User created content allowed?

I want to include a function in my game which allows users to enter a path to download a .json file with enemy information for the game which they can edit themselves and then load this file into the game from inside the game by entering the path to the file in a textbox.

They also can enter a path to a .json map file which can be edited in the Tiled editor, so they can create their own maps for the game.

Now I wonder if this is allowed by Apple and Google? For Apple I have found this:

https://developer.apple.com/app-store/review/guidelines/#user-generated-content

The content for the game is just some spawn information for enemies without any text and coordinates for the map objects.

Users can share there uploaded links with each other but not directly publish them inside the game.

The maximal harm someone could do with the features is for example to design a map where the elements form some inappropriate text or image and share the link to his map with other people he knows or online somehow but not inside the game.

I think about a button so someone can send a link to his friends via email.

Does anybody have some experience with this kind of user created content?

Any help welcome!

User generated content is a really broad concept spanning from users being able to create simple maps to image sharing and social networks like Imgur, 9GAG or Facebook.

What you are describing is completely allowed, but you might want to include an in-app functionality for users to report offensive maps/paths. However, the more important issues here are that you must never trust any user provided data and the means that users generate those maps/paths may be tricky.

If the users can actually open the .json files and edit them directly, then you will run into lots of issues concerning invalid JSON strings and I don’t expect a lot of users to be able to “debug” them. Also, allowing the users to manually create maps in Tiled would mean that you’d have to provide them with the assets to do so. Then, for all of the correctly formatted .json files, you’d have to go through every bit of inserted data to know that they are supposed to be there to ensure that everything there is correct and there are no unknown values that would result in the app crashing, etc.

Thanks for the info.

The basic idea is to give users an enemy .json file and a map .json file, so they can modify them for their own use. But a textfield where you can enter a path to a user created file (files) then automatically allows a user to tell his friends he has created a new map, so the friend can use his uploaded file to play it.

The user created content is nothing which is automatically included in the app or available for all players.

But players who love to create content can build their own levels this way and are able to tell their friends and let them play also.

It doesn’t really sound all too convenient. When it comes to mobile apps, convenience is really the way to go.

For example, in one game that I’ve worked on, there is a built in tile map editor and users can also use it to upload and download levels from a database. Like in your case, nothing is downloaded automatically. Before a user can upload a level, they first have to complete it, so that the game can trust that the level is valid. Then, the level data is encrypted, decrypted and validated at both ends, i.e. game and server.

All of this is done in the background and the players can just press a button to upload or download and they’ll have a new level as fast as they can type the level’s ID in the game. Since we control the database, we can also remove inappropriate levels and/or users without anyone but the removed person even knowing.

If a user has to use external tools to modify the paths and maps in your game, and then share them with their friends using another set of external tools, it quickly becomes quite a daunting task and I would see only the most hardcore of your game’s player base using it. This isn’t to say that it is necessarily bad, this is just my personal opinion that most your users would probably leave it untouched. The easier it is to use, the more likely people are to use it.

Also, while technically the user generated content that ends up in any player’s game in both your case and mine would be 100% up to players themselves, Apple does have a history of overreacting and removing apps from their store even if the app developer had nothing to do with it, like in the case of Tumblr, although I don’t think that it is anything you need to worry about.

Thanks for the info!

One more thing: When uploading a file I have noticed when I enter not the complete path, but like for example stop with the website there still is a file uploaded (for example the index.html of the website) but not the correct one!

How can I make sure only the correct .json files are uploaded and players can NOT upload other files!?

How are you uploading the files? Sounds to me like you are allowing pretty open access to your server.

I personally always have a server side file, often written in PHP, that I send a network request to. First the server side script handles decryption, but once we get to the actual data, like level data in JSON format, the script simply loops through the entire file using my rules.

For instance, you wrote your code, so you know all of the entries that should be present in your JSON files and how the file itself is structured. Based on that knowledge, you’d need to write a function that checks for every expected entry and their value(s). If you encounter some entries or values that shouldn’t be there or are misspelled, etc., then you either ignore or fix the problem entries/values, or simply discard the file and possibly provide some event response back to Corona as to why the file was rejected.

So, the answer is: by just going through it all and making sure that everything is where it should be.

Thanks for your help!

User generated content is a really broad concept spanning from users being able to create simple maps to image sharing and social networks like Imgur, 9GAG or Facebook.

What you are describing is completely allowed, but you might want to include an in-app functionality for users to report offensive maps/paths. However, the more important issues here are that you must never trust any user provided data and the means that users generate those maps/paths may be tricky.

If the users can actually open the .json files and edit them directly, then you will run into lots of issues concerning invalid JSON strings and I don’t expect a lot of users to be able to “debug” them. Also, allowing the users to manually create maps in Tiled would mean that you’d have to provide them with the assets to do so. Then, for all of the correctly formatted .json files, you’d have to go through every bit of inserted data to know that they are supposed to be there to ensure that everything there is correct and there are no unknown values that would result in the app crashing, etc.

Thanks for the info.

The basic idea is to give users an enemy .json file and a map .json file, so they can modify them for their own use. But a textfield where you can enter a path to a user created file (files) then automatically allows a user to tell his friends he has created a new map, so the friend can use his uploaded file to play it.

The user created content is nothing which is automatically included in the app or available for all players.

But players who love to create content can build their own levels this way and are able to tell their friends and let them play also.

It doesn’t really sound all too convenient. When it comes to mobile apps, convenience is really the way to go.

For example, in one game that I’ve worked on, there is a built in tile map editor and users can also use it to upload and download levels from a database. Like in your case, nothing is downloaded automatically. Before a user can upload a level, they first have to complete it, so that the game can trust that the level is valid. Then, the level data is encrypted, decrypted and validated at both ends, i.e. game and server.

All of this is done in the background and the players can just press a button to upload or download and they’ll have a new level as fast as they can type the level’s ID in the game. Since we control the database, we can also remove inappropriate levels and/or users without anyone but the removed person even knowing.

If a user has to use external tools to modify the paths and maps in your game, and then share them with their friends using another set of external tools, it quickly becomes quite a daunting task and I would see only the most hardcore of your game’s player base using it. This isn’t to say that it is necessarily bad, this is just my personal opinion that most your users would probably leave it untouched. The easier it is to use, the more likely people are to use it.

Also, while technically the user generated content that ends up in any player’s game in both your case and mine would be 100% up to players themselves, Apple does have a history of overreacting and removing apps from their store even if the app developer had nothing to do with it, like in the case of Tumblr, although I don’t think that it is anything you need to worry about.

Thanks for the info!

One more thing: When uploading a file I have noticed when I enter not the complete path, but like for example stop with the website there still is a file uploaded (for example the index.html of the website) but not the correct one!

How can I make sure only the correct .json files are uploaded and players can NOT upload other files!?

How are you uploading the files? Sounds to me like you are allowing pretty open access to your server.

I personally always have a server side file, often written in PHP, that I send a network request to. First the server side script handles decryption, but once we get to the actual data, like level data in JSON format, the script simply loops through the entire file using my rules.

For instance, you wrote your code, so you know all of the entries that should be present in your JSON files and how the file itself is structured. Based on that knowledge, you’d need to write a function that checks for every expected entry and their value(s). If you encounter some entries or values that shouldn’t be there or are misspelled, etc., then you either ignore or fix the problem entries/values, or simply discard the file and possibly provide some event response back to Corona as to why the file was rejected.

So, the answer is: by just going through it all and making sure that everything is where it should be.

Thanks for your help!