"js4;c-1938116" wrote:
"Ladislav;c-1938032" wrote:
If we cannot trust data sent from cheating device, there will always be a loop hole.
You must have missed something in the description, but this is the precise problem that you solve by redistributing the check to other clients. You can't trust the local client to validate its own battles, it needs to send the battle data to the server, which then randomly distributes validation of the battle to other clients. Client-side detection is a non-starter unless the client is validating OTHER peoples' battles.
It's also likely not against any sort of app store policies: it's a game that already sucks up an incredible amount of battery with the 3d graphics alone, and you only need to be validating battles while the app itself is open/the user is engaged. These battles don't need to be validated quickly or at any particular time, once you catch a cheater 1 time and suspend the account it's months or years before they get back to doing it again on another account at that same level. Simulation calculations take up only a miniscule amount of battery compared to the 3d graphics and display related to the game.
That does not solve the problem I described. If the cheat sends results which are possible with the given setup, nothing will be detected. Very raw example: you have Jawa team and it can sometimes beat Geonosians. But depending on RNG it may not work all the time or you may loose quite few Jawas. You just need to see data of one battle where it work and cheat can send similar every time - cheaters Jawas will always win. We can go even further with mirror matches. To detect such anomaly, you need server side processing and some ML on top of historic data.
I don't how exactly Android / iOS development works. Is there a secure storage? Is there per app certificate store? Is it possible to play the game on rooted / jailbroken devices? Does rooting / jailbroking exposes secure storage or certificates? Because all this cheating is tampering with data send to server and that would not be possible if data were signed unless the cheat can access the signing key / certificate.
Capital Games Team
