Unity Asset Store

Encrypting Data in Unity using CryptoPrefs

By December 19, 2017 March 5th, 2018 No Comments

I have been working in Unity since 2010 and over the years have gotten comfortable using the PlayerPrefs class to store data here and there. I’m sure many Unity developers get comfortable putting their data there. However, this data is stored in plain text on the player’s machine. If you have any critical information that you need stored on the local device, be prepared for your players to play with it. Usually it is an inconsequential thing when players change some parameters, however, you can expose sensitive data and allow in app purchases to be unlocked through your player prefs if you use it in that way.

When we were developing Acorn Assault: Rodent Revolution, we decided that some information needed to be stored locally. Some of this data pertained to the save state meaning that if players could manipulate it, they could jump to any level and unlock any character. Since we wanted to restrict that, we wrote a plugin called CryptoPrefs that acts like PlayerPrefs with multiple layers of security.

CryptoPrefs was designed to be a simple swap for anywhere you currently call PlayerPrefs with additional features. The main feature is the encryption of the data. All of the data is encrypted using a special key and it can optionally be salted by the user’s device ID so that the save data file could not be shared between two players. CryptoPrefs also has the added benefit of being able to store more complex data objects such as color, booleans, Vector4, Quaternions and more also including array values of each type. You can optionally turn off encryption too if you don’t want it but want the added benefits of all the other data types. The file format is a custom binary type built to be as small as possible.

If you want to use CryptoPrefs in your project, pick up a copy of it on Unity’s Asset Store.