You can choose to either distribute your AssetBundles with your game or app, or they can be downloaded from remote servers by your game or app. In the latter case, when you download AssetBundles, it’s important to take precautions to prevent AssetBundle data corruption as well as attacks by malicious actors. A common cause of mysterious crashes on user devices comes from data corruption in downloaded AssetBundles. Such situations can cost a large amount of effort and time to diagnose and resolve. And, even though AssetBundles cannot contain executable code, changing serialized data could allow an attacker to exploit a vulnerability in the game code or the Unity runtime.
インターネットからアセットバンドルをダウンロードしてキャッシュするために UnityWebRequestAssetBundle を使用できます。これらのシステムを使用する際には、URL に HTTPS プロトコルを使用する必要があります。HTTP は安全ではなく、悪意のある中間者攻撃に対して脆弱です。
Unity provides the tools for you to use a checksum to determine that an AssetBundle is not corrupted or modified when downloading it. A 32-bit checksum is generated during the AssetBundle build process and recorded in the .manifest file and exposed by BuildPipeline.GetCRCForAssetBundle. When you use a CRC check, it ensures the AssetBundle data was not corrupted or tampered with after it was built. You must provide this CRC when downloading AssetBundles through UnityWebRequestAssetBundle.GetAssetBundle so that invalid AssetBundles content cannot make it into the cache. See AssetBundle compression and caching for additional details.
If you download or distribute AssetBundles yourself, and do not use the built-in AssetBundle Cache, then you should be sure to perform integrity checks prior to using any content that you have retrieved. One way to do that is to use the optional parameters on the AssetBundle Load APIs to pass in the expected CRC value. When provided, the loading system calculates the checksum of the uncompressed content of the AssetBundle before loading it. If the CRC of the AssetBundle does not match the provided CRC, the AssetBundle will not load. For AssetBundles compressed with LZ4 this can be costly because it forces the file to be fully decompressed into RAM. For LZMA compressed AssetBundles the load already forces a full content decompression, so performing the CRC check is not a significant additional cost. Overall it can be practical to avoid the cost of CRC calculations by performing the integrity check once, as the file is retrieved and stored on the device, rather than repeating it at each load.
Note: If you are using AssetBundle compression then you shouldn’t use other common hash algorithms (such as md5) to validate your AssetBundle files. This is because Unity sometimes recompresses your AssetBundles even if their contents didn’t change, which means the file content hash may change in cases when the contents of the file are actually still valid. In contrast, the CRC value for an AssetBundle is calculated from its uncompressed content, which remains constant even when the bundle is recompressed.
Note: the AssetBundle hash that a Unity build calculates and stores inside the .manifest is not a hash of the AssetBundle’s full file content. It can be used as a version value for the AssetBundle but is not suitable to use for file corruption detection.
他のプレイヤーに配信するコンテンツ (User Generated Content、ユーザー生成コンテンツ) をユーザーがアップロードすることを許可している場合、不適切または悪意のあるコンテンツがないか、このデータを確認するのは開発者の責任です。ユーザーにアセットバンドルのバイナリファイルのビルドとアップロードを許可することは推奨しません。望ましいのは、ユーザーにソースアセットをアップロードしてもらい、開発者がユーザーのためにアセットバンドルのバイナリファイルを作成することです。これにより、悪意のあるコンテンツや不適切なコンテンツを手動および自動でフィルタリングすることが容易になります。また、Unity のバージョンが上がっても、必要に応じてアセットバンドルを再作成することができます。