• Products
  • Solutions
  • Made with Unity
  • Learning
  • Support & Services
  • Community
  • Asset Store
  • Get Unity

UNITY ACCOUNT

You need a Unity Account to shop in the Online and Asset Stores, participate in the Unity Community and manage your license portfolio. Login Create account
  • Blog
  • Forums
  • Answers
  • Evangelists
  • User Groups
  • Beta Program
  • Advisory Panel

Navigation

  • Home
  • Products
  • Solutions
  • Made with Unity
  • Learning
  • Support & Services
  • Community
    • Blog
    • Forums
    • Answers
    • Evangelists
    • User Groups
    • Beta Program
    • Advisory Panel

Unity account

You need a Unity Account to shop in the Online and Asset Stores, participate in the Unity Community and manage your license portfolio. Login Create account

Language

  • Chinese
  • Spanish
  • Japanese
  • Korean
  • Portuguese
  • Ask a question
  • Spaces
    • Default
    • Help Room
    • META
    • Moderators
    • Topics
    • Questions
    • Users
    • Badges
  • Home /
avatar image
0
Question by vTrotta · Apr 19, 2016 at 04:54 AM · networksecurityos

Authenticating a user to a server using a UserId stored in PlayerPrefs

Every question about PlayerPrefs security seems to revolve around securing offline game saves and making them harder to temper with.

My question is different as I have an authoritative server. However, I'm struggling with a way to authenticate users as safely and seemlesly as possible, I'm now thinking of storing a custom auto generated and unique UserId in PlayerPref. The user would than be able to copy it manually into other devices that would then also be able to use the same user account by storing the ID in their own PlayerPrefs.

My questions about PlayerPrefs secure-ness then are:
1. Can a malicious app be able to get access to the PlayerPrefs of another app?
2. Or just, somehow, access them remotely?
3. Are PlayerPrefs somehow accessible to a determined hacker on a locked device (assuming he doesn't know the passcode)?
5. And on PlayerPrefs handling by android and iOS: Are PlayerPrefs wiped for whatever reasons on a device? When the app update? When the OS is updated? Randomly?
6. Am I overthinking this?

Comment
Add comment · Show 1
10 |3000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image vTrotta · Apr 29, 2016 at 12:52 PM 0
Share

I'd really like some of your ideas on this subject.

1 Reply

· Add your reply
  • Sort: 
avatar image
1

Answer by Piflik · Apr 29, 2016 at 01:38 PM

First advice: Don't persistently store login information on the device.

I can answer your 5th point: PlayerPrefs (at least on Android) are wiped, when the appis uninstalled. They persist through updates. And to Question 3: Any information is accessible to a determined hacker.

Why not use the Google/iTunes account for identification?

Comment
Add comment · Show 2 · Share
10 |3000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image vTrotta · Apr 29, 2016 at 01:57 PM 0
Share

Thanks for the advices! At this moment, I'm actually using GameCenter/GooglePlay to authenticate user. The thing is, it add a step in the logging process that can be quite long, especially for Game Center apparently. I'd like to speed things up by doing the login entirely between my server and the client.

avatar image vTrotta · Apr 29, 2016 at 02:30 PM 0
Share

I'd like to identify them with GooglePlay/GameCenter/Facebook or whatever, only on the first connection from a device.

Your answer

Hint: You can notify a user about this post by typing @username

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Welcome to Unity Answers

The best place to ask and answer questions about development with Unity.

To help users navigate the site we have posted a site navigation guide.

If you are a new user to Unity Answers, check out our FAQ for more information.

Make sure to check out our Knowledge Base for commonly asked Unity questions.

If you are a moderator, see our Moderator Guidelines page.

We are making improvements to UA, see the list of changes.

Follow this Question

Answers Answers and Comments

4 People are following this question.

avatar image avatar image avatar image avatar image

Related Questions

Does NetworkServer and Network.InitializeSecurity() 0 Answers

Prevent players from using Network.Destroy() 3 Answers

Network.Instantiate and the Trusted Client problem 0 Answers

Regarding Network Instantiate & Destroy 1 Answer

You may not be connected when initializing security layer. 1 Answer

  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Spaces
  • Default
  • Help Room
  • META
  • Moderators
  • Explore
  • Topics
  • Questions
  • Users
  • Badges