How to protect media content (video, audio) on Android from being saved/redistributed?

What opportunities are there for regular app developers (with that I mean, you're not a million dollar content producing company or distribution channel provider, but a regular, small app development company) to secure video/audio content for the app from being saved/distributed. I mention the 'regular developer', because I had seen in the Android core code that Sony had added some code portions into it, in the DRM packages. Let's assume we're not that powerful to talk to Google to include such in their core code.

Are there any real secure ways to protect video/audio (as part of an app) on Android.

Assumptions (correct me if I'm wrong):

• devices could be rooted by the users, need to be aware of that
• detection whether a device is rooted or not (within an app) is not really possible on Android, as a super user can basically fake any state of the device.
• we cannot modify any hardware or the user's system (meaning: we don't bundle our app product with a device, the app should be available as a 'regular' app on the App Market for download)
• the media files/stream could be locally on the device or come remotely from a server, both is ok

I have researched this topic quite a bit, googled a lot, went through (hopefully) all related questions here on SO, I have talked to one DRM provider (which is really hard to get in touch with as a small company or freelance developer, or at least to get some real relevant information, technical docs and details).

I looked into DRM as one approach, but "security-by-obscurity" does not seem to be a very good way. Besides, I haven't found any information or real solutions/APIs for regular developers.

Public-key encryption was another idea, but where to store the private key really safely? Furthermore, I assume that in such 开发者_开发技巧case, the entire media framework & player would need to be rewritten, in order to pass a secure video stream to the player. Or am I mistaken?

I would like to get some opinions from other experienced developers in the field, as it's really hard to find information about media content protection for Android anywhere.

Update:

In the context of my question, I found this Question and it's update interesting: Streaming to the Android MediaPlayer

---

Are there any real secure ways to protect video/audio (as part of an app) on Android.

If by "secure", you mean "fullproof", then no. See Analog hole.

detection whether a device is rooted or not (within an app) is not really possible on Android

Nor is it possible anywhere. the laws of the universe make it impossible to detect such a thing, (okay, maybe you could exploit quantum physics for this, but even then I'm not sure) you can only add code to detect known techniques, all of which are trivial to bypass.

Public-key encryption was another idea, but where to store the private key really safely?

There is nowhere to store it safely. Think about it, you want to encrypt content and give the user the key to decrypt it (so he can watch it), but you don't want him to be able to decrypt it (so he can't copy it). This is a contradiction.

The most you can do is encrypt your stream to prevent the user from being able to just intercept it and use it. Then obfuscate the code that decodes/plays the stream. Though by implementing that you risk introducing more bugs (and worse performance), making the legitimate user's experience worse. If decide not to roll your own obfuscation, and use some automatic obfuscater product already available by some big company, it will already be generically cracked, and it will be extremely easy for someone who hardly knows what he's doing to crack your product in a small amount of time. As long as your product becomes remotely popular, one person is going to crack it and upload all the videos to torrent, then everyone will be able to pirate your product without doing any work.

---

I don't think there is a solution to protect media content in apps from being ripped off. DRM is of course not suitable for regular developer. I don't see also why public key can help.