
If there was a way to retrieve a unique ID from the iOS device that could help with security, but at the end of the day if someone wants to "steal" your virtual items bad enough they'll find a way.
I often worry about people messing with the INI through iPhone explorer on Mac, since you can edit parts of apps in there. Remember how people "unlocked" the unfinished iPad support in the Facebook app by editing the info.plist? It would be like that. Again though, pirates gonna pirate...
Someone will most certainly mess with your ini if it's there. If you have a way to detect when that happens you could just shut off online features like highscores.
I tend to just obfuscate things in the INI so it's not easily understood. Like "Unlocked true version = 0" would be easy for somebody to mess with but simple things like 36=0 or whatever, not so much. I think for protecting IAPs though .arr array files with numbered entries, much harder for a person to understand.
All someone would have to do is copy the save file from someone who bought everything, and you have yourself a crack.
I'm not really worried about it though. If the device is jailbroken then they prolly pirated the app too, and they're unlikely to purchase it to begin with.
I would however protect the online scores. It's a pain to have hacked scores because that discourages other players to try.
Even moreso if your game has online multiplayer.
You could do some simple math to make the coin counts look weird, and if the math doesn't give a true result such as someone randomly changed the string to several numbers you could give a coin error message, but somehow, somewhere, a valid buyer will get pissed off because of a rare glitch or something.
Apple's guidelines actually allow the use of intermediary currencies so long as they're used within the app that they're purchased in.Originally Posted by MJK
11.4 Apps that use IAP to purchase credits or other currencies must consume those credits within the application
Posting Permissions
