The only fail-safe solution i know of is letting the server play the game for the user. I.e. you make the client a GUI on top of what is happening on the server (a whole slew of issues are inherent to this approach as I'm sure you realize).
Letting the client tell your server 'this is what I achieved' is an approach which only works if the rewards (monetary or otherwise) aren't big enough to make it worth someones while to crack the code. As long as you let the client tell the server what you accomplished you'll remain vulnerable to manipulation. I know of numerous simple flash-game-developers who were amazed at the scores that started dropping in once their game went from just-for-fun to having some sort of a grand prize for a highscore. It wasn't that people were playing more/better, the problem was that suddenly it was worth the effort to hack it. /L On 2 Nov, 16:32, Warren <warrenba...@gmail.com> wrote: > What is the best way to ensure people don't cheat when you use a web > server (or something similar) to handle some of your application > logic? > > A good example is a high score board. People play a game and when they > are done, the application sends the score to the server to be > recorded. However, if someone knows what your server is expecting, > they can craft their own "high score" and post it to the server > without having earned that score. There are many similar situations > in which a person could potentially ruin an application by > communicating with the server in ways they shouldn't. > > As a developer with a web-backed application, what are the best ways > to prevent this? Putting a key in the application and encrypting the > message is one option. But it would not be ridiculously hard to crack > even this system because the compiled application is available with > the key. This would stop amateur hackers, but not persistent, > experienced hackers. > > What about all you developers out there? How do you make sure that > web server requests were properly generated from your android > application? Or do you just assume it will be OK and that no one has > time to try to break your cell phone app? Is there a better system I'm > not thinking of? -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
