Developer Console

DRM in Android Projects Using Unity

DRM, or more generally license verification, is used to address developer concerns around unauthorized copying and distribution of your app. When you implement DRM in your app, you ensure that only users who purchased your app can install it on the authorized device.

About DRM and license verification

Through the DRM API (which is already included in the Unity plugin), you can enforce license verification for your app. Any app that incorporates Amazon DRM will require users to have installed and signed into the Amazon Appstore client to access the app.

For example, suppose your app costs $2.99 in the Amazon Appstore for the Fire tablet version. After a user purchases your app and installs it on their Fire tablet, DRM authorizes the user to run the app on their Fire tablet device. Now suppose a hacker acquires the app you developed and tries to share it with others who haven't purchased your app (these users lack the necessary content licenses). DRM would prevent the app from running on these unauthorized devices.

What types of apps can use DRM

It is your choice whether (and how) to implement DRM. The importance of DRM depends on the type of app you have:

  • Paid apps: If your app is a paid app, include DRM to protect against unpaid access to your app. Paid apps refer to any apps that users must pay to download.
  • Free apps with in-app purchases: If your app is a free app that includes in-app purchases, and you only want to protect the IAP items, you do not need to include DRM because the IAP API already protects your IAP content. For example, suppose you have a free sports app that includes pay-per-view offers (in-app purchases) that users can buy within the app. If you have IAP items in your app, you don't need to also check for licenses or other authorization outside of Amazon's existing IAP functionality.
  • Free apps with no in-app purchase items: With free apps, there's not as strong a reason for checking whether users have "purchased" the app legitimately, since the app is free in the first place and downloads are unrestricted. But if you would like to limit access to authorized users, you can implement DRM.

License checking overview

The DRM API allows you to check whether the user is licensed for the content. The Appstore client will look for an appropriate content license in the app's local cache. If the license is found in the local cache, it will be returned in the response. (Hence even if a user is offline, the app will still run.) If the license does not exist in the cache, the Appstore client will call the Appstore to retrieve the content license.

You will need to use the DRM API to initiate the license checking and then apply logic to authorize or deny the user based on the status of the license returned by Amazon.

Additional DRM setup in Unity projects

To use DRM in your Unity app, you must update your manifest and declare both the IAP and DRM response receivers before creating your Android APK.

If you already have an Android manifest, add a new receiver under the application node. If your app targets Android 12 or higher, you must explicitly set android:exported to true in the MainActivity and ResponseReceiver as shown in the following example:

 <application>
 ...
    <activity android:label="@string/app_name" android:name="com.amazon.sample.drm.MainActivity" 
                android:exported="true">
        <intent-filter>
            <action android:name="android.intent.action.MAIN" />
            <category android:name="android.intent.category.LAUNCHER" />
        </intent-filter>
    </activity>

    <receiver android:name = "com.amazon.device.drm.ResponseReceiver" android:exported="true" 
                android:permission = "com.amazon.drm.Permission.NOTIFY" >
        <intent-filter>
            <action android:name = "com.amazon.drm.NOTIFY" />
        </intent-filter>
    </receiver>
 ...
 </application>

If you don't have an Android manifest, you can use the sample Android manifest in Assets/Plugins/Android.

  1. Rename IapSdkCptServiceSampleAndroidManifest.xml to AndroidManifest.xml.
  2. Add the following receiver under the application node. If your app targets Android 12 or higher, you must explicitly set android:exported to true in the MainActivity and ResponseReceiver as shown:

    <application>
    ...
        <activity android:label="@string/app_name" android:name="com.amazon.sample.drm.MainActivity" 
                  android:exported="true">
            <intent-filter>
                <action android:name="android.intent.action.MAIN" />
                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
        </activity>
    
        <receiver android:name = "com.amazon.device.drm.ResponseReceiver" android:exported="true" 
                  android:permission = "com.amazon.drm.Permission.NOTIFY" >
            <intent-filter>
                <action android:name = "com.amazon.drm.NOTIFY" />
            </intent-filter>
        </receiver>
    ...
    </application>
    
  3. Update the package, android:versionName, and android:versionCode attributes of the manifest node.

DRM in Appstore

Previously, when you uploaded Android APKs into the Amazon Appstore, you had the option to select Yes or No for "Apply Amazon DRM?" as shown in the following screenshot:

If you selected Yes, Amazon would add DRM to your app.

With the Appstore SDK Plugin for Unity, the Developer Console no longer displays this option. If you want to add DRM to your APK, use the DRM API (included in the Appstore SDK Plugin for Unity) to incorporate license checking in your app.

If you haven't upgraded to the Appstore SDK plugin for Unity, but use an older IAP SDK plugin (or aren't using IAP), the option to "Allow Amazon to Apply DRM?" appears after uploading your APK.

Warning messages

If you upload an APK that uses older Unity plugin versions, then you see the following warning:

If you upload an APK that uses the latest Unity plugin version without opting to use Amazon DRM, then you see this warning:

Using App Tester to test your DRM

To test out DRM on a device, you will need to install Amazon App Tester. Amazon App Tester is a tool (previously used only by IAP) to simulate authorization with the Appstore. Amazon App Tester is required to test the DRM functionality in your app.

During the beta period, you need to download and install the beta version of Amazon App Tester. Reach out to your Amazon business partner for details.

The beta version of Amazon App Tester provides a tab called "DRM API Response Settings" that allows you to simulate responses for different license statuses.

Install Amazon App Tester on your Fire device

When you're developing your app with DRM or IAP (both of which need to communicate with the Appstore), you test your app using an APK called Amazon App Tester. The Amazon App Tester app simulates the Amazon Appstore client. To set up Amazon App Tester:

  1. If you already have a production version of Amazon App Tester installed, first uninstall it. (Note that this app is different from Web App Tester.)
  2. In your terminal or command prompt, browse to the directory where you downloaded the beta version of the Amazon App Tester APK.
  3. Install the APK on your Fire device using adb:

    adb install -r amazon-app-tester.apk
    

    The -r parameter reinstalls the APK in case you already have App Tester installed.

  4. Open the Amazon App Tester app on your Fire device. To locate the installed app, see the following:

    • Fire tablets: Click the Games & Apps menu and then click Library. Next to Amazon App Tester, click Open. (If you don't see the app, check the Updates tab as well.)
    • Fire TV: Go to Settings and click Applications. Click Manage Installed Applications. Click Amazon App Tester, and then select Launch application.
  5. Click the Appstore SDK API's banner.
  6. Click DRM API Response Settings.

    If you don't see this DRM API Response Settings option, you aren't using the beta version of Amazon App Tester. Most likely you're interacting with the production version currently in the Appstore.

  7. Select the license status you want for the app. If you leave it at the "Default," the LICENSED status will be used.

    DRM API Response Settings
    DRM API Response Settings in App Tester

Enter sandbox mode

Sandbox mode constrains calls that would normally go to the Appstore client to route to the Amazon App Tester app instead. Use this mode only for testing locally.

  1. In the same terminal where you connected to your Fire device through ADB, enter sandbox mode:

    adb shell setprop debug.amazon.sandboxmode debug
    

    (Note that if you need to exit sandbox mode, run the following: adb shell setprop debug.amazon.sandboxmode none.)

    Every time you reconnect to your Fire device through ADB, you need to reinitiate sandbox mode.

Test license verification

To use Amazon App Tester and test the license verification for your app:

  1. Connect your computer to either a Fire TV or Fire tablet through ADB. See one of the following for details:

  2. Set your app in sandbox mode using the following command:

    adb shell setprop debug.amazon.sandboxmode debug
    

    Sandbox mode constrains calls that would normally go to the Appstore client to route to the Amazon App Tester app instead. Use this mode only for testing locally.

  3. Uninstall the production version of Amazon App Tester, and then download and open the beta version of Amazon App Tester on your Fire device.

  4. Open Amazon App Tester and go to Appstore SDK APIs > DRM API Response Settings > GetLicense API. You will see the several license options that you can set:

    DRM API Response Settings
    DRM API Response Settings in App Tester
  5. Run your Fire TV or tablet app that contains DRM. Amazon App Tester will simulate responses about the user's license status based on what you have selected in Amazon App Tester.

    To exit sandbox mode, run the following:

    adb shell setprop debug.amazon.sandboxmode none
    

For more details on using App Tester, see the App Tester documentation.

DRM in Unity Android projects FAQ

Do I have to use DRM if I sell my app through Amazon.com?
No, it is not required.
Do customers need to have internet access to use an Amazon DRM-enabled app?
No, after an app is installed, a user can use the app without having internet access, though the user will need to connect to the internet periodically.
How can you verify that the user has an entitlement to the app without Internet access?
During the installation process for an app, the Amazon Appstore client downloads a small token that grants the user the right to access the application. A valid token permits the user that purchased the app to access their app offline. The Amazon Appstore client will periodically communicate with Amazon servers to refresh the token.

Last updated: Sep 20, 2022