question

Hi BeBe, Thank you for writing to us. I think your understanding is not correct. Amazon DRM is no where connected with the certificate what is used for signing your binary. Whether DRM is enabled or not, the binaries are signed with a certificate. Now the certificate could be provided by Amazon or you may enable your app so that you can use your own certificate. The default signature applied to your app is a certificate supplied by Amazon that is unique to your developer account. If you want your app to be signed with your own certificate, you have to raise a ContactUS ( https://developer.amazon.com/help/contactus.html) and we would enable that provision in your app for you. Now I can see that your app has been always signing with Amazon certificate (because you have not sent any request to us to enable the provision so that you can sign your build) from the first version you submitted. Please note the signature you use to sign your app before your submit the app, that is always replaced by the Amazon's one. You could submit an unsigned binary as well. So you do not have to worry that as you disabled the DRM in the latest submission, your signature is gone now for that reason. For game circle, you need to place the api key of the security profile of your app in the asset. The api key you add in the asset is always replaced by the key which is finally associated with the final signature used by Amazon to sign your apk. So you should not need the keystore we use to sign your build. You should always use the api key associated with your debug certificate to test GameCircle/ADM in your app and submit. The api key associated with the release certificate stays with the apk (is not replaced by us) when you make your app self signing (signing by you, not Amazon) enabled by raising ContactUs. Now I would encourage you to enable DRM in the next version since the purpose of DRM is provide security in your app to prevent hacking. Below is the overview of the Amazon DRM: ------------------------------------------------------------- Amazon will apply the DRM for you if you choose to apply DRM to the app you submit to the Amazon Mobile App Distribution Program. There is no dev work involved on your end if you choose to apply our DRM. You will see a check box for this option during your app submission process. Customers who purchase an app will retain an entitlement to their app even if they decide to replace their current Android device and/or purchase new devices, as long as the new devices meet the installation requirements of the app. This provides insurance to customers that their purchased apps will be available for use on all supported devices, even if the customer has uninstalled or otherwise removed those apps in the past. The digital locker service combined with a robust Digital Rights Management (DRM) solution not only make managing apps easier for customers, they also address one of the biggest concerns developers have: unauthorized copying and distribution. An authorized user can now install your app on any of their supported devices; however, if you chose to apply DRM on your app at submission time, your app will not run on unauthorized devices. Any app that has Amazon DRM applied to it will require users to have installed and signed-in to the Amazon Apps client to access the app. When an app is accessed by the user, it will verify with the Amazon Apps device service as to whether the user has an entitlement to the app. If the user does not sign in or does not have an entitlement to that app, then the app will not be usable. However, any user can gain an entitlement by purchasing the app through Amazon. For each app that you submit to the Distribution Program, you can choose to apply DRM or make your app available without any rights management constraints. If you do choose to apply DRM to one of your apps, you must use the DRM system provided by Amazon through the Distribution Portal. Once an app is installed, a user can use the app without having internet access. During the installation process for an app, the Amazon Apps client downloads a small token that grants the user the right to access the application. A valid token permits the user that purchased the app to access their app offline. The Amazon Apps client will periodically communicate with Amazon servers to refresh the token. Here is a link to the blog post we published on the Amazon DRM: http://www.amazonappstoredev.com/2011/03/amazon-appstore-digital-rights-management-simplifies-life-for-developers-and-customers.html

Thank you for your answer. Meanwhile I also received an answer to my support ticket and that answered my questions. I managed to submit my app successfully. The problem was that it took me weeks to test the app and I forgot about the publishing misery: https://developer.amazon.com/sdk/gamecircle/documentation/submit.html I had to go to my security profile and connect it to my app one more time. I have to admit that your support is getting better, but your processes and APIs should be streamlined. And a note at publishing a GameCircle enabled app would be nice. Or even better do this automatically. And the certificate replacement should be also more transparent. And I still maintain that the API key shouldn't be stored in the app.