如何保护在Android上的媒体内容(视频,音频)被保存/重新分配? [英] How to protect media content (video, audio) on Android from being saved/redistributed?
问题描述
什么机会有定期的应用程序开发人员(与我的意思是,你是不是一百万美元的内容制作公司或分销渠道商,但有规律的,小的应用程序开发公司),以确保视频/音频内容的应用程序被保存/分发。 我提到了常规开发,因为我在索尼已经增加了一些code部位进去,在DRM封装了Android核心code见过。假设我们是不是强大去跟谷歌将此类在其核心code。
是否有任何真正的安全的方式来保护视频/音频(作为一个应用程序的一部分)在Android上。
假设(纠正我,如果我错了):
- 设备可以扎根的用户,需要注意的是
- 检测设备是否是植根与否(在一个应用程序)是不是真的有可能在Android上,以超级用户基本上可以伪造设备的所有状态。
- 我们不能修改任何硬件或用户的系统(意思是:我们不与设备捆绑我们的应用产品,应用程序应该作为在App市场的一个常规的应用程序下载)
- 中的媒体文件/流可能是在本地设备上,或从服务器来远程,无论是确定
我已经研究这个话题颇有几分,用Google搜索了很多,经历了(希望)所有相关的问题在这里的话,我已经跟一个DRM提供商(这实在是很难取得联系作为一个小公司或自由开发人员,或者至少得到一些真实的相关资料,技术文件,详细说明)。
我看着DRM是一种方法,但安全通过隐匿似乎并没有成为一个很好的办法。此外,我还没有找到正规开发的任何资料或真正的解决方案/ API的。
公钥加密是另一种想法,但是在哪里存储私钥真的安全?此外,我认为在这种情况下,整个媒体框架&安培;播放机将需要被重写,以便通过一个安全的视频流给玩家。还是我看错了?
我想从其他有经验的开发一些意见的领域,因为它真的很难找到有关Android的任何地方的媒体内容保护信息。
更新:
在我的问题的情况下,我发现了这个问题,它的更新有趣:流的安卓的MediaPlayer
是否有任何真正的安全的方式来保护视频/音频(作为一个应用程序的一部分)在Android上。
如果用安全,你的意思是fullproof,则没有。请参见模拟孔。
检测设备是否是植根与否(在一个应用程序)是不是真的有可能在Android
也不可能在任何地方。宇宙的规律,不可能检测到这样的事情,(好吧,也许你可以利用量子物理学这一点,但即使如此,我不知道),你只能加code检测已知的技术,所有的这是微不足道的旁路。
公钥加密是另一种思路,但在哪里存储私钥真的安全?
有无处存放安全。想想看,你要加密的内容,给用户的密钥来解密它(这样他就可以观看),但是你不希望他能够解密(所以他不能复制)。这是一个矛盾。
您可以做的就是你的流上的用户从能够只截取并使用它来加密prevent最。然后模糊c表示德codeS /播放流$ C $。虽然通过实施你的风险引入更多的bug(和糟糕的业绩),使得合法用户的体验变差。如果决定不推出自己的困惑,并使用一些自动obfuscater产品已经可以通过一些大的公司,因为它已经被总破解,这将是一个人谁很难知道自己在做什么来破解你的产品在一个小极为容易多少时间。只要你的产品变成远程流行,一个人是要破解它并上传的所有视频,洪流,那么每个人都可以盗版产品没有做任何的工作。
What opportunities are there for regular app developers (with that I mean, you're not a million dollar content producing company or distribution channel provider, but a regular, small app development company) to secure video/audio content for the app from being saved/distributed. I mention the 'regular developer', because I had seen in the Android core code that Sony had added some code portions into it, in the DRM packages. Let's assume we're not that powerful to talk to Google to include such in their core code.
Are there any real secure ways to protect video/audio (as part of an app) on Android.
Assumptions (correct me if I'm wrong):
- devices could be rooted by the users, need to be aware of that
- detection whether a device is rooted or not (within an app) is not really possible on Android, as a super user can basically fake any state of the device.
- we cannot modify any hardware or the user's system (meaning: we don't bundle our app product with a device, the app should be available as a 'regular' app on the App Market for download)
- the media files/stream could be locally on the device or come remotely from a server, both is ok
I have researched this topic quite a bit, googled a lot, went through (hopefully) all related questions here on SO, I have talked to one DRM provider (which is really hard to get in touch with as a small company or freelance developer, or at least to get some real relevant information, technical docs and details).
I looked into DRM as one approach, but "security-by-obscurity" does not seem to be a very good way. Besides, I haven't found any information or real solutions/APIs for regular developers.
Public-key encryption was another idea, but where to store the private key really safely? Furthermore, I assume that in such case, the entire media framework & player would need to be rewritten, in order to pass a secure video stream to the player. Or am I mistaken?
I would like to get some opinions from other experienced developers in the field, as it's really hard to find information about media content protection for Android anywhere.
Update:
In the context of my question, I found this Question and it's update interesting: Streaming to the Android MediaPlayer
Are there any real secure ways to protect video/audio (as part of an app) on Android.
If by "secure", you mean "fullproof", then no. See Analog hole.
detection whether a device is rooted or not (within an app) is not really possible on Android
Nor is it possible anywhere. the laws of the universe make it impossible to detect such a thing, (okay, maybe you could exploit quantum physics for this, but even then I'm not sure) you can only add code to detect known techniques, all of which are trivial to bypass.
Public-key encryption was another idea, but where to store the private key really safely?
There is nowhere to store it safely. Think about it, you want to encrypt content and give the user the key to decrypt it (so he can watch it), but you don't want him to be able to decrypt it (so he can't copy it). This is a contradiction.
The most you can do is encrypt your stream to prevent the user from being able to just intercept it and use it. Then obfuscate the code that decodes/plays the stream. Though by implementing that you risk introducing more bugs (and worse performance), making the legitimate user's experience worse. If decide not to roll your own obfuscation, and use some automatic obfuscater product already available by some big company, it will already be generically cracked, and it will be extremely easy for someone who hardly knows what he's doing to crack your product in a small amount of time. As long as your product becomes remotely popular, one person is going to crack it and upload all the videos to torrent, then everyone will be able to pirate your product without doing any work.
这篇关于如何保护在Android上的媒体内容(视频,音频)被保存/重新分配?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
