Best way to storage player-data

Best way to storage player-data


I’m developing a Mobile Game in c++ and I have a basic doubt.
What is the best (and simple) technology for storage the informacion of each player? (in secure mode). Like: best score, name, settings, etc.

I’m using SQLite for storage not importante information, like the name of the player. But if I need save important information that I do not want it to be hacked easily (like best score, coins, etc.), I think SQLite is unsecure because is a file accessible for the user.

I know that exists SQLite with encryption and password protection, and also exist other databases similar to SQLite, like: wxSQLite, SQLCipher, SQLiteCrypt, SQLiteCrypto, etc. but all these databases ar internal, without a server intermediate. I would like an external database (not only for greater security, also for I can access to the information easily, as administrador of the game).

I’m evaluating SQL Server or MySQL database, but it is recommended for a game use these databases? I read too, about Firebase Realtime Database (from Google), but it’s noSQL, i’m searching a relational sql database…



The most simple way to store data i found is use UserDefault, sample:

To set data:
UserDefault *def = UserDefault::sharedUserDefault();
def->setStringForKey(“Challenges”, “some to save”);
def->setIntegerForKey(“challengeID”, 0);

to get data:

UserDefault *def = UserDefault::sharedUserDefault();

-Use the same code to android and ios compile
-Work without add 3rd party lib
-If you save a structure inside UserDefault i recommend use json and marshall and unmarshall with rapidjson

-Is deprecated, but still working with last cocos version 3.15.1
-I not sure is the best performance option

I hope found the best solution for your project.


@Chino9 Why ist UserDefault deprecated? Where do find this? I didn’t see anything. On Android it uses the SharedPref, which are a common way to store key/value pairs. And also did you read the posters requirements? Secure means encrypted or not on the device. Your way isn’t secure, because a rooted device can read this the same way like someone can read the SQLite database.

@tranthor I would go the Firebase way, because noSQL isn’t that hard and you get “auto sync” for free. As far as I know, it’s the best solution (right now) to get a server side database with such a great feature set. The only main issue could be the user management. How did your user register to your game? You can use anonymous logins, but I don’t know if the stay after an app reinstall. A proper login (email/password) would be the best solution for that.


You can find test case for this class in:


If you want store encrypted data, you need generation the logic to encrypt/decrypt this data. Behind the code Userdefault generate an xml called UserDefault.xml… and store all data inside this file. If you root the device you can acess to access the clear data. you can implement MD5 to generate control if this file change , but you should not save sensible data here.

You can use cocos2d-x-extensions to CCCrypto: AES256, Base64, MD5 Features.


Thanks for the answers. I don’t want to use UserDefault because is unsecure, as @mars3142 mentioned. @Chino9 despite of I can encrypt the data, it is still an alternative to SQLite.
I’m searching an external database.

@mars3142 in my game I haven’t a custom register for each player. The player can login with facebook or play as guest. I’m not sure to use Firebase because it’s noSQL (as far as I understand, I can not execute queries, and I would like execute queries!). I read too, about “redis” but in the same way, I can not execute queries either.

Other options are mongo and postgre, but it not recommended for big databases.
Maybe i will have to try with Firebase… but another disadvantage is that Google has access to my db.


Behind the code Userdefault generate an xml called UserDefault.xml Nope. It uses the platform specific implementation for that: iOS == UserDefaults; Android == SharedPref (see source code in 3.15.1, if you don’t trust me).


I recommend this YouTube series to understand noSQL. In short: you structure your data that way, that you only do one query to get all your data. So if you really need other views you denormalise the data.

If you don’t want to have a hosted database (SQL or noSQL), your only way is to have an own server. - Amazon RDS is expensive and I’m not sure, that Amazon can’t read your data. My trust is to Google, because I never heard, that any data from Google was leaked (like other parties).

Guest/Facebook is great, because you can use Firebase Authentication for that. First use as guest (anonymous), and if the user connects with Facebook/Google the guest account will be linked to the other auth method. This is really straight forward (native - not tested with C++, but I believe it’s easy as well). It’s the same way I want to do it within my game. So I also need to implement it.


We should evaluate it.
How much storage does google provide free? 1GB? 5? 10? 20?
What is the limit? I think that if I exceed a limit, I should be start to pay.


1GB (, but if you have 1GB in the database you should have enough paid users. We uses Firebase for another project (incl. Firebase Storage) and we only paid 3€ in the first month. Currently the project isn’t much used, because it’s a season app.

The main contra for Firebase is, that the realtime feature is only in iOS/Android (PlayStore only, because it needs the Play Services), so if you want a desktop version (or other mobile devices: Nintendo Switch :wink: ) you have to implement it with the rest API, but if you want it just for save games, it should be a no brainer (my personal opinion).

Currently I implemented a meta data download from Firebase with the rest API, so I can update it at game start. I can also use Firebase Storage, but I want to write an edit tool in java (for Android), so I can edit the data on the go (no need to upload files, because everything is in the database).


Ok, thanks for the info :slight_smile:
If anyone have other alternatives… please tell me.


Just use sqlite3 with xxtea encryption, that will be enough.
or UserDefault with xxtea encryption.
You can find xxtea in Project_folder/cocos2d/external/xxtea


Could you paste cocos2dx code for that?. How di you retrieve access_token?


@smitpatel88 thanks for your advice. I’m evaluating an external database (client-server), however, please, tell me how can I apply xxtea with SQLite3? I added xxtea.cpp and xxtea.h to my project. What’s the next step? I saw examples but I’m not sure. Have you an example in c++ ?


The meta data is “world readable” (yet), so currently I didn’t managed to use a access token. This will be the next step, to secure every download incl. the meta data. - I will come back to you…


Just open xxtea.h file there is two methods xxtea_encrypt & xxtea_decrypt
To set : First encrypt your string then store into database.
To get : Fetch string from database, then decrypt it and use it.

See this thread if you have any problem:


You can read my SecureUserDefault which i used xxtea and User Default.


Why does everyone ignore the part from @tranthor

I would like an external database (not only for greater security, also for I can access to the information easily, as administrador of the game).

UserDefaults are only stored locally and if Android doesn’t backup them, they are lost after an uninstall. Also isn’t it possible to offer multi device support. I also wouldn’t use it for “save games”, because UserDefaults should only helpful for settings and not as a “state” storage.
I would recommend SQLite (if you want to store key/values), because it’s for such kind of data. But it has the same restrictions like UserDefaults/SharedPrefs -> only active for current device and lost after uninstall.


Are you sure about that? I have seen source code for Angular2/4 with Firebase realtime update.


I excluded the web client, because @tranthor set the topic to C++. Sure Firebase is usable with JScript code, but do you really want to build extra for Firebase a script support into your game? I don’t think so.


I thought to use a webservice for get and set data through php/mysql, with POST method. But it’s through http and I think it is unsecure.

Firebase realtime database is a very good option, but I’m not secure about the prices. If the application becomes viral I think I would pay a lot more than having my own server ($0.06 per auth, imagine in a viral app the costs of them). And another disadvantage is that I do not know the manipulation of data that Google could do without my authorization.

I think the best is host my own server. It is the most secure method (in my opinion). The problem is, what database can I use. Most people recommend noSQL instead of SQL. But if I select a NoSQL database, what is the better client for include in c++ for iOS and Android NDK apps? I like redis, but the official client not compiles in my project. If anyone have any suggestion, please tell me.