Wanted to check is there any API provided by Android which can be used to store DRM keys securely.
We are using OfflineLicenseHelper to download DRM keys for offline usage of drm media asset. But we are concerned on how to store the keys securely.
Any pointers will be greatly appreciated.
Assuming you are using a standard DRM solution, mostly likely Widevine if it is on Android, then you don't need to worry about storing the keys securely yourself as this is part of the functionality that the DRM system provides.
The DRM system will securely store the keys and provide them to the secure media path in the device when you request playback.
Related
Recently I received this Alert in the Google Play Console
Your app contains exposed Google Cloud Platform (GCP) API keys
I am using the YouTubeApi Player, and I believe the only why you can initialize it is using this line of code
youTubePlayer.initialize(DEVELOPER_KEY, this);
So beside added restrictions to my API key, is there any other way to remove the API Key from the code?
I tried using the GCP service accounts as suggested by Google, but I do not see how I can still use the YouTube Player without the initialize line of code.
I have same problem, and fixed this by using string R.string.google_api_key generated by google_services.json
change your code to:
youTubePlayer.initialize(getString(R.string.google_api_key), this);
how to get google_services.json:
create firebase project https://firebase.google.com/docs/android/setup?hl=id
get your google_services.json https://support.google.com/firebase/answer/7015592?hl=id
There are some tips on how to secure your API keys at Using API Keys documentation.
It is stated that embedding API keys directly in the code should be avoided, which is the way you are having it right now, therefore you are getting the warning message.
Follow the tips on that page and you should properly secure your API key. As soon as you do so, the warning will go away.
UPDATE
To avoid having a long discussion in comments, allow me to elaborate further providing this update.
Google provides different ways of authentications to give you more options for securing your apps based on your needs. The warnings are helpful tips to make your apps more secure when going in production or exposing to public. So in your case, it would be better to use a different way of authentication.
API keys can be used in server side. e.g. If you are using an API key to authenticate a 3rd party service from an App Engine app, you can use this key as you already have it, since it is impossible for the key to get exposed. (Avoid using API keys in JavaScript since inspecting the page in the browser will expose the API key as well)
In your case, since you are developing an Android app and/or an iOS app, having the API key in the code is dangerous. Because, anyone can use the .apk or the .ipa file and find a way to access it. Therefore, for developing Android apps and iOS apps it is suggested going with different authentication method. The other authentication method supported in YouTube player API is using OAuth 2.0. For more information you can check the Registering your application documentation.
I'm writing Windows C++ application that gives user ability to save some work results directly to cloud storage like Google Drive, Dropbox and OneDrive. I've been able to create working implementation of code that uses OAuth2 and REST API to authenticate user and upload files (with CppRestSDK help).
Now i've been searching for ability to do the same with iCloud Drive service. So far i've seen that for all (?) iCloud based services Apple gives CloudKit SDK to work with them. But this SDK is available ony for XCode and there is some web version for JavaScript.
My question is simple - is there any way to upload files to iCloud Drive from Windows C++ application?
I want to setup all my devices as COPE. WSO2 EMM setup is complete and working fine. Only thing is left is to sign the system service application with the firmware key. I am using Google devices only (Android one, Motorola G2). From where I can find the key and password to sign the application.
Is there any other alternative way to get the application signed?
As per documentation, "Sign the application via the device firmware signing key. If you don’t have access to the firmware signing key, you have to get the system application signed via your device vendor."
But I am not able to find the device firmware signing key.
Any guidance will be really helpful.
There are couple of COPE enrollment types WSO2 IoT server supports,
1. Device owner mode
2. Kioski mode
3. System application
The first 2 options can be used with any out of the box Android device. However system app is targetted towards original equipment manufacturers(OEM) who builds Android devices and maintain their own Android versions. This mean they maintain a version of Android OS image and does the installation to some customer device. If you are an OEM, you should have these keys with you. If you are not an OEM and still needs to use out of the box devices such as Motorola or Samsung to install system app, you need to form a partnerships with those vendors to get the sign the system service app. Unless you need to perform operations such as reboot or firmware upgrade. You do not need systrm service app. In that case i would recommend you to go for option 1 or 2. What are the features that you are looking at? Also it is best to seek wso2 professinal services if thats an option for you https://wso2.com/contact/
We’d like to share photos to SNS, ex. FB via the camera whose OS system is ThreadX RTOS.
But we cannot find any SDK resource for ThreadX RTOS system.
Could we have any chance to share phtots to FB via ThreadX RTOS system?
Facebook's API is based on structured HTTP calls, you could write code to interact with it in any language with a networking stack; the documentation should be applicable to any language you're using, though it will probably reference Facebook's PHP or Javascript SDK in the examples.
Your biggest problem will be authentication, which requires a web browser with internet access on the device for the user to log in and grant access to your application; if you can find a way to do that, you shouldn't have other problems with the API
ThreadX has another package called NetX which supports TCP/IP communication.
Please see,
For NetX,
https://rtos.com/solutions/netx/embedded-network/
NetX Duo (IP V4/v6),
https://rtos.com/solutions/netx-duo/embedded-network-stack/
We're setting up a website that schedules video-conferencing sessions for end-users (using our own technology). We're interested in providing access to this functionality to "corporate clients" to use through their own site.
Initially, we were thinking of having an API key given to each corporate client, and modules could be built in any language to fetch the data from our site. However, our requirements are changing and we're exploring how the data should still be visible to the user of the 'corporate client' even if a network disconnection takes place between their server and ours.
What are the mechanisms by which a website can provide access to its data / functions to other websites?
I would suggest, REST. REST is a lightweight software architecture designed to facilitate access to resources over HTTP/HTTPS.
REST constraints state that there is a separation of components and language agnostic interfaces among others, so your clients won't have to worry about using Java because you're using Java, for example. Aditionally, REST web services are supposed to be cacheable, which may help fit your desire to avoid network issues.
You can learn more about REST here:
http://en.wikipedia.org/wiki/Representational_State_Transfer