Head Digital Works

Photon + Unity is a Game Killer (literally)

Before that developer community of Photon or Unity attack my blog & write those unparliamentary adjectives in comment section, let me clear it-out first that Photon is a Great Tool, Unity is even Greater, however Photon + Unity is harming first time players more than it is helping new Game Developers to set-up a new game & earn some money out of it. We are going to discuss the details at length. Before that I would like to give a very brief introduction of both of these technology.


We are going to talk about Photon Realtime in this blog which is a most famous product of Photon used across globe. It is a network communication layer which uses web-socket in it’s core. Multiple clients can connect to server & communicate to each other using some pre-defined protocols. Based on protocols received, client has to act accordingly. That’s how multiplayer game will work.

For example think it as Whatsapp Group Chat. Where 4 users connect to one room, where that room will have it’s own characteristics. Consider those 4 users are A, B,C,D.

A says to do Drink Water. B,C,D will read it & will Drink Water. Along with it B,C,D will also acknowledge that all of them drunk water.

Next is B’s turn & so on & so forth.
That’s how multiplayer game will work.
If you need more information on Photon visit to this page.

UNITY (Game Engine)

Unity is a cross platform game engine. It can be used to create 2D & 3D games & rich user experience games as well frontend designs.

Unity uses C# script as base language for scripting & supported across multiple OS & platforms.

If you need more information on Unity visit to this page.

THE MARRIAGE (Unity + Photon)

Now think yourself is a enthusiastic Individual game developer who is learning to build games using Unity. You have figured out that you want to build “Carrom Game” on unity. Unfortunately you only can create just single player game as you do not have any server side expertise.

You came across one nice Article of Photon & you realised that I can build the Game without any server or server side code expertise. All I have to do is to connect to one Photon server create one room & ask 2 players to join that room. Player1 will pass the instructions & information, Player2 will listen, acknowledge & act on it. When Player2 instruct & inform, Player1 will listen, acknowledge & act on it.

Whosoever will pot all the coins first will inform other player & that is how we will decide the winner.

It’s simple. You can publish this application. Ask users to play with real money, take your rake & become rich.

I wish it could be that simple.


There are several problems in this marriage & the biggest one is one player is deciding & instructing on behalf of second player.

Let’s take same carrom game example again.

Player1 is potting White coins & Player2 is potting Black coins. Until unless player1 doesn’t say that I have potted coin & inform to other player, there is no way other player can know it.

If you design a hack & say if player1 whose username is johndoe playing with player2 (who can be anyone), whenever johndoe pot 1 coin, inform to other player that johndoe potted 2 coins & update the UI accordingly.

Just because Player2 is completely dependent on Player1’s information & instructions, can not use it’s own brain & fell down in that trap.

The second problem is Photon Realtime can not take any decision by it’s own & it is just a communicator between Unity Clients.


Unity is just a bit easier to hack because it uses IL code which can be reverted back to C# even when obfuscated. You need to protect your multiplayer code as any other engine would need. If you auth everything on server it will probably be a clunky experience. You need to find a good middle-way.

It’s very usual to get those man in the middle attacks on Unity scripts. There are already several videos on youtube & tons of article written on how to hack unity games.

Not only that but this vulnerability tends towards network hacks. If hacker can read the scripts, hacker can get a lot of information of Photon server connection or for that matter any server API KEY.


Gaming Start-ups are very keen on time to market. They want something very fast to be developed & launch in market. Mostly these start-ups chooses Unity + Photon path OR under pressure developers suggest this path. This can be enabler to setup the path but it is very important at the beginning which part choose for longer run (based on how much fuel you have).

The real problem arrives when nube players start complaining about the fraud & in-absence of proper analytics these start-ups unable to figure out how to stop it. Assume that even they figure it out & stop using Unity + Photon but in this process they not only loose the players but sometimes Gaming Industry also looses customers as their real money is on stake & due to experience they got during infancy. It affects the acquisition rate.

Seasoned gaming user are patient & they wait for new update to come, however it affects the retention rate.

Ultimately it’s a loss for industry.


The real solution is to use proper server written scripts in any language which can calculate & verify game business logic. It can also identify any abnormal activity in scripts using tokenised requests & act upon it.

Other solution is to use paid version of Photon where you can write your own business logic functions for validations & use it in your application with unity scripts, it may not serve the purpose but it will give you initial cushion to bear the shock.

That’s it for now. Let me know in comment box if you need to know more about the solutions & how to implement the solution for fraud detection & cure it.

Thanks for Reading 🙂
Written by Gaurav Govilkar