Save-game tampering happens when a player changes local save data outside the normal game flow. They may edit a file, change PlayerPrefs, copy a save from another device, restore an older save, or delete data to force a reward again.
Why local saves are tempting targets
Saves often contain values players care about: coins, gems, level, inventory, rare items, quest state, premium unlocks, and progress. If that data is stored in a readable or weak format, it becomes a target.
A player may open a JSON file and change 100 coins to 999999. They may edit PlayerPrefs with a small tool. They may copy a fully completed save from the internet. If the game trusts that save without checks, the tamper works.
Mobile and desktop saves are also easy to move around. A player can back up a folder, install the game on another device, replace a cloud save, or share a modified save with friends. That is why protection should cover both direct editing and unexpected save movement.
Rollback abuse
Tampering is not only about changing numbers. Rollback abuse means a player saves before a risk, spends currency, opens loot, or loses an item, then restores an older save if they do not like the result.
This can break crafting, gacha-style rewards, trading, offline events, and any system where the player should not be able to repeat the same chance forever.
Watch for copied and mismatched saves
A copied save may look valid at first because the file format is intact. Add context that helps the game notice when a save does not belong to the current account, device profile, game version, or expected progress history. This can include protected player identifiers, save versions, monotonic counters, and last-known server state.
Be careful with hard failures during migrations. If an honest player upgrades from an older build, the game should have a safe path to migrate expected data while still treating impossible jumps and mismatched ownership as suspicious.
How protected saves help
Protected saves make local data harder to read and harder to change safely. Anti-Cheat can protect PlayerPrefs or file-based saves with encryption and integrity checks.
Integrity checks are important because encryption alone is not enough. A protected save should help answer: Was this data changed? Was it copied? Is it from an older version? Does it match what the game expects?
Use the server for valuable state
If your game has accounts, purchases, cloud saves, leaderboards, or multiplayer, the server should own the important state. The client can cache data for speed, but the backend should decide whether rewards, purchases, and ranked progress are valid.
For offline-friendly games, the backend can still help later. Store pending actions locally, protect them, and reconcile them when the player returns online. The server can then reject repeated claims, impossible totals, or a save that moved backwards after valuable rewards were earned.
What to protect first
Start with the values that would hurt most if edited. Usually that means premium currency, inventory, paid unlocks, progression, daily rewards, event state, and leaderboard-related scores. Settings like volume or screen size usually do not need heavy protection.
Do
- Protect save data that affects currency, inventory, progression, premium unlocks, and leaderboard scores.
- Use integrity checks so the game can detect changed or broken save data.
- Sync important state with a backend when your game has accounts or online features.
Don't
- Do not store trusted values in plain PlayerPrefs or readable JSON without protection.
- Do not trust a local save just because it was created by your game.
- Do not overwrite suspicious saves without logging enough information to understand what happened.