So I am making a non-realtime mobile multiplayer game that cheating would be rather simple to achieve and would ruin the experience for others. The way I have it set up for now is, the Server handles all of the currencies, inventory and all the stuff player owns, nothing is saved locally. But I am scared about the actual files of the game, how difficult would it be to change the hardcoded item damage values for examples and such? I'll go with an authoritative approach to most of the aspects of the game but I don't really wanna do everything server side. So to put it more concisely these are my questions:
1) What can I entrust to the client to send to the server? (Using RPC)
eg. Can I send rewards from battles to the server to save or should I also calculate and send that to the client from the server?
2) How safe are my spell damage values, health values and etc... that are a part of the actual code/ resources and such?
3) Can I somehow verify that the game hasn't been tampered with, that the files are same as the original .APK?
4) Are there any tools/ tricks/ tips that can be useful to use to address this issue? I don't mind challenges and I'd like to try anything to achieve safety to some extent. I assume there are options for this as there are plenty of mobile games/ applications that would suffer from tempering with the files and such.
1.1) Adding to the first question, can I do reward/ slot machine calculations in the client and send the values to the server to add the rewards? Where would that chain be intercepted? When sending the values or while generating them?
Thank you for your time! Idk if I was clear enough, please ask me to expand upon something if needed.