Exposed App ID

Hi all, I'm helping out with some development for a game built in WebGL on Unity 2021 LTS, whilst realizing that a webhook URL is exposed in the Browser's Inspector, I also noticed that the PUN App ID is also freely available to see by anyone :/

Is there any known ways to be able to hide this?


  • Meep
    Meep ✭✭

    No. The AppID is part of the initialization request to Photon so encryption is not established at that stage. On self-hosted Photon this would be possible, but at that point you don't even need an AppID to begin with.

    Protect your game with authentication and webhooks instead of security by obscurity if possible. However, if you are looking to hide some of your data from potential attackers, know that AppVersion is consistently more difficult than AppID to obtain since it's sent during the authentication operation (always encrypted). If you make sure to conceal this value until the last moment where it's sent, you could artificially separate the hackers from the real player base for a while.