Can offline progression be secure?

It can be safer, but never fully trusted. Use protected local data, limits, queued actions, and server reconciliation when the player reconnects.

What is server reconciliation?

It is when the server reviews offline actions later and decides which rewards, progress, or changes are valid.

Should premium currency work offline?

Be careful. If premium currency can change offline, set strict limits and reconcile with the server before the balance becomes fully trusted.

Why is device time risky?

Players can change device clocks. Important timers and daily rewards should use trusted server time when possible.

Can offline rewards be generous and safe?

Yes, if you cap high-risk rewards, protect local state, and reconcile important claims with the server when the player reconnects.

What is a pending offline action?

It is an action saved locally until the server can review it, such as a reward claim, level completion, crafting result, or currency spend.

How to safely handle offline progression without trusting the client

Offline progression is great for players. They can play on a train, on a tablet, or with weak mobile internet. But offline mode creates a hard security question: how much should the game trust data that was created while the server was not watching?

Start with a damage limit

The best first question is not "Can this be hacked?" The answer is always yes, given enough effort. A better question is, "What is the maximum damage if this offline data is edited?"

If offline mode can create unlimited premium currency, ranked points, or rare tradeable items, the risk is high. If offline mode can only unlock a few local levels or collect small capped rewards, the risk is lower.

Put those limits in product terms before implementation starts. For example: "offline mode can earn at most two hours of idle rewards," or "offline crafting can queue common items, but rare event rewards sync online." Clear rules make the later technical checks much easier to explain and enforce.

Protect local state

Offline progress needs local storage. Protect that storage with encryption, integrity checks, versioning, and rollback detection. Anti-Cheat can help protect PlayerPrefs and file-based saves so simple edits are easier to detect.

Protected storage does not make the client fully trusted. It makes tampering harder and gives the game a signal when something looks wrong.

Store more than the current progress value. Include a save version, last trusted server revision, monotonic local sequence number, and integrity tag. If the player restores an older save, the server can see that the client is trying to sync from a stale revision instead of treating the uploaded state as fresh truth.

Queue actions instead of trusting totals

Instead of only storing "new balance is 5000," store a queue of actions: completed level, earned reward, spent item, claimed daily bonus. When the player reconnects, the server can review the actions and rebuild the result.

This gives the server more context. It can reject impossible actions, duplicate claims, invalid timing, or rewards that exceed offline limits.

OfflineAction.cs

1public sealed class OfflineAction

3 public string ActionId { get; init; } = Guid.NewGuid().ToString("N");

4 public string Type { get; init; } = "";

5 public string SourceId { get; init; } = "";

6 public int Amount { get; init; }

7 public long ClientCreatedAtUnixMs { get; init; }

8 public int SaveSequence { get; init; }

9 public string LastKnownServerRevision { get; init; } = "";

10}

12// Example types: "level_complete", "craft_item", "claim_idle_reward".

13// The server validates each action instead of trusting a final total.

The important fields are the action ID and the source context. An action ID lets the backend process retries safely. The source context tells the server whether the reward came from a level, event, crafting recipe, idle timer, or purchase-related flow.

Use server reconciliation

Reconciliation means the server compares offline claims against server rules. It can approve, reduce, delay, or reject rewards. It can also flag accounts that repeatedly send impossible offline progress.

This works best when players understand the rules. For example, you can allow offline rewards but show that some rewards sync when the device is online again.

OfflineReconciliation.cs

1public ReconcileDecision ReviewOfflineAction(OfflineAction action)

3 if (offlineLedger.HasProcessed(action.ActionId))

4 return ReconcileDecision.IgnoreDuplicate();

6 if (action.SaveSequence <= account.LastSyncedSaveSequence)

7 return ReconcileDecision.Reject("stale_save_sequence");

9 if (!rewardRules.IsValidSource(action.Type, action.SourceId))

10 return ReconcileDecision.Reject("unknown_reward_source");

12 if (rewardRules.ExceedsOfflineCap(action.Type, action.Amount))

13 return ReconcileDecision.ReduceToCap();

15 return ReconcileDecision.Approve();

16}

Real systems usually keep a ledger of accepted, reduced, rejected, and duplicate actions. That ledger is useful for support, fraud review, and fixing bugs in offline rules without guessing why a player's progress changed.

Be careful with time

Device time is easy to change. Daily rewards, energy systems, crafting timers, and offline earnings should not blindly trust the phone clock. Use server time when online, store last trusted sync time, and limit how much offline time can be claimed.

Also track drift. If a device repeatedly jumps forward before claiming rewards and then jumps back before syncing, treat that as a signal. You do not need to ban immediately, but you can cap rewards, require a fresh online sync, or move high-value timers to server-owned state.

Separate low-risk and high-risk progress

Low-risk progress can be generous offline. Story progress, local achievements, settings, and non-tradeable cosmetics may be acceptable. High-risk progress needs limits: premium currency, ranked points, competitive rewards, tradeable items, and event prizes.

A useful pattern is "local now, trusted later." Let the client show offline progress immediately for a good player experience, but mark high-risk rewards as pending until the backend confirms them. This keeps offline play smooth without letting edited local state become permanent economy truth.

Log suspicious offline patterns

Watch for repeated rollbacks, impossible reward amounts, time jumps, duplicate claims, and offline sessions that always end with perfect outcomes. These signals can help you tune limits without punishing honest players too quickly.

Log the save revision, action IDs, offline duration, claimed reward totals, reduced rewards, rejected actions, and device-time drift. Those fields help you tell the difference between a broken rule, a bad network session, and repeated manipulation.

Do

Protect offline saves with encryption, integrity checks, and versioning.
Queue important offline actions and reconcile them with the server later.
Set clear limits for offline rewards, currency, timers, and repeatable events.
Give each offline action a unique ID so reconnect retries cannot apply it twice.

Don't

Do not let offline mode create unlimited premium currency or ranked progress.
Do not trust device time for valuable rewards without checks.
Do not accept offline actions blindly when the player reconnects.