question

Brian Rak avatar image
Brian Rak asked

Will Amazon DRM interefere with DexGuard tamper check?

Hello,

I've got an app currently in Google Play that I'd like to submit to the Amazon Appstore. I use DexGuard to obfuscate the app, and I include a tamper check (using a DexGuard-provided library) that subtly changes the behavior of the app if it is found to be tampered.

I have two questions about this:

First, if I use Amazon DRM, I understand that Amazon will wrap my binary in code that does the license check. However, will this modify my binary in a way that will cause my tamper check to fail?

Second, is there a way for me to install and test the final DRM-wrapped binary on a device before it is published to the Appstore?

Thanks in advance!

submission testing distributionfire phone
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Kevin@Amazon avatar image
Kevin@Amazon answered

Hi Brian,

I should point out that Amazon Appstore provides a zero effort DRM solution, you can learn more about this here: https://developer.amazon.com/post/Tx16GPJPAW8IKLC/Amazon-Appstore-Digital-Rights-Management-simplifies-life-for-developers-and-cus.html

Any developer is able to use an alternate DRM solution should their specific needs require it. However their implementation will be in addition to Amazon's DRM solution, and we are unable to provide any support surrounding this.

That all being said, the delta between DexGuard and ProGuard is not large, DexGuard just obfuscating everything. You would need to actually submit your app to determine if your implementation will work however. Testing a wrapped app (DRM) before it is published to the store is not yet available.

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Brian Rak avatar image
Brian Rak answered

Hello Kevin,

Thank you for the response. I was a little confused by this line in your reply:

>> the delta between DexGuard and ProGuard is not large

Where does ProGuard come into the picture here? Is it part of Amazon's treatment of the app?

Also, most of your reply seemed to assume that I would be using DexGuard **instead of** Amazon DRM, but that's not the case. I plan to use the Amazon DRM **on top of my DexGuard obfuscated app** because the two things accomplish different goals. I want to know if the application of Amazon DRM will present as tampering to my tamper check. Can you speak to that?

If I can't test install the Amazon DRM'd version of my app prior to it going live, is it okay to publish a small test app in some kind of sandbox environment that would allow me to confirm things?

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Kevin@Amazon avatar image
Kevin@Amazon answered

Hi Brian,

I referenced ProGuard as that is the most common obfuscation tool used by Android developers, and we document obfuscation guidance where appropriate in our API documentation. Although not part of our DRM or ingestion process we can speak to this specific tool and it will work just fine in our environment.

All apps downloaded from the Amazon AppStore are wrapped and will do a check with the Amazon App Client to see if the user owns the app or not. If the DRM radio button in the Developer Portal is set to 'YES' then the app will not run if the user does not own it, if DRM is set to 'NO' then the app will run regardless of if the user owns the app or not. You are free to use other DRM solutions, such as DexGuard, on top of ours. However, we do not support or guarantee it will work or not.

Currently, we do not yet have a limited release or ‘sandbox’ environment available for developers. The only way to determine if your specific implementation will ingest properly is to submit it. You will be notified through email on whether it passes our QA testing. You can also set a future availability date to prevent it from going LIVE if you are just looking to see if it passes testing.

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Amazon Customer avatar image
Amazon Customer answered

Hi Brian,

I'm using DexGuard too and it is no problem (anymore) to publish the app in Amazon app store.

But let me say, that DexGuard's tamper check will not work, since the original developer signature of the app will be replaced when Amazon's DRM is applied.

Personally I have disabled tamper checks in the Amazon version of my app, but added a lot more class & string encryptions of relevant and irrelevant classes and a lot of more calls by reflection in DexGuard's settings, so a hacker will see very, very ugly code.

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Brian Rak avatar image
Brian Rak answered

Thanks for the reply. I've marked your post as correct. I actually came here to post an email response I received from the developer of DexGuard who said exactly the same thing:

-- Amazon's DRM isn't compatible with tamper detection. When you upload your app, they unpack the apk, modify the bytecode, and repackage it. As far as the tamper detection code is concerned, this is tampering. --

Thanks also for verifying that DexGuard otherwise works properly for you, and for the suggestions of a little extra obfuscation in your Amazon version. Best wishes!

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.