How to Play Encrypted Media With MediaPlayer on Android Devices

Learn to Encrypt Secured media files in Android apps, in mobile CI/CD with a Data-Driven DevSecOps™ build system.

Why does Android MediaPlayer Fail to Play Protected Media Files?

Android MediaPlayer runs on a separate process from the application. Like most Android services, MediaPlayer runs as a System Service, under System user (UID 0). When Appdome TOTALData^TM Encryption is enabled, all stored data generated by the app is encrypted at runtime by using industry-standard AES 256  encryption (including media files). This means that when MediaPlayer attempts to read the encrypted media files, it will fail to decrypt the files because it does not have the private key. While in principle the app developer can re-write the code to work with FileProvider (Android) and make it “aware” of the application’s encryption, this a technically challenging approach and in most cases, the application architecture does not allow using Content Providers. In other cases, the developer might not have access to the mobile app’s source code.

How does Appdome Enable Playing Protected Media Files?

Appdome Play Protected Media feature enables capturing initial access to an encrypted media file by the application and replacing it with a temporary one-time file path. This ensures that the media player can securely access unencrypted data. This feature applies secure media files and content handoff to external and embedded media players. This secured handoff is completed on-demand and while the data is in transit.

Play Protected Media allows you to use standard POSIX file I/O, without any extra development effort, as an extension of Appdome TOTALData^TM Encryption. When building the app on Appdome, developers can add a various features, SDKs, and APIs to Android apps and can choose any architecture and file I/O API.

Encrypting Secured media files on Android apps by Using Appdome

On Appdome, follow these 3 simple steps to create self-defending Android Apps that Encrypt Secured media files without an SDK or gateway:

1. Upload the Mobile App to Appdome.

   1. Upload an app to Appdome’s Mobile App Security Build System

   2. Upload Method: Appdome Console or DEV-API
   3. Android Formats: .apk or .aab

2. Build the feature: Smart Media Sharing.

   1. Building Smart Media Sharing by using Appdome’s DEV-API:

      1. Create and name the Fusion Set (security template) that will contain the Smart Media Sharing feature as shown below:
      

      Figure 1: Fusion Set that will contain the Smart Media Sharing feature
      Note: Naming the Fusion Set to correspond to the protection(s) selected is for illustration purposes only (not required).

      2. Follow the steps in Sections 2.2.1-2.2.2 of this article, Building the Smart Media Sharing feature via Appdome Console, to add the Smart Media Sharing feature to this Fusion Set.

      3. Open the Fusion Set Detail Summary by clicking the “...” symbol on the far-right corner of the Fusion Set, as shown in Figure 1 above, and get the Fusion Set ID from the Fusion Set Detail Summary (as shown below):

         Figure 2: Fusion Set Detail Summary
         Note: Annotating the Fusion Set to identify the protection(s) selected is optional only (not mandatory).

      4. Follow the instructions below to use the Fusion Set ID inside any standard mobile DevOps or CI/CD toolkit like Bitrise, App Center, Jenkins, Travis, Team City, Cirlce CI or other system:

         1. Build an API for the app – for instructions, see the tasks under Appdome API Reference Guide
         2. Look for sample APIs in Appdome’s GitHub Repository

   2. Building the Smart Media Sharing feature via Appdome Console

      To build the Smart Media Sharing protection by using Appdome Console, follow the instructions below.

      1. Where: Inside the Appdome Console, go to Build > Security Tab > TOTALData™ Encryption section
      2. How: Toggle (turn ON) Smart Media Sharing, as shown below.

         Figure 3: Encrypt Secured media files option

      3. When you select the Smart Media Sharing you'll notice that your Fusion Set you created in step 2.1.1 now bears the icon of the protection category that contains Smart Media Sharing

         

         Figure 4: Fusion Set that displays the newly added Smart Media Sharing protection

      4. Click Build My App at the bottom of the Build Workflow (shown in Figure 3).

   Congratulations!  The Smart Media Sharing protection is now added to the mobile app

3. Certify the Smart Media Sharing feature in Android Apps.

   After building Smart Media Sharing, Appdome generates a Certified Secure™ certificate to guarantee that the Smart Media Sharing protection has been added and is protecting the app. To verify that the Smart Media Sharing protection has been added to the mobile app, locate the protection in the Certified Secure™ certificate as shown below:

   Figure 5: Certified Secure™ certificate

   Each Certified Secure™ certificate provides DevOps and DevSecOps organizations the entire workflow summary, audit trail of each build, and proof of protection that Smart Media Sharing has been added to each Android app. Certified Secure provides instant and in-line DevSecOps compliance certification that Smart Media Sharing and other mobile app security features are in each build of the mobile app