I have been developing an app which contains audios and now I want users to download those audio and can play only through my app. By doing this we can restrict user from copying audios from one device to another because of security concerns. I have searched a lot but only found DRM(Digiatal Right management) is used to restrict the user. As per early study Digital rights management (DRM) is a systematic approach to copyright protection for digital media.
But I am not able to find any real practical example of DRM nor there is any kind of documentation. I would really appreciate if somebody tell me how to start with such technologies.
Related
One of my client wants to develop an app which allows publisher to sell the eBooks.
Do anyone have any idea or experience of any DRM provider?
I did able to find following options for applying DRM:
Sony URMS - It's looks bit extensive and it is designed to work with old versions readium rendering engine. Moreover I am not sure about the support they will provide if we got stuck while development. I asked few questions to them, but yet to get any answer from them.
Sky Epub - Sky Epub looks good. But client is hesitant to use that since no big name behind that brand.
Readium LCP - It looks good, but it is open source. So we have to install, setup, configure and later maintain everything which will increase development cost. Initially, client would like to go with SaaS DRM provider.
Anyone have any idea about SkyEpub? Or any alternative DRM solution except Adobe?
Sony URMS support is discontinued and SkyEpub is from what I know a SDK, not a DRM technology (and certainly not interoperable if they provide an ebook protection).
Readium LCP is a (non-proprietary) distributed solution, so yes license providers have to install and maintain a server. But some Saas LCP provider are coming. Contact EDRLab if you want to keep in touch on this subject.
My organization (a video library) is looking into building an app version of our product, and I am very interested in using JavaScript-based framework, both to increase development time, lower costs, and take advantage of our in-house expertise in Angular. We are currently looking at Nativescript and Ionic 2/Cordova as possibilities. Both seem good, but we have one specific requirement, for which I haven't found any relevant information: Is it possible, using either of these frameworks, to download videos to a client's file storage and play them offline? Ideally, when downloaded, the files would be encrypted in such as a way as to prevent users from taking the files (they would be decrypted by the offline player)? I need to present some options for our executive team, so any information as to whether these frameworks can offer this functionality would be helpful.
i am working on an application like you tube in which i want to implement offline feature. Please suggest where i save the video file so that user can not access it outside from the application.
I had already did some R&D on this part and found that we can save the video in application private storage but i think only limited amount of data we can save in application private storage , so this approach is not beneficial in my case.
Then please suggest how can i achieve this in android ?
Thanks in advance.
I think from your description that you probably want to use DRM - this will not 'hide' where the video is stored but it will encrypt the video so that only someone with the right key can watch it.
There are a number of widely available DRM schemes - Widevine modular is one example that will support the offline behaviour you are looking for.
If you don't feel you need the features of a full DRM implementation you could just encrypt the video yourself and build a simpler mechanism to get the key to a valid user (this is essentially what DRM systems do, albeit with more techniques and tricks to keep the key safely secret)>
This may be ambitious, but in stackoverflow i trust...
I am wondering about the capabilities and possible road blocks would be for creating a turn based network capable game engine for the android platform, and would be played in a similiar fashion to games such as "Words with Friends" ect.
This engine would be tailored to a card game and would only require data packets sent between peers every time a player takes his/her turn. Game resources such as images and sounds may have to be downloaded from a central server and stored on the android device's temporary storage in order to reduce the amount of storage that the app would have to permanently have on the device.
Before I invest a lot of time into this project I figured I would ask some initial questions.
What limitations/roadblocks does a seed/turn based network game provide to a developer?
Is integrating an ingame microtransaction based shop using a service such as PayPal a possibility?
Will packets between peers need to be encrypted to prevent cheating?
How is it possible to validate clients from a central server to prevent piracy?
What is the best method for balancing lightweight storage/cpu requirements, while still having crystal clear graphics?
Is it a good idea to learn java seperately from using the android SDK, or just jump right in?
Thanks!
Networking adds complexity; see if you can make single player first
Yes, but frowned upon; Google prefers, and may some day insist, that you use their in-app feature.
Yes, if you substitute "discourage" for "prevent"
Login authentication for the networking to work is one way.
If the UI has 3D graphics, use OpenGL, otherwise, use Canvas or even HTML5
Jump
What opportunities are there for regular app developers (with that I mean, you're not a million dollar content producing company or distribution channel provider, but a regular, small app development company) to secure video/audio content for the app from being saved/distributed.
I mention the 'regular developer', because I had seen in the Android core code that Sony had added some code portions into it, in the DRM packages. Let's assume we're not that powerful to talk to Google to include such in their core code.
Are there any real secure ways to protect video/audio (as part of an app) on Android.
Assumptions (correct me if I'm wrong):
devices could be rooted by the users, need to be aware of that
detection whether a device is rooted or not (within an app) is not really possible on Android, as a super user can basically fake any state of the device.
we cannot modify any hardware or the user's system (meaning: we don't bundle our app product with a device, the app should be available as a 'regular' app on the App Market for download)
the media files/stream could be locally on the device or come remotely from a server, both is ok
I have researched this topic quite a bit, googled a lot, went through (hopefully) all related questions here on SO, I have talked to one DRM provider (which is really hard to get in touch with as a small company or freelance developer, or at least to get some real relevant information, technical docs and details).
I looked into DRM as one approach, but "security-by-obscurity" does not seem to be a very good way. Besides, I haven't found any information or real solutions/APIs for regular developers.
Public-key encryption was another idea, but where to store the private key really safely? Furthermore, I assume that in such case, the entire media framework & player would need to be rewritten, in order to pass a secure video stream to the player. Or am I mistaken?
I would like to get some opinions from other experienced developers in the field, as it's really hard to find information about media content protection for Android anywhere.
Update:
In the context of my question, I found this Question and it's update interesting: Streaming to the Android MediaPlayer
Are there any real secure ways to protect video/audio (as part of an app) on Android.
If by "secure", you mean "fullproof", then no. See Analog hole.
detection whether a device is rooted or not (within an app) is not really possible on Android
Nor is it possible anywhere. the laws of the universe make it impossible to detect such a thing, (okay, maybe you could exploit quantum physics for this, but even then I'm not sure) you can only add code to detect known techniques, all of which are trivial to bypass.
Public-key encryption was another idea, but where to store the private key really safely?
There is nowhere to store it safely. Think about it, you want to encrypt content and give the user the key to decrypt it (so he can watch it), but you don't want him to be able to decrypt it (so he can't copy it). This is a contradiction.
The most you can do is encrypt your stream to prevent the user from being able to just intercept it and use it. Then obfuscate the code that decodes/plays the stream. Though by implementing that you risk introducing more bugs (and worse performance), making the legitimate user's experience worse. If decide not to roll your own obfuscation, and use some automatic obfuscater product already available by some big company, it will already be generically cracked, and it will be extremely easy for someone who hardly knows what he's doing to crack your product in a small amount of time. As long as your product becomes remotely popular, one person is going to crack it and upload all the videos to torrent, then everyone will be able to pirate your product without doing any work.
I don't think there is a solution to protect media content in apps from being ripped off. DRM is of course not suitable for regular developer. I don't see also why public key can help.