Skip to main content

Storage Encryption

Types

Optionally you can use encryption for the values saved by the DBManager on the user's device, so they are more difficult to read, modify and share by less experienced cheaters. On the IAPManager prefab inspector, three encryption types are available:

TypeDescription
DisabledDoes not use encryption, therefore IAP data is saved and accessed in cleartext.
InternalProvides built-in encryption, see below for more details.
Anti Cheat ToolkitThird-party asset, please see the ACTk integration guide.
caution

Every time you enable/disable or switch the Encryption type, you have to clean up your local data entry by pressing the Project Settings > Simple IAP System > Tools > Clear button (at runtime) or loading the RestoreTransactions example scene and pressing Clear Local Data on your device. Otherwise you will get an exception that local storage cannot be read anymore.

Internal

In order to enable internal encryption, select the IAPManager prefab and from its Encryption Type dropdown, choose Internal. More fields will show up - first, make sure that the Encrypt checkbox is enabled. This is a bit redundant, however it exists due to backwards compatibility and will be removed in a later release.

Next, replace Obfusc Key with your own encryption key (8 characters on iOS/Android, 16 characters on Windows Phone 8). While other techniques are more secure, many App Stores require an encryption registration number (ERN) when submitting your app with those standards. This technique does not require an ERN. Any alphanumerical 8-character here key should suffice to apply basic encryption, e.g. abcd1234.

Feature-Encryption010

If you are about to submit your app to Apple's App Store and Apple asks you whether your app contains encryption, click YES. If they ask you whether your app qualifies for any exemptions, click YES again and you’re done.

As the Simple IAP System database by default stored in Unity's PlayerPrefs, you can have a look at it in your registry file. But there is an easier way too: in Unity, you can see what's currently stored on your device by opening our database display under Edit > Project Settings > Simple IAP System > Tools. You have to enter runtime for the data to be displayed and for the Refresh button to become available.

Feature-Encryption020

In the registry, not encrypted vs encrypted data looks like this:

{"Currency":{"coins":2000}, "Content":{"no_ads":1, "abo_weekly":1}, "Selected":{"Armory":[ "weapon_1" ]}}
B0McdsDayy+mdA0Konpyu0FbnrsEoeNzlD060Pr7DIELC+I9EejeLIhcgHLFPXuMZDWmAqJU7o4suVb8ZI1CHSsHW/3bq32HrEBA9n...

Notice

danger

Please be aware that the database implementation (DBManager) may require a one-time only setup of variables. If you change their values again in production (live) versions, you will have to implement some kind of data takeover for existing users of your app on your own. Otherwise you will risk possible data loss, resulting in dissatisfied customers. Examples:

  • Renaming or removing a virtual currency in the Project Settings
  • Renaming or removing IAPs in the Project Settings
  • Changing storage type or paths in the DBManager
  • Changing or toggling the encryption option in the DBManager
  • Changing internal obfuscation key in the DBManager

I will not be liable for any damages whatsoever resulting from loss of use, data, or profits, arising out of or in connection with the use of Simple IAP System.