0

Well I am using Google Play service and I have a leaderboard. I am putting highscores from SharedPreferences. Is this safe to prevent changing highscores from external?

I am publishing highscores like this:

        SharedPreferences SP= mContext.getSharedPreferences(
            "com.example", Context.MODE_PRIVATE);

    String HighScore= (SP.getLong("highscore", 0));

And updating leaderboard on google play service:

    Games.Leaderboards.submitScore(getApiClient(),
            getString(R.string.leaderboard_example),
            HighScore);
mehmet
  • 1,558
  • 5
  • 30
  • 41
  • 1
    Honestly, it's dangerous since rooted phone can access and modify internal data (including `SharedPreferences`). However, you can make it safer by submitting *only* latest score while saving the high score with `SharedPreferences` for local/offline purpose. – Andrew T. Mar 24 '14 at 09:17
  • What do you think about JSON? is that safe – mehmet Apr 04 '14 at 06:37
  • 1
    You meant saving JSON inside `SharedPreferences`? Depends on the format. If it's in plain text, it's still not safe for the same reason. If the highscore is encrypted, it's at least a bit safer (still, if someone can figure it out the encryption, then you're doomed) – Andrew T. Apr 04 '14 at 06:43
  • Well actually I have no idea about how to make encrypt can you show me example about that – mehmet Apr 04 '14 at 06:51
  • 1
    You can search many tutorials for that. [Here](http://iamvijayakumar.blogspot.sg/2013/10/android-example-for-encrypt-and-decrypt.html) is one of the example that I found. – Andrew T. Apr 04 '14 at 06:56

1 Answers1

1

You can use this approach, just add the encryption over the data. simplest is make the string to Base64. Or strong way would be AES or any other you want and than save that into the Shared prefrences.

Its a little overhead on App but security aspect is covered which fulfills the gap. If you want can add code of Baase64 & AES here.

Appoorva Faldu
  • 344
  • 4
  • 17
  • 1
    base64 looking pretty good I have seen a good example here [link](http://stackoverflow.com/questions/7360403/base-64-encode-and-decode-example-code) thanks! – mehmet Apr 04 '14 at 07:21
  • Yeah guest is right (OMG! where is the guest comment) I have understand from [here](http://www.danielmiessler.com/study/encoding_encryption_hashing/) well encoding isnt safe? – mehmet Apr 04 '14 at 07:26
  • 1
    @mehmet & Guest - Basically suggesting the Base64 only reason is that data should not be plan while you are storing it. So if we goes in something like AES its useless overhead on the App, which is not needed. Such case is when you have very very imp data. In this scenario i guess even encoding might work. – Appoorva Faldu Apr 04 '14 at 07:32