i am working on an application like you tube in which i want to implement offline feature. Please suggest where i save the video file so that user can not access it outside from the application.
I had already did some R&D on this part and found that we can save the video in application private storage but i think only limited amount of data we can save in application private storage , so this approach is not beneficial in my case.
Then please suggest how can i achieve this in android ?
Thanks in advance.
I think from your description that you probably want to use DRM - this will not 'hide' where the video is stored but it will encrypt the video so that only someone with the right key can watch it.
There are a number of widely available DRM schemes - Widevine modular is one example that will support the offline behaviour you are looking for.
If you don't feel you need the features of a full DRM implementation you could just encrypt the video yourself and build a simpler mechanism to get the key to a valid user (this is essentially what DRM systems do, albeit with more techniques and tricks to keep the key safely secret)>
Related
What to achieve:
I need to support offline videos on android device just like Netflix and prohibiting its distribution using DRM support.
What I've done till now:
I've converted a sample video into m3u8 format using Shaka Packager. Used this link https://google.github.io/shakapackager/html/tutorials/widevine.html
Problem faced:
1. Is this enough for DRM protection?
2. I know i'll have to use Licensed Widevine Server, which I'm unable to find anywhere on how to get one. Please help me out on this.
3. I suppose for point 2 I have to store a secret key on server. This same key will be used on android device to enable the video player. I'm a little confused on how to setup this.
Thanks in advance!!
You probably want to use MPEG-DASH instead of HLS. Widevine doesn't support HLS as the packaging format, and MPEG-DASH is what pretty much all Widevine content is packaged as.
The shaka packager documentation has information on both how to package DASH and apply DRM.
In order for DRM to work, you will, as you mention, need a Widevine License Server. You have to options for this. Option 1 is to become a CWIP yourself, the other is to work with an existing CWIP. You are also correct that the key used to encrypt the content should be stored on the license server side. Some of the more popular providers might be DRMToday and BUY DRM.
When you have your content, and the license server, the last piece you need is a video player. For Android, the most popular player is ExoPlayer which is developed at least partially by Google. ExoPlayer has documentation on how to work with Widevine and has a downloader component.
I am new to mobile programming, and I am making an application which will play video files. I am trying Azure media service (AMS) with Xamarin Forms. I would like to know how to it works to have a file that will play with Widevine on android and Fairplay on IOS.
I need explanations!
Thanks in advance!
The implementation on the client side for those different DRM's is about as different as you can imagine. Xamarin.Forms does not out of the box provide a component that can handle the DRM specific methods. You will likely need to create platform specific plugins for that or find a ready-made component for that - although in my search i haven't found that. The closest is a cross platform video player such as https://github.com/adamfisher/Xamarin.Forms.VideoPlayer
Also, you are not likely to get a file to play, it will likely be a stream with different manifests for the two platforms. Azure Media Services however can do that on the fly from a set of MP4's. So it might look like MP4's but what is actually served to the client is a video manifest file.
There is no library/component in Xamarin that allows you to handle multiple DRM schemes. Your best option is to use platform libraries wrapped, to be able to consume DRM content. I would check out the Inside Secure DRM solution, that allows the playback of the DRM Schemes that you listed.
I have been developing an app which contains audios and now I want users to download those audio and can play only through my app. By doing this we can restrict user from copying audios from one device to another because of security concerns. I have searched a lot but only found DRM(Digiatal Right management) is used to restrict the user. As per early study Digital rights management (DRM) is a systematic approach to copyright protection for digital media.
But I am not able to find any real practical example of DRM nor there is any kind of documentation. I would really appreciate if somebody tell me how to start with such technologies.
I want to store some sensitive data in Android app.
I know I am able to store it in SharedPreference or put the data in sqlite. But if the user roots the app, then he will be able to get the data.
I also know that I could encrypt the data and store it in the same places.
But, I do want to know if Android by default has some mechanism like that of iOS using keychain and store it in keychain.
I am not sure if somebody asked the same question. If yes please redirect me
There is a library made by Duncan which you can find on GitHub (JNCryptor) and should be useful for you. This is compatible with the RNCryptor project for iOS.
This may work for you on Android, or at least you can see how the code works and adapt it as necessary.
Take a look to this question (Where I found the library) which is not the same as you're asking, but could help.
I think that a good idea is to use the Android Keystore to "secure" store your key and then use it to encrypt/decrypt your data.
It's always better to find a solution inside the Android framework without use a library for everything.
See this link for more infos.
If you want to use more sofisticated and "secure" way to encrypt/decrypt data you could think to store on a remote server your keys, but this depend on your application does.
UPDATE
NOTE you can secure store your data only using secure elements such as SIM card (see this). You can even use the TEE technology which is something more secure than filesystem but less secure than SIM to store secure object on your device. This technology is not available on all the devices.
What opportunities are there for regular app developers (with that I mean, you're not a million dollar content producing company or distribution channel provider, but a regular, small app development company) to secure video/audio content for the app from being saved/distributed.
I mention the 'regular developer', because I had seen in the Android core code that Sony had added some code portions into it, in the DRM packages. Let's assume we're not that powerful to talk to Google to include such in their core code.
Are there any real secure ways to protect video/audio (as part of an app) on Android.
Assumptions (correct me if I'm wrong):
devices could be rooted by the users, need to be aware of that
detection whether a device is rooted or not (within an app) is not really possible on Android, as a super user can basically fake any state of the device.
we cannot modify any hardware or the user's system (meaning: we don't bundle our app product with a device, the app should be available as a 'regular' app on the App Market for download)
the media files/stream could be locally on the device or come remotely from a server, both is ok
I have researched this topic quite a bit, googled a lot, went through (hopefully) all related questions here on SO, I have talked to one DRM provider (which is really hard to get in touch with as a small company or freelance developer, or at least to get some real relevant information, technical docs and details).
I looked into DRM as one approach, but "security-by-obscurity" does not seem to be a very good way. Besides, I haven't found any information or real solutions/APIs for regular developers.
Public-key encryption was another idea, but where to store the private key really safely? Furthermore, I assume that in such case, the entire media framework & player would need to be rewritten, in order to pass a secure video stream to the player. Or am I mistaken?
I would like to get some opinions from other experienced developers in the field, as it's really hard to find information about media content protection for Android anywhere.
Update:
In the context of my question, I found this Question and it's update interesting: Streaming to the Android MediaPlayer
Are there any real secure ways to protect video/audio (as part of an app) on Android.
If by "secure", you mean "fullproof", then no. See Analog hole.
detection whether a device is rooted or not (within an app) is not really possible on Android
Nor is it possible anywhere. the laws of the universe make it impossible to detect such a thing, (okay, maybe you could exploit quantum physics for this, but even then I'm not sure) you can only add code to detect known techniques, all of which are trivial to bypass.
Public-key encryption was another idea, but where to store the private key really safely?
There is nowhere to store it safely. Think about it, you want to encrypt content and give the user the key to decrypt it (so he can watch it), but you don't want him to be able to decrypt it (so he can't copy it). This is a contradiction.
The most you can do is encrypt your stream to prevent the user from being able to just intercept it and use it. Then obfuscate the code that decodes/plays the stream. Though by implementing that you risk introducing more bugs (and worse performance), making the legitimate user's experience worse. If decide not to roll your own obfuscation, and use some automatic obfuscater product already available by some big company, it will already be generically cracked, and it will be extremely easy for someone who hardly knows what he's doing to crack your product in a small amount of time. As long as your product becomes remotely popular, one person is going to crack it and upload all the videos to torrent, then everyone will be able to pirate your product without doing any work.
I don't think there is a solution to protect media content in apps from being ripped off. DRM is of course not suitable for regular developer. I don't see also why public key can help.