Developer Console
Merci de votre visite. Cette page est disponible en anglais uniquement.

DRM for Android

DRM (digital rights management, or more generally license verification), is used to address developer concerns around unauthorized copying and distribution of your app. When you implement DRM in your app, you ensure that only users who purchased your app can install it on the authorized device.

License Checking Overview

The DRM API allows you to check whether the user is licensed for the content. The Appstore client looks for an appropriate content license in the app's local cache. If the license is found in the local cache, it will be returned in the response. (Hence even if a user is offline, the app will still run.) If the license does not exist in the cache, the Appstore client will call the Appstore to retrieve the content license.

You will need to use the DRM API to initiate the license checking and then apply logic to authorize or deny the user based on the status of the license returned by Amazon.

DRM in Appstore SDK

In previous versions, when you uploaded Android APKs into the Amazon Appstore, you had the option to select Yes or No for "Apply Amazon DRM?" on the APK Files tab, as shown in the following screenshot:

If you selected Yes, the Appstore would wrap your APK with code allowing Amazon to enforce DRM for your app.

With the new Appstore SDK, Amazon no longer adds this wrapper around your APK after you submit it. This question is completely removed from the developer console; if you want to integrate the latest version of the Appstore SDK with your APK, then you can use the DRM libraries which are already present. If you use older Appstore SDK versions, you cannot use DRM functionality and, consequently, this value will be defaulted to No.

Warning Messages

If you upload an APK that uses an older Appstore SDK version or no SDK at all, then you will see the following warning:

DRM Sample App

A DRM sample app and tutorial is available showing the DRM API code in a simple integration.

Implement DRM in Your App

To implement DRM in your app, do the following:

  1. Follow the instructions in Steps to Integrate the Appstore SDK to add the Appstore SDK into your Android project.
  2. Initiate the license verification by calling verifyLicense(). This method is exposed in the LicensingService class. It takes two parameters as input:

    • ApplicationContext
    • Your implementation of LicensingListener

    When your application launches, initiate license verification. You can initiate the license verification with either of the following methods:

    • onCreate() method of your MainActivity
    • onCreate() of a custom implementation of the Application class

    Here's an example:

    LicensingService.verifyLicense(this.getApplicationContext(), new LicensingCallback());
  3. Implement LicensingListener.

    LicensingListener defines a single method: onLicenseCommandResponse(final LicenseResponse licenseResponse). This method is called by the Appstore SDK after it receives the result of the verifyLicense call from Amazon Appstore. LicenseResponse will contain the status of verifyLicense call. The response will contain one of the following statuses:


    For descriptions about each status and the reasons, see License Statuses.

    A basic implementation of LicensingListener interface is as follows. (This code merely logs the returned status of the license.)

    public class LicensingCallback implements {
      public void onLicenseCommandResponse(final LicenseResponse licenseResponse) {
             final LicenseResponse.RequestStatus status = licenseResponse.getRequestStatus();
             Log.d(TAG, "onLicenseCommandResponse: RequestStatus (" + status + ")");
             switch (status) {
                   case LICENSED:
                        Log.d(TAG, "onLicenseCommandResponse: LICENSED");
                   case NOT_LICENSED:
                         Log.d(TAG, "onLicenseCommandResponse: NOT_LICENSED");
                   case ERROR_VERIFICATION:
                         Log.d(TAG, "onLicenseCommandResponse: ERROR_VERIFICATION");
                   case ERROR_INVALID_LICENSING_KEYS:
                         Log.d(TAG, "onLicenseCommandResponse: ERROR_INVALID_LICENSING_KEYS");
                   case EXPIRED:
                         Log.d(TAG, "onLicenseCommandResponse: EXPIRED");
                   case UNKNOWN_ERROR:
                         Log.d(TAG, "onLicenseCommandResponse: ERROR");
    } } }

License Statuses

When you call verifyLicense(), the licensing service sends back one of the license statuses defined in the following table.

License Status Description
LICENSED The user has a valid license.
NOT_LICENSED The user does not have a valid license. He or she is not entitled to use the application.
ERROR_VERIFICATION There was an error in trying to verify the license. Reasons for the verification error might be due to the following:
  • Amazon was not able to validate the metadata of the app (such as the checksum, signature, package name, etc).
  • The license received by the "Appstore SDK" (or potentially a fake masquerading as such) has been tampered with during transit.
ERROR_INVALID_LICENSING_KEYS The user has license keys but they are not valid. Reasons for the invalid licensing keys might be due to the following:
  • You did not add the public key to your app, or you added it to the incorrect folder.
  • The public key you added does not match the corresponding private key that is with Amazon.

The user's license has expired and the user's current license is now not valid. A license is valid for 60 days. After 30 days, the Appstore tries to renew the license every 24 hours.

If the user if offline for more than 60 days, the Appstore will be unable to renew the license before it expires. If the license expires, the app will no longer launch for the customer.

Other reasons for expired licenses might be due to the following:

  • The customer might have requested cancellation of his or her order.
  • The Appstore fulfilled the customer's order optimistically (before the payment transaction was finalized), but later the charge failed so the license was revoked.

UNKNOWN_ERROR This status indicates an internal error at Amazon's end.

DRM Library Obfuscation

Most of the Appstore SDK library is already obfuscated (before it was packaged into a JAR). However, some developer-facing classes are not obfuscated. The following DRM library classes are not obfuscated:

  • LicensingListener
  • LicensingService
  • LicenseResponse
  • RequestId

If you want to keep these classes from being obfuscated, add the appropriate references in your ProGuard file to exclude them (assuming you're using ProGuard to obfuscate your code).

Last updated: Oct 18, 2021