Hacker News new | comments | show | ask | jobs | submit login

The tokens would be signed with an expiration, so if they backed up to a time when they had a valid "access" token, the verification would fail (assuming the device has an internal chronometer that the user can't modify). If they were to lend the game to a friend, then back up to a time before they lent the game, there could be a problem.

So it'd be up to the backup software with access to the sensitive storage being smart enough not to cause that problem. Alternatively, backups and restores could require an internet connection.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact