DRM (digital rights management, or more generally license verification), is used to address developer concerns around unauthorized copying and distribution of your app. When you implement DRM in your app, you ensure that only users who purchased your app can install it on the authorized device.
About DRM and License Verification
Through the DRM API (which is included in the Appstore SDK), you can enforce license verification for your app. Any app that incorporates Amazon DRM will require users to have installed and signed into the Amazon Appstore client to access the app.
For example, suppose your app costs $2.99 in the Amazon Appstore for the Fire tablet version. After a user purchases your app and installs it on their Fire tablet, DRM authorizes the user to run the app on their Fire tablet device. Now suppose a hacker acquires the app you developed and tries to share it with others who haven't purchased your app (these users lack the necessary content licenses). DRM would prevent the app from running on these unauthorized devices.
What Types of Apps Can Use DRM
It is your choice whether (and how) to implement DRM. The importance of DRM depends on the type of app you have:
- Paid apps: If your app is a paid app, include DRM to protect against unpaid access to your app. Paid apps refer to any apps that users must pay to download.
- Free apps with in-app purchases: If your app is a free app that includes in-app purchases, and you only want to protect the IAP items, you do not need to include DRM because the IAP API already protects your IAP content. For example, suppose you have a free sports app that includes pay-per-view offers (in-app purchases) that users can buy within the app. If you have IAP items in your app, you don't need to also check for licenses or other authorization outside of Amazon's existing IAP functionality.
- Free apps with no in-app purchase items: If your app is a free app and has no in-app purchase items, you may not need to implement the Appstore SDK at all. With free apps, there's not as strong a reason for checking whether users have "purchased" the app legitimately, since the app is free in the first place and downloads are unrestricted. But if you would like to limit access to authorized users, you can implement DRM.
- Do I have to use Appstore SDK if I sell my app through Amazon.com?
- No, it is not required. When you submit your app, you can choose to offer your app DRM-free, manage your own DRM, or you can apply Amazon DRM.
- Do customers need to have internet access to use an Amazon DRM-enabled app?
- No, after an app is installed, a user can use the app without having internet access, but the user will need to connect to the internet periodically.
- How can you verify that the user has an entitlement to the app without Internet access?
- During the installation process for an app, the Amazon Appstore client downloads a small token that grants the user the right to access the application. A valid token permits the user that purchased the app to access their app offline. The Amazon Appstore client will periodically communicate with Amazon servers to refresh the token.
- I don't want to use the Appstore SDK, but I still want DRM for my app. Can I opt-in to the wrapper?
- You can only choose Amazon-provided DRM until a certain date. After that, any Android apps that need Amazon-managed DRM will need to integrate the Appstore SDK.
- I created my app using Fire App Builder. Do I need to incorporate the Appstore SDK and the DRM logic here?
- Yes, if you need DRM in your Fire App Builder app (because you have a paid app), you will need to add the Appstore SDK and DRM logic. Fire App Builder hasn't been updated with this logic out of the box.
Last updated: Oct 18, 2021