How do you handle Save-scumming in Mobile games?

Let's assume I have an offline gacha mobile games, How would you handle your players taking backup of their device, do gacha rolls, and if those rolls aren't good they could just restore the previous backup again and repeat the proces ad infinitum?

Or taking backup copy before big boss battle, and restore previous data if they failed to beat that boss, and try again.

Using emulator such as Bluestack/LDPlayer, it's trivial to make such checkpoint. they can take full snapshot of their current device and its data, and restore to undo the progress

 

Design your game such that that behaviour doesn't hurt other players (which in an offline single-player game should be pretty easy).

Beyond that does it matter? The fact that people care enough about your game to do this is a positive thing in my view.

 

You don't.

If you want to prevent save scammunig in gacha, you make it online-only and roll for the prize on the server.

If there's no multiplayer component in the game, then it doesn't matter whether people savescum or not (I mean making a backup of your entire device is a royal pain to do)

 

Grinding, artificial timers and locks are rather big NO-NO in my view, for noncompetitive single player.
Indeed as other mentioned, if anything OP need server, to keep track and control of certain aspect of the game.

 

You can run the code and storage for that type of stuff on cloud.

PlayFab is pretty good for that (free for first 100k players)

 

why would you want to do that? different people play differently and in this case, its a single player offline game...

That said, if you really really want to do it, i've seen games predetermine the rolls based on other factors like, at the start of the stage/day etc. This way people who want to save scumm will have to replay the stage at least (or at least complete the previous stage again to regenerate the current stages rolls). It still doesn't prevent it, just makes it more trouble some. Save scumm vs running the same stage 100 times...

But seriously, why do you want to stop your players having fun? If you are worrying about gameplay or playtime then gacha is probably the wrong mechanic for you. if you are trying to monetize it then aspects of it should probably be done server side, such as the currency to buy the gacha.

Alternatively.... just protect your save file... maybe use cloud saves?

 

As others have said, I wouldn't, because you've said it's single player. If someone is willing to go to that level of effort to do well in the game then I'd consider that a good thing, and I wouldn't want to mess with them or their high levels of engagement. Keeping my players happy is far more important than having them play the "correct" way.

This is true for developers. Not so much for the vast majority of players. So I suspect that this is putting a disproportionate amount of brain power into something that will only impact a few people, and probably not even negatively.

 

Thank's all for the reply.

@angrypenguin while it's true making the players happy is the most important, I just don't want random dude posting "How to get guaranteed SSR in {GameName}" youtube video about save scumming with their emulators. I also think putting at least a bit effort to protect the integrity of the save data would also make the paying customers happy.

This seems to be the answer, seed the roll And after watching these two videos

By default if we don't specify anything, the Random() would still use os clock in some part anyway. By having date as a seed should be good enough to deter save common save-scumming since if they want different value they have to wait for a day each retry. Can be applied to for the stage loot or drops. But of course it's not foolproof, if the user figured out that by changing the dates, change the seed used in the PRNG.

For more extreme approach, right at the first time running, we can use Guid or something and save it as that player's seed. So in a sense, that player's rolls, loots, drops, already predetermined right at the moment of savedata creation. Lastly we can then do simple encryption on that save file to prevent player seed tampering. But of course it's not foolproof, if the user figured out the way savedata is encrypted.

In the end of the day there's nothing truly safe if we talk about client's machine. Though, my job is already done at that point in providing a bit of savedata integrity.

 

Do you already have people regularly making videos about your games? If so then sure, being picky about the content might be beneficial. But until then, I'd rather them making videos about gaming my game than about someone else's game.

I'd definitely go with "a bit".

Keep in mind that this is for a mobile game, right? Of your overall audience, what percentage do you think is likely to do stuff like plugging their phone into a PC to mess with a game on it? As developers we have a very different view of the world to our players. Depending on your game many of its players may be put off by things like software updates, let alone actually messing with files or, heaven forbit, using a development tool!

 

You absolutely can't prevent that from happening, and frankly, should be at peace with this kind of development. Because that dude is promoting your game.

Not really.

Customers want not to lose their progress. And that's the extent of it. Looking into anti-savescumming system is a wasted effort, because that does not affect gameplay of normal players.

Honestly, encountering an anti-cheat mechanics in a single-player title is a very bizarre experience which makes player question developers.

 

The paying customers won't care and often those same videos bring in more paying customers.

edit: hell, there's actually a pretty popular youtuber who does nothing but exploit videos, often multiplayer, and they've been used as balancing/fix resources for the developers.

https://www.youtube.com/c/TheSpiffingBrit/videos

 

If it's single player it really doesn't matter, why waste your time? There's literally 0 reason to anti-cheat a single player game. Literally 0% reason to prevent it, and there's 0% chance of preventing it without a server.

I tell you what, if it wasn't for me hacking single player games back in the 90's and early 2000's I wouldn't be a developer today, it exposed me to learning how things were made and it interested me. GameShark for life! lol.

It was fun to start up GoldenEye and change characters, faces, loading the secret unfinished levels, etc. In fact, I just realized it would actually be a good thing to let them hack it, leave in Easter egg levels, objects, etc. Give them reasons to keep playing your game, and give them reasons to tell their friends about it, etc.

 

There is one big reason. Some devs try to monetize, with low cost / effort.
For example there was one of Fallout mobile game, ported to PC. In general it was single player. But you could buy boosts and perks with real money. Your saves didn't work on different devices.
Format disk, and you loose anything, you spent.

Also game was made, to punish players, after certain point, loosing much of progress. So they were forced to pay, if want to progress. I will always advocate against such and similar practices.

Besides game was extremely buggy and people did loose saves progress and money. Game was very easy to cheat.
Using cheat engine for example, but not only, I was able unlock anything in a game. And advised others to do same, as in contrast to shady practices of devs. And not just random devs.

 

Yeah it's so wrong to punish the players like that. It's companies like that I wished would disappear forever. I mean I understand the premise of IAP's and sometimes it's a good balance (like theHunter: Call of the wild). It might be worded as a DLC but for all intents and purposes they are IAP's - Weapon packs, maps, etc.

BUT, the weapons aren't required, just make the game a bit more fun to have an assortment. The maps you can play whether you own the DLC or not, owning the DLC just lets you play singleplayer on said map or if you join someones session and they quit you have 15 minutes for someone who owns the DLC to join in.

I love the way they do it, as it doesn't make me feel forced, nor does it make me feel I need to hack the game to get the maps, etc because I can already play them if I join someone who is playing it.

But yeah as to what you were trying to say - in the case of that game that does make sense to prevent cheating as it goes against their profit margin. Why people buy into it beats me, kinda wrong, yet they'll keep doing it until people have finally had enough. Which may or may never come I suppose. In the world of instant gratification it's easy to exploit people for profit.

 

That's F2P money milker. I would say it is a separate type of game from "single player".

 

Personally I don't see any reason, why SP can not be F2P.
I suppose it matters, where we draw the line for Single Player to be.

 

If were to be very specific, then....

I'd say there are following game types:

• Single player, Offline play.
• Single player, Internet connection required.
• Multiplayer.

When it comes to connectivity. And then there are multiple types of payment, which would include....

• Free
• One time payment.
• Shareware. Also Demo + Paid expansion.
• Donations.
• Cosmetics.
• Subscription.
• Money milker.(money gating)

Now.... I don't think money milker can be made to work offline. Because of the reasons stated by the poster. People usually are not fond of money gating, and definitely are going to hack it if they can.

 

This statement is only true for online cheating, it's exactly the opposite in a single player game.

If i pay for your game and you're preventing me from doing something just because you feel it compromises the game experience i'm never looking at another one of your titles, a paying customer expects a full experience, online cheating ruins the experience entirely, single player save scumming is part of the experience.

two examples of save scumming:

Total war - you can reload a save from whatever turn you want and take a different course, but if you do the exact same thing you get the exact same result, a predetermined random roll table for the turn (can separate it to player rolls, ai rolls, etc)

FTL - can only save current state, no going back(unless you "hack" the game) also the permadeath deletes your save.

either approach has its advantages, but unless you're going for something really hardcore like FTL did (and still a lot of people complain about this mechanic) you should let the player do what it wants, but still keep him in check some how like the predetermined tables i suggested earlier.

 

@SparrowsNest like above already mentioned, it's a single player money milker microtransaction game where player may optionally buy paid gems to open Loot.

Let say player is able to spend $10 or $0 even (if they saved enough f2p gems), and keep save-scumming and repeating the rolls until the best SSR drop, this can't be compared to save scumming in Total War Games. You should compare it with how Paradox games protect their players savedata to prevent savescumming. They went as far as checking the checksum of the app, mods, and data encryption. In the end of the players want to cheat, they will cheat, but I don't think putting a sheet of barrier protection is meaningless.

 

If the rolls are a commodity that you wish to control the value of then you'll just need to put them on a server. As soon as anything is on a client device you can't trust that it'll remain unmodified. You can make the modification harder, but you can't make it impossible because, at the end of the day, the client application needs to be able to access all of the relevant bits in order to operate.

Think about game copy protection. Big business pay big money to make it harder for games to be copied, but it still rarely ever lasts more than even a few days. If they can't do it with their budget and licensing specialist software and/or teams it's not a realistic goal for an indie.

I'm still not seeing a problem worth "solving" here.

If they've spent $10 then groovy, you already have their $10. If they feel good because they scummed your game to get a high value drop then sweet, they might want to do it again and give you another $10. And if it doesn't impact other players then that's a win-win. And, as others have said, there are relatively simple ways to "lock in" the results of rolls ahead of time. For example, when they make the purchase, use the receipt data to generate a seed for the rolls. That way even if they reload to before making the rolls they'll still generate the same sequence, drastically reducing the amount they can "scum" with it. (Though I'd hesitate to do even this, personally.)

If they've ground their way there with the trickle of in-game rewards then surely you've already got oodles of ad views out of them? In which case I'd still want to keep them happy so they keep playing.

In both cases, think long and hard about whether a player who is going to that amount of effort to avoid giving you more money is going to change their mind because you spoiled their workarounds.

Something else to think about: This is a significant amount of effort going into a tiny number of players who are highly engaged in your game just because you want them to play differently. Is there honestly nowhere else you could be putting your time and effort to get a higher increase in value? Personally, I'd rather do things that make more players happy than mess with those who already are.

 

@angrypenguin won't be putting that much effort. I think by just tinkering with the prng and encrypt the save data should be enough to protect the rolls.

If the players really want to decompile the app, then it is what it is. my job is already done at that point in providing a bit of protection.

 

Then you use server based authentication. It is literally the only option if you don't want them to cheat rolls they're paying for.

 

You have to make it dependent on an external server then. No other way around.

You kinda can savescum all you want in titles like Crusader Kings 2, for example. It is that for achievements you need ironman enabled. That is if you care about achievements. And also achievements pretty much exist on an external server.

I'd like to point out that getting annoyed by a mechanic in a single player game, hacking the game due to being frustrated, and discovering that instead of making the mechanic better, the developer wasted their time preventing savescuming - it creates a major negative impression of the game and its developer. Similar thing happened with bethesda titles when they disabled achievements for modded games. That stuff is pure insanity, as Bethesda games are traditionally released in an extremely buggy state and rely on community mods. And when the developer goes out of the way to punish you for using community mods that fix the issues said developer failed to address - that creates strong negative reaction.

-----

So, long story short:

* To prevent people from rerolling the dice when rolls are paid, the dice rolls should be rolled on an external server.
* Fighting savescumming in a single player game is generally a wasted effort and may even be frowned upon by the player.
* People making videos about cheating in your game are promoted the game. If they never notice the game, that's technically worse.

 

If they backup entire device, then it won't be.

And your job is not to protect the game from savescumming, but to make sure people enjoy playing it.

Actually, thinking about it... savescum protection will make you lose money. Because people will try to reroll, realize that result is the same, and then they'll simply uninstall the game.

 

I still wish to point out that as others have mentioned
1) if you market is small with few people engaged, it doesn't matter, cos you should focus on engaging players
2) If you market is huge with tons of people engaged, then, such simple measures still don't matter cos as mentioned, its client side and sooner or later it can be broken by those who want to.

Since this is a money milker game i think i see where this is going... basically you are hoping for a few whales and don't want them to feel bad when they see that the results of their $$$ could easily be be replicated by save scumming. If that is your intention then yeah, a even a basic protection would help prevent your "Casual" cheaters (probably like 80 to 90%), and i would suggest you just do basic due diligence rather then investing significant effort into this (which does seems like what you are doing, so i think you're on the right track).

On a side note, other then online games, i normally do cheat/hack/mod a majority of my games. Games i do tend to cheat at tend to have a random element to them (like gacha) which i hate since it just basically depends on luck anyway, or narrative heavy games with a grind element since i'm in it for the story/options. Games i don't cheat at tend to be skill based games as cheating seems to defeat the point of it. So, it really depends on what you think your players will be looking for in your game...

 

Correction. One of your players will decompile the game and everyone else will simply download their copy. This is how software piracy works. It's not and never has been the case that every player needs to decompile the program themselves. One person or group creates the workaround and everyone else benefits.

A server that handles all of your gameplay state is the only approach that can prevent this. Anything else is just a foolish waste of time. But for a single player game with no online element it's even more foolish to try to force your customers to play the way you want them to. Focus on improving your game and not on annoying your customers.

 

Even with a server if someone rebuilds your games he can just bypass whatever check client side or connect to a fake server on the machine he controls (or even a real server like private wow servers did for example, in that case you only needed to edit a text file to connect to a different server)

 

Thus why I said "a server that handles all of your gameplay state". I was referring to more than just a server that verifies and reports back. A complete private server is definitely an option but it's almost always far behind the official servers.

 

The save scum is your opportunity to make real money. Microtransactions.

 

You can random in two ways, just an example:

1. You can roll between 1 and 100 for 100times and the average will be 50 with each number being rolled equally often statistically.
2. You can generate an array of 100 numbers with each of the numbers between 1 and 100 being 1 time in that array and then randomly shuffle the array. The average will be 50, the player will not notice a difference.

Random numbers with enough rolls are perfectly distributed, but with very few rolls, the results can vary a lot between players. For things like rolls for hits, misses and crits, version 2 is a known way to generate non-frustrating random numbers for player. Not with 100 values, but even with as little as the next 10.

So lets assume the player starts and you generate the first 20 rolls and store them encrypted. Before, the player could save, make a roll and reload if he doesnt like the result. With the next X rolls already generated, he will get same/similar results. The player can still cheat by saving and loading, but has to do so over a whole set of rolls and if the rolls aren't purely random each time, but rather guaranteed numbers in a random order, the exact result of the rolls may change, like getting a different 5-star each backup-reset, but not the quality as in "zero 5 stars this time, but it may be 4 next time".***

You may also include a pitty-system that works over play sessions, so that it makes less sense to redo the gacha-rolls, as a part of the systems result is already determined by the players past actions.

***I am not sure if that way of generating randomness is okay with gambling laws in different countries.