I am developing an application where users can play simple games and earn points with each game. The application consists of starting and ending multiple activities and with each activity, a request is made to update the user information.
There are multiple requests to the server with this back-forward activity template, so I was thinking if I could save the points with SharedPreferences and make a single request at the best time.
My concern is: can someone mod the application and change its SharedPreferences points? Are there any vulnerabilities regarding SharedPreferences? I am afraid to start saving the user points in SharedPreferences and then someone cheats his points with some exploit.
Are there any vulnerabilities regarding SharedPreferences
Yes, if a user has a rooted device they can easily get the shared preferences file and update it.
What you could do is use EncrypedSharedPreferences to store the data but a good rule is if you don't want someone to potentially get access to something they shouldn't then you should not keep it on the device