Protect Your
VR Game.
At The Chip.

Yes — SCG works on any Android VR headset regardless of how your game is distributed. Sideloaded, dev builds, Meta Store, AppLab — all supported. No dependency on Google Play Services or Meta's platform SDK.

Decompiling the APK exposes the SDK's logic, but the security does not depend on that logic staying secret. Validation is gated on a hardware attestation certificate signed inside the device's TEE, and our backend verifies that certificate chains to the manufacturer's hardware root CA. An attacker with full APK access still cannot produce a certificate that passes this check without compromising the device's secure hardware — which on a locked, non-rooted headset is not something we have a known method for. Root or an unlocked bootloader changes that calculus, which is why we also run device-integrity and root detection and surface those signals to you.

Each device is identified by a hashed ID derived from hardware-backed values that a normal app can read. When you ban an ID and enable cross-game banning, that device is flagged in our shared database across SCG-protected games. Be aware of the honest limits: the underlying signals can change after a factory reset or certain OS updates, so we treat device identity as strong-but-not-absolute and are moving toward a multi-signal model to make it more resilient. We document this rather than pretend a non-privileged app can produce an unchangeable hardware serial.

SCG returns SCGResult.NO_CONNECTION — not a fail. Your game decides how to handle offline sessions. We recommend allowing limited offline play while flagging for re-validation on reconnect.

Most developers are integrated in under 30 minutes. Drop in the .unitypackage, enter your API key, add SCG.Validate() to your game start logic. The bridge handles everything else automatically before Unity even finishes loading.

The planned launch tiers are Starter, Growth, and Studio, billed monthly with no revenue cuts or per-validation fees. These prices are shown for transparency during the beta and are not yet open for purchase. They may change before public release.

No meaningful impact. The bridge runs a single async call at game start, typically completing in under 30ms. It runs before Unity finishes loading so players never notice it. The SDK adds roughly 180KB to your APK.

Not yet — SCG is in private beta and public accounts aren't open. Beta partners test against the live validation pipeline directly. When we launch, we'll document exactly how to trial the SDK before enforcing it in production.

SCG never bans on its own — it reports signals and you decide the action. That is the real protection against false positives. You can whitelist specific HWIDs, tune which checks count as a fail, and choose whether a failure is a soft warning or a hard block. We are an early-stage product running on a young platform, so we expect edge cases (OS updates, unusual hardware, reprovisioned devices) and we publish a documented appeal path so a flagged player is never left without recourse. Treat the automated result as input to your moderation, not a verdict.

Yes — SCG has a native Photon integration that runs server-side validation on join, meaning cheaters can't enter multiplayer rooms even if they bypass client-side checks. Other networking SDKs can integrate via our webhook endpoint or the result JWT returned to Unity.

SCG collects hardware identity signals (hashed device fingerprints, APK certificate data, TEE attestation results) and security scan results. No personally identifiable information is collected. Device data is hashed before transmission and never stored in plaintext. See our Privacy Policy for full details.