Hey all!

First time here, I am personally just getting started in game development though I have a bit of coding background by now. I am looking to start a side project that has interactions between a mobile platform, specifically android, and PC. Ultimately though, I'd like to be able to put the game on Steam, which I realize is another story but that's not specifically what I am concerned about.

So, I would like to avoid having a server component to my game. The idea is that I can have players playing the game on PC, but use the mobile app while they are out in order to collect items and play mini games to "augment" the PC experience. The mobile side of things is, for one reason or another, going to be exclusive to Android.

So my concern right now is what I can use to sycnhronize my app with my pc client. Again, I'd like to avoid using a server for it since I'd rather not maintain something that's just going to be a bridge. It seems like there are APIs I could use like the Google Play Game Services but I have no experience with it going cross platform. The other issue is if I want to put my game on Steam, I don't really want to start maintaining the Google API AND the Steam API even if it is possible.

I may just be barking up the wrong tree... Anyone have any experience with transferring data from a Mobile app to a PC client? Should I just end up using a server? Are there any APIs available I can look into to help me get data across?

The only options I can think of are:

• Setting up your own server
• Renting a server
• Direct network connection between PC and Android to download current data
• Direct connection between PC and Android to transfer current data (like USB)
• Some sort of key/password system to transfer the data

One of the benefits of the server setup would be that they don't require both devices to be connected to each other (network/USB) and on at the same time. You could still use your server with Steam when you make that leap (at least I think you can).

Moving this from the "Coding Horrors" forum to the "Mobile & Console" forum, although it might be a good candidate for the networking forum as well.

Since you don't want to have an intermediate server, you will need to establish some sort of direct connection.

If you assume the devices are connected on the same local network, which is a fairly reasonable requirement for this sort of thing thanks to ubiquitous wifi, there are several options available.

You should include an option of direct IP address entry. This would help with power users and people who understand a bit about networking, as well as help with troubleshooting the hard cases.

Next, since we can assume the wifi connectivity is going to be part of a local network, you can use UDP broadcasts to find listening machines on the network. A few moments on Google searching for Java UDP broadcast brings up sites like this that cover the solution fairly well.

If you implement both, you can put one of the devices in "listen" mode, and then have the other device either connect directly by IP address or do a UDP broadcast scan. Either way it will hit the device that is listening, and that device can communicate back and complete the connection.


You will likely want to add some security and failsafe mechanisms to prove that both ends approve of the transfer, thus preventing someone from accidentally pulling the data from their tablet instead of their phone for example, or in an attack scenario, from a rogue co-worker stealing all the items from their peers.


And a final note, since the system is transmitting data between two unsecured and untrusted machines don't transfer anything with any real value. Any reasonably competent network programmer could monitor the connections and reverse engineer the protocol and keys to give themselves unlimited everything

Oh man. You know I was so concerned with thinking about large scale network communication I never even thought of things like just using a local network. I could actually just use JmDNS for something like this pretty easily as well.

The more I think about it, the more I think the right way to do this is with a Server, but in a pinch I think using local network discovery will be a good prototype. I can switch that up with a Server without too much effort if I want to invest money in this later.

Thanks for the advice guys!

And @Dragonsoulj Yeah, I definately could use a server with steam without issue. I'm not sure how exactly, but i'm sure Steam isn't running those MMO's servers for them so it's not entirely sandboxed.

Thanks again you two!

Following up on how easily it can be reversed... if you tie the collection of items to something like a Steam achievement that is actually quite valuable. Within a few days you would see two types of cheats:

1. Instant items cheat. This would be a simple little script that allows the game to connect and hands it 1000 items for free. No work required.

2. Denial/Steal items cheat. This would be a little more common on a corporate network or college campus, it would continuously broadcast the search for devices. When a device is detected it would automatically collect the items from the player. So an unsuspecting victim hits "listen" on the device, and by the time they hit "scan" on the other device the vandal's script has time to connect to it and reset whatever victories the player may have made.

You cannot do much to prevent the first one, but you should probably add a few steps to reduce the risk of the second.

I definately want to have some way of handling cheating. I know without a server to validate data, that's difficult, but I have some things in mind. I definately plan to have some kind of syn / ack / syncack between the mobile and PC so that the user knows that the pc client is requesting to transfer their stuff over, and it should display a random number so that both the pc and mobile can be sure this is the same device. The transfer will work similiar to a bluetooth connection.

The second thing I want to add is public private encryption to make it harder for a man in the middle attack to just listen in, figure out the protocol, and make their own item generator (or worse, if its too easy just send the same message they hear over and over again.). All challenges I have learned about, though I've never personally dealt with them. I'm always open to advice though :)

The second thing I want to add is public private encryption to make it harder for a man in the middle attack to just listen in, figure out the protocol, and make their own item generator (or worse, if its too easy just send the same message they hear over and over again.).

It won't help because they control both endpoints.

If you control and secure both endpoints, encrypted communications means the outside party does not know the details of the message (although they can infer quite a lot).

If an attacker controls the client endpoint they can attach the app to a debugger and watch the data before it is encrypted. They can fully understand your protocol and inject whatever data they want. They can attack you all day long using a legitimate session. The only thing they cannot do is modify data between other endpoints they don't control. (Example: bad guys can connect to banks and try to send bad data, but they cannot easily modify your connection with the bank.)

If an attacker controls the server endpoint, or an attacker controls both endpoints, they can do anything they want. In this scenario encryption does nothing except provide pebble in the shoe of the attacker, and a false sense of security in the victims.