Because I tripped over the missing SSL implementation with the lua.sockets I remembered some other concern I got recently about security within iPhone apps (and partly Corona because you have not keychain access supported within the sdk)

I want to share these before somebody falls in a that trap without jnowing!

It is really easy to modify stuff your app has in its documents folder!

You can use "iPhone Explorer" to get to all data of every app you have installed.

And this is "legal" and works without any jailbreak... You can access all apps resources easily and do stuff like ripping music or graphics...

But you also can write documents!

I used that to write back my game state from server data after I experienced a crash and lost my position. Inside the device there was no progress saved but on the server! Now I save more often and not only at system exit events...

So don't expect that anything inside of "documents" is safe... if you have "save / restore game states" stuff ... just be prepared for users to be able to modify that!

I could easily cheat any high-score for my application and already use checksummed files and may even change to encryption.

This may not be so important for the random app.. for mine it would destroy a lot if the community of players would have to fight against cheating players!

To proof how dangerous this is... i at this moment have a score of 9999999 in a recently release corona game and could send it to the highscore server at once...

Conclusion?

Do yourself a favor and just don't write simple load/save routines ... but checksum or better encrypt your data!

BTW... You can do that on a locked phone! I just at this moment read my username from dropbox out of the dropbox app! But that may be only the case because that phone was previously connected to my computer. Dunno...

So what do you think about this?

Here's the conclusion for making a 100% full-proof public high score system: it's impossible.

It can't be done. I've studied this extensively. I've built Flash games, some of which were played in the excess of 15 million times, and it just isn't possible. People will always be able to cheat high score boards if they want to take the time and have the expertise. If you want a high score board that isn't "hackable", then make it private to that user on the device. If it's public, then there's always the chance there will be cheaters.

This is obvious because any data that your game sends to a server can be seen by the owner of that device using different methods. Whether it's encrypted or not, it can be seen. Now, I don't know the extend of the problem for iPhone/Android apps, but the problem with Flash was any .swf could easily be decompiled. This meant that any encryption routines that were used could easily be viewed by the user if they decompiled. Even if they were obstructed, they could still be put back together by someone with no life who wanted to take the time.

The bottom line is like you said, you want to make it as time-consuming as possible for someone who wants to cheat. In all my experience, I've found these two methods work the best:
- user account required for high score submission: make the user register for an account with a valid email address in order to submit high scores. Each user can only have 1 score on the board at once. This means that if someone wanted to flood your board (which is common) they would have to make numerous email addresses and numerous user accounts. And trust me, if they like the game enough, they'll make the account. I did this for one of my most successful games and I got 10,000+ user accounts in about a month and a half.
- In addition to this method, based on your experience in your game, set a reasonable maximum high score. If the submitted score is greater than that, disregard it. This means that even if someone cheats, they can't submit an absurd score, so in reality, no one else would actually know they cheated except them, which probably takes most of the fun out of it for them.

Now, those are only containment options, not prevention. There are some ways to try to prevent this. The best method that me and someone I know once discussed was at the beginning of each game, receive some unique time code/key from the server. Store game steps as they happen in your game, and when the high score is submitted, send back these steps, some sort of key, and check the steps/time that would be required to complete the steps and see if everything matches up. Because one thing that can't be spoofed is server time. You can take this further but it gets really complex and I'm not really sure if it's worth it.

If anyone wants to try to write a complex solution for this, I'd like to help. I have about 7 years of PHP/MySQl experience so I'd be happy to handle the server-side end.

I am programming since 28 years and know there is no universal solution and none of the possible ones is perfect. For my currend game there is 100% safety because the server can evaluate every submission out of the additional level data which gets submitted. But that is a special case and there are other things I have to think about regarding to cheating..

My concern and the reason why I posted this is that corona programmers may be tempted to think that their data is Invisibel and protected. If you would hand out your program in unpackaged form and could look in the folders regulary ... You would probably not store your data the same way.

This is esp. true with stuff you would consider secret... Hence my hint to they keychain and encryption service of the device software.

It is very easy to checksum your data files... Making it much harder for "kiddies" to tamper with the files. Or just encode your data...

That people with hardware analyzers could modify memory on the running device... Or others being able to intercept ssl connections and whatever... Is a fact... but you can ignore this until people have a high reward doing so.

All these considerations seem to be over the top for a lot of "simple" games. But every game which relies on creating competition with online scoring is subject of these considerations.

This is even more true as every "advanced" iPhone program will store it's state on exit which could be tampered before restore..

Right but if you're not doing a public high score system, who cares what data they modify? They're paying for your game (unless it's free) so I don't see why anyone would actually care if someone was cheating (unless there's public high scores). I mean it would only be hurting the person since they wouldn't be getting anything out of the game...

Obviously it would not matter much for those kind of games :)

They could be "heroes" in their families or with friends but would not influence as much people as "global" cheating.

Every developer should make his own choices how far he wants to go... but at least nobody which read my article can say that they did not know how easy it is to cheat if you don't have countermeasures going!