如何保护 Android 上的媒体内容(视频、音频)不被保存/重新分发?
对于普通应用程序开发人员(我的意思是,您不是价值百万美元的内容制作公司或分发渠道提供商,而是一家普通的小型应用程序开发公司)有哪些机会来保护应用程序的视频/音频内容不被保存/分布式。 我提到“常规开发人员”,因为我在 Android 核心代码中看到索尼在 DRM 包中添加了一些代码部分。假设我们没有那么强大的能力来与谷歌交谈以将其包含在他们的核心代码中。
有没有真正安全的方法来保护 Android 上的视频/音频(作为应用程序的一部分)。
假设(如果我错了,请纠正我):
- 设备可以由用户获取 root 权限,需要注意的是,
- 在 Android 上检测设备是否已获取 root 权限(在应用程序内)实际上是不可能的,因为超级用户可以基本上伪造设备的任何状态。
- 我们无法修改任何硬件或用户的系统(意味着:我们不会将我们的应用程序产品与设备捆绑在一起,该应用程序应该作为“常规”应用程序在应用程序市场上提供下载)
- 媒体文件/流可以在本地在设备上或从服务器远程访问,两者都可以,
我已经对这个主题进行了相当多的研究,谷歌搜索了很多,(希望)在这里解决了所有相关问题,我已经与一个 DRM 提供商交谈过(这真的很难取得联系作为小公司或自由开发人员,或者至少获得一些真实的相关信息、技术文档和详细信息)。
我将 DRM 作为一种方法进行研究,但“默默无闻的安全性”似乎并不是一个很好的方法。此外,我还没有找到任何适合普通开发人员的信息或真正的解决方案/API。
公钥加密是另一个想法,但是在哪里真正安全地存储私钥呢?此外,我假设在这种情况下,整个媒体框架和播放器需要重写,以便将安全视频流传递给播放器。还是我错了?
我想从该领域其他经验丰富的开发人员那里获得一些意见,因为很难在任何地方找到有关 Android 媒体内容保护的信息。
更新:
在我的问题中,我发现这个问题并且它的更新很有趣: 流式传输到 Android媒体播放器
What opportunities are there for regular app developers (with that I mean, you're not a million dollar content producing company or distribution channel provider, but a regular, small app development company) to secure video/audio content for the app from being saved/distributed.
I mention the 'regular developer', because I had seen in the Android core code that Sony had added some code portions into it, in the DRM packages. Let's assume we're not that powerful to talk to Google to include such in their core code.
Are there any real secure ways to protect video/audio (as part of an app) on Android.
Assumptions (correct me if I'm wrong):
- devices could be rooted by the users, need to be aware of that
- detection whether a device is rooted or not (within an app) is not really possible on Android, as a super user can basically fake any state of the device.
- we cannot modify any hardware or the user's system (meaning: we don't bundle our app product with a device, the app should be available as a 'regular' app on the App Market for download)
- the media files/stream could be locally on the device or come remotely from a server, both is ok
I have researched this topic quite a bit, googled a lot, went through (hopefully) all related questions here on SO, I have talked to one DRM provider (which is really hard to get in touch with as a small company or freelance developer, or at least to get some real relevant information, technical docs and details).
I looked into DRM as one approach, but "security-by-obscurity" does not seem to be a very good way. Besides, I haven't found any information or real solutions/APIs for regular developers.
Public-key encryption was another idea, but where to store the private key really safely? Furthermore, I assume that in such case, the entire media framework & player would need to be rewritten, in order to pass a secure video stream to the player. Or am I mistaken?
I would like to get some opinions from other experienced developers in the field, as it's really hard to find information about media content protection for Android anywhere.
Update:
In the context of my question, I found this Question and it's update interesting: Streaming to the Android MediaPlayer
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果“安全”是指“完全证明”,那么就不行。请参阅模拟孔。
,在任何地方也不可能。宇宙法则使得不可能检测到这样的东西,(好吧,也许你可以利用量子物理学来实现这一点,但即便如此我也不确定)你只能添加代码来检测已知的技术,所有这些都是微不足道的绕过。
没有地方可以安全地存放它。想想看,您想要加密内容并为用户提供解密密钥(以便他可以观看它),但您不希望他能够解密它(因此他无法复制它)。这是一个矛盾。
您最多可以做的就是加密您的流,以防止用户能够拦截并使用它。然后混淆解码/播放流的代码。不过,通过实现这一点,您可能会引入更多错误(以及更差的性能),从而使合法用户的体验更差。如果决定不进行自己的混淆,并使用一些大公司已经提供的自动混淆器产品,那么它已经被普遍破解,并且对于几乎不知道自己在做什么的人来说,在很小的时间内破解你的产品将是非常容易的。时间量。只要你的产品变得非常流行,有人会破解它并将所有视频上传到 torrent,那么每个人都可以不费吹灰之力地盗版你的产品。
If by "secure", you mean "fullproof", then no. See Analog hole.
Nor is it possible anywhere. the laws of the universe make it impossible to detect such a thing, (okay, maybe you could exploit quantum physics for this, but even then I'm not sure) you can only add code to detect known techniques, all of which are trivial to bypass.
There is nowhere to store it safely. Think about it, you want to encrypt content and give the user the key to decrypt it (so he can watch it), but you don't want him to be able to decrypt it (so he can't copy it). This is a contradiction.
The most you can do is encrypt your stream to prevent the user from being able to just intercept it and use it. Then obfuscate the code that decodes/plays the stream. Though by implementing that you risk introducing more bugs (and worse performance), making the legitimate user's experience worse. If decide not to roll your own obfuscation, and use some automatic obfuscater product already available by some big company, it will already be generically cracked, and it will be extremely easy for someone who hardly knows what he's doing to crack your product in a small amount of time. As long as your product becomes remotely popular, one person is going to crack it and upload all the videos to torrent, then everyone will be able to pirate your product without doing any work.
我认为没有解决方案可以保护应用程序中的媒体内容不被盗用。 DRM当然不适合普通开发者。我也不明白为什么公钥有帮助。
I don't think there is a solution to protect media content in apps from being ripped off. DRM is of course not suitable for regular developer. I don't see also why public key can help.