Search Unity

Has anyone tried reading / modifying the saved Remote Settings file on client side?

Discussion in 'Unity Analytics' started by ReGaSLZR, May 29, 2018.

  1. ReGaSLZR

    ReGaSLZR

    Joined:
    Jun 11, 2015
    Posts:
    7
    Background: Just like the case presented in this issue with Remote Settings, I would like to use Remote Settings to hide my server base URL and some other authentication infos. I couldn't just put those values in PlayerPrefs and even more so directly into the code as values of static variables (since obfuscation is a big no-no as per this) and even if I encrypt my data, it'd be useless since potential crackers can see how it's being decrypted.

    Now, according to this doc: "The web service from which Unity downloads the Remote Settings configuration is read-only, but is not secured. This means that the configuration could be read by third-parties. You should not put sensitive or secret information into your Remote Settings. Similarly, the saved settings file could be read and modified by end-users (although any modifications are overwritten the next time a session starts with an available Internet connection)."

    The question: Has anyone tried reading and/or modifying that saved settings file (on the built game) on client-end side? I'd like to test how not-so secure Remote Settings is.
     
    Last edited: May 29, 2018
  2. ap-unity

    ap-unity

    Unity Technologies

    Joined:
    Aug 3, 2016
    Posts:
    1,085
  3. ReGaSLZR

    ReGaSLZR

    Joined:
    Jun 11, 2015
    Posts:
    7
    Holy crap! Thanks for the link to the manual.

    And thank you so very much for passing the feedback to the Unity dev team. <3
    You rock! :)