I want to run a server for my game to provide multiplayer access to players. Players will be able to connect to this server via my Ouya game.
Ouya's purchase system doesn't seem to have any way for my server to reliably verify that someone has a legit copy of my game. Here are some links to Apple's solution:
Piracy is rampant on Android and iOS. Given Ouya's intended open nature I don't see how there won't be similar problems. Any data sent from a player's device must be considered cracked. When I read articles like this one it makes me nervous:
I don't want to devote 90% of my server resources to people without a legitimate purchase.
The console already makes some sort of API request with the userID and gameID to return receiptIDs. Why can't the API be opened up to take a gameID and receiptID and return yes/no that it was a valid receipt?
This seems like an "easy" feature to add and is actually something that will generate money for Ouya and developers.
What does everyone else think? Do you have any plans or workarounds to handle these issues?
We don't have any way to verify the receipts. We only have the ability to ask the ouya console for a list of receipts. Cracking the console's purchase mechanism will be trivial for people who are into that kind of thing.
We need a way to verify receipts directly on Ouya's server without going through potentially compromised consoles.
I'm not going to deter piracy at all ;) The simple fact is, piracy may be rampant on Android, but I don't see this as any different from PC or really any other indie-friendly platform. Additionally, it has been stated many times before but worth re-stating: Piracy does not affect what customers actually purchase your game. That is, if someone pirates your game chances are they never would have purchased your game in the first place. And as for server load - well, in all honesty your servers should be able to handle the load regardless. Not that it should be an issue - look at CS Portable, it's a free game on Android and Kongregate.com and gets easily hundreds of players at any given time, but usually has no big issues. Probably some smart server design (I know Photon Cloud has built-in load balancing features, so that probably helps a lot...)
You didn't remember the plot of the Doctor Who movie because there was none; Just a bunch of plot holes strung together.
This has also been discussed at the end of this thread. No need to duplicate threads. I have also sent a query to OUYA dev support. Haven't got a response yet.
Additionally, it has been stated many times before but worth re-stating: Piracy does not affect what customers actually purchase your game. That is, if someone pirates your game chances are they never would have purchased your game in the first place.
That's not true, I've known more than one hardcore gamer who bought on average one game per month, then got the ability to pirate games and never bought a single game ever again, except when the game couldn't be pirated, and then they bought it. All games have the potential to have their antipiracy measures broken of course, but the general assumption is the longer it takes the more people will buy your game because they want to play it immediately. And of course there's the unknowledgable layperson pirate, the kind that will pirate something if it's a super simple process, but if there's more than one step to remove security they'll just pay their money.
We don't have any way to verify the receipts. We only have the ability to ask the ouya console for a list of receipts.
Eh? This is the first I've heard of this, did someone from OUYA say that that's how the final system would work? I mean, they've already said that certain features aren't done yet, such as the receipt encyption/decryption. There's another thread where people are trying to guess how it's going to work, and are making requests.
I'm going with Killa_Maaki. I'm not going to directly focus any goal to deter piracy.
Yes, some people will stop paying for games if they can pirate. I also know people who started to pay for games once there financial situation improved. It's anecdotal and selective to how we want to know or skew the information to fit our side of the story.
The only hard evidence is that piracy occurs, there are half assed information that is often spouted by corporations as proof; and yet government has proven the information false. concerning the effects of piracy.
All we can do is take our own routes. We have seen the biggest games succeed in spite of piracy. Piracy so for hasn't proven any direct detriment. however I do believe the important developer statement.
"If you like the game, buy it. The money goes on to support the developers to continue there work"
However, I'm certainly not going into the piracy war to stop it. So far it looks to be a losing battle.
We don't have any way to verify the receipts. We only have the ability to ask the ouya console for a list of receipts.
Eh? This is the first I've heard of this, did someone from OUYA say that that's how the final system would work? I mean, they've already said that certain features aren't done yet, such as the receipt encyption/decryption. There's another thread where people are trying to guess how it's going to work, and are making requests.
What I mean is that the current plan for decryption will only happen on the ouya console. There is no way you can verify that the console's decryption routine is not compromised. If you provide any kind of online server you will just have to trust whatever information is sent by the console.
@KonajuGames - thanks for the link to that thread, but this seems like a different topic. That thread is about ways to monetize games using the available IAP. This thread is specific to one of the vulnerabilities in the current IAP.
You obviously didn't read the whole post, let me quote myself here:
Ayrik said:
Yes, but when writing a game with an authoritative server like an MMO, the server needs to know if the transaction was successful. I couldn't find the exact Apple documentation on their purchasing, but the web code here (https://github.com/chrismaddern/validate-in-app-purchase-iphone-ios-receipts) is exactly what I'm referring to, but for Apple's App Store.
It is essential for an authoritative server to have access to this because you can't trust anything the client gives you. It needs to come from a trusted server.
At least there are more people requesting this so it may actually get implemented in time for me to use it.
I think there was an statistic from last year that shows that, in average, people who play pirates spend more money on legitimate games than those who don't.
I read the entire thread after Konaju pointed it out, but in my opinion this is an important feature that shouldn't get buried in the tail end of another conversation.
I totally agree with what you posted in the other thread. It's interesting that in the other thread a couple people didn't understand why you want access outside the ouya console. It appears that a couple people on this thread don't understand either. I emailed ouya about this last week and their initial response was that they already provide receipts in the SDK. I sent another emailing explaining more details and it sounds like they will implement this eventually. Obviously there are so many things going on that they can't provide more details about the timeframe, but I hope it is getting pushed closer to the top.
Sorry, but you replied saying it was a different topic, so I was just repeating what I said there for the same reason you don't want it to be buried in a different post.
My game cannot be released until this functionality is available.
In your case it seems a matter of not allowing the downloading content based on what is purchased, which is definitely a concern that I share. In my game it is completely impossible because the server stores all their "coins" and we need to know how many coins the player just purchased! Where else could we get that information since we can't allow the player to let us know because they could be lying. They could also send this message up as many times as they'd like and the server would have to just trust it.
OUYA, Please implement this feature as soon as possible! My game won't be released for quite some time, but I'm sure others need it really soon.
I emailed ouya about this last week and their initial response was that they already provide receipts in the SDK. I sent another emailing explaining more details and it sounds like they will implement this eventually.
You got a response? I emailed them about the same thing as well. No response yet.
nimble_gorilla
Posts: 19Member
Comments
The simple fact is, piracy may be rampant on Android, but I don't see this as any different from PC or really any other indie-friendly platform.
Additionally, it has been stated many times before but worth re-stating: Piracy does not affect what customers actually purchase your game. That is, if someone pirates your game chances are they never would have purchased your game in the first place.
And as for server load - well, in all honesty your servers should be able to handle the load regardless. Not that it should be an issue - look at CS Portable, it's a free game on Android and Kongregate.com and gets easily hundreds of players at any given time, but usually has no big issues. Probably some smart server design (I know Photon Cloud has built-in load balancing features, so that probably helps a lot...)
That's not true, I've known more than one hardcore gamer who bought on average one game per month, then got the ability to pirate games and never bought a single game ever again, except when the game couldn't be pirated, and then they bought it. All games have the potential to have their antipiracy measures broken of course, but the general assumption is the longer it takes the more people will buy your game because they want to play it immediately. And of course there's the unknowledgable layperson pirate, the kind that will pirate something if it's a super simple process, but if there's more than one step to remove security they'll just pay their money.
Eh? This is the first I've heard of this, did someone from OUYA say that that's how the final system would work? I mean, they've already said that certain features aren't done yet, such as the receipt encyption/decryption. There's another thread where people are trying to guess how it's going to work, and are making requests.The only hard evidence is that piracy occurs, there are half assed information that is often spouted by corporations as proof; and yet government has proven the information false. concerning the effects of piracy.
All we can do is take our own routes. We have seen the biggest games succeed in spite of piracy. Piracy so for hasn't proven any direct detriment. however I do believe the important developer statement.
You got a response? I emailed them about the same thing as well. No response yet.