
Netflix confirms it is blocking rooted/unlocked Android devices - msq
http://www.androidpolice.com/2017/05/13/netflix-confirms-blocking-rootedunlocked-devices-app-still-working-now/
======
alistproducer2
Anyone who roots their phone, in all likelyhood, knows how to pirate the
content: granted Netflix is way more convenient, that's why I pay them. I
don't watch on mobile devices so this doesn't bother me. If I did watch on
mobile and I had a rooted device, they would definitely stop seeing my money
though. When will these companies learn to stop going after the nerds; we're
the one who actually know how to get around you if you piss us off.

~~~
bubblethink
Knowing how to pirate is quite different from being able to pirate easily.
Torrenting is a small niche now (at least in the US) because of ISP DMCA
notices etc., whereas billions of people own smartphones worldwide. If someone
releases a netflix-ripper app, it would quite likely see a higher adoption
than bittorrent.

~~~
dooglius
A netflix ripping app would surely be banned from the Play Store, and would
still not be able to solve the content distribution problem. Netflix doesn't
care if you rip content, they care if you try to distribute ripped content to
others, which is really only feasible with bitttorent or similar.

~~~
bubblethink
It doesn't have to be on the play-store. Also, netflix cares more about
ongoing subscription than re-distribution. So if I rip a sizable chuck of what
I want to watch, I won't renew my subscription.

~~~
dylan604
What's to stop Netflix from uniquely forensically watermarking each user's
streams? If anyone person starts to rip their streams for redistributing, then
it will be easy enough for them to determine which user it was and block that
account. The small number of people that would be able/willing to rip would be
easy enough to track down.

~~~
boomboomsubban
Blocking accounts would just earn you an extra $12, not solve the problem. So
you'd need to actively prosecute, and account sharing is so rampant that is
going to quickly lead to terrible press.

------
techsupporter
This sort of thing doesn't surprise me from Netflix. It has been tightening up
its rules for some time.

I dropped Netflix after whoever is in the group that decides policy for
Netflix decided that Hurricane Electric's IPv6 tunnels are "a VPN" that is
being used to circumvent Netflix's location checks with no warning.

(I'm aware of the DNS tricks I can do to only return IPv4 addresses in
response to queries for the netflix.com zone. I choose not to do them and,
instead, to not avail myself of Netflix's content.)

~~~
topranks
Yeah they seem to be moving to newer, platform based security/drm models
across the board.

For instance my HTPC has an Nvidia 1050ti card and can do UHD colour 4k
output. I can play UHD test files just fine.

But the Netflix app won't show me 4K content as they require you to have a
Kaby Lake CPU, which has some new hardware DRM module built in.

~~~
josteink
> Netflix app won't show me 4K content as they require you to have a Kaby Lake
> CPU,

So we've gone from "this website works best in Netscape", to "this website
works everywhere" to "this app requires you to have a specific motherboard".

Sure sounds like progress. Who do we have to thank for this?

~~~
nol13
the man!

(i just have no idea how to get enough people to care about this kind of stuff
to matter, and even if I'm the one people come to for recommendations, I can't
in good conscious recommend the platform/device where netflix won't work)

------
phn
Who is this trying to stop? People that rip their content? Because those ones
certainly have other methods to do it (e.g. record video out).

If they're targeting consumers, why do they give a damn if the phone is rooted
or not? As long as they pay netflix to stream the content to them?

Or is this "just" to prevent fake locations and such, to please their content
producing/distributing overlords?

~~~
Baeocystin
Netflix doesn't care. They drag their feet on this kind of thing as much as
they can. In the end, though, they do this so they can keep their licensing
agreements with content creators.

~~~
qyv
This. It is 100% about being able to license more titles. Many people forget
what the early days of Netflix streaming was like. Remember when you needed
silverlight to watch on a computer? Remember when you couldn't even get
Netflix on Android? Netflix has come a long ways since those days, and they
have done a LOT in moving forward fair-use expectations for digital
subscription content.

~~~
MichaelGG
Netflix loves doing DRM stuff "for the studios" as it creates a barrier to
entry for other players. If Netflix pushed the truth that DRM doesn't matter,
then a competitor might get a studio to sign a nice deal with them.

~~~
qyv
Ya, because studios want (require) DRM. My point is that Netflix has done a
lot to reduce the obnoxiousness and hassle of DRM compliance.

~~~
syshum
Name one thing they have done

------
josteink
That's google essentially rendering the value-proposition of their bootloader-
unlockable phones to be a negative one.

Wth would I pay extra for a Nexus/Pixel if unlocking it causes all Android
software which uses DRM to start failing due to "not being compatible"?

Might as well buy a Samsung then. Or even better: an iPhone.

It's no longer your device anyway.

And to think Android was once open source. Now it's infected with DRM all the
way down to the bootloader.

Such a shame. There are no free devices anymore.

Edit: to clear I've always been OK with DRM in apps (as opposed to HTML)
because that clearly isolates it from the general purposey bits of the
platform. Seems that's no longer the case with Android.

~~~
qb45
> I've always been OK with DRM in apps

You want to eat your cake and have it too. DRM is technically impossible, so
problems like the one you described are inevitable. Bummer, I guess.

~~~
mikevin
Can you expand on why DRM is technically impossible? I don't disagree but I'm
wondering about your reasoning.

~~~
qb45
"Impossible" is a bit rhetorical, although in principle the content has to be
decrypted to be seen and a Sufficiently Sophisticated Attacker can always
somehow extract the decrypted data from the device, in more practical terms
this can be made pretty much arbitrarily difficult.

What I really meant is that making DRM difficult to crack generally goes
against owner control over the machine. The more control you have the easier
it is to simply copy the decrypted data or at least attempt exploiting some
bugs in the DRM engine if the former is impossible. So we see things like
signed bootloaders or dedicated "secure" cores running alongside normal CPUs
with some secret firmware on them.

In particular, it seems that Android's DRM can be subverted by the bootloader
(presumably it uses the ARM TrustZone extension, which is configured by the
bootloader and then locked away from the OS) and hence the OP has to choose
between DRM and unlocked bootloader.

------
xkiwi
The way this message will translate to the nerds|power users|hackers|rooted
user|content creator|

"Netflix does not value your money, therefore you cannot use our services.
However, you can always pirate the content on Internet for free."

~~~
afuchs
Why bother with content that is difficult to access, when you can watch one of
the billions of other videos and streams available on YouTube, Twitch, Vimeo,
or any other website.

If a content owner wants to make access to their content difficult, why should
their content be relevant?

------
izacus
Can someone explain what is it about some crappy shows and Hollywood movies
that it deserves such invasive attacks on device ownership?

When Microsoft tried Secure Boot there was a huge outcry. But when
HBO/Netflix/Verizon/WB demand a complete lockdown of your device (to the point
where AACS 2.0 demands you have a special CPU, Motherboard, GPU and more
components that lock you out and disable themselves if you use custom
software/drivers), then suddenly even on HN I see a huge amount of people
defending a complete lockout from your device to the point where you're not
allowed to even install a custom, better, driver.

What is it about some shows/movies that would be SO DAMAGING to whole society
if a few people would be able to copy them on another device or even give it
to a friend?!

~~~
josteink
> AACS 2.0 demands you have a special CPU, Motherboard, GPU and more
> components that lock you out and disable themselves if you use custom
> software/drivers

That's a standard I have zero knowledge of, because I have absolutely zero
intentions going down that road for any reason what so ever. And I wish that
would apply to much more people!

My PC represents the last bastion of true computing freedom, and I'm not
giving up that, just to be able to watch some movies in a freaking web-
browser.

(In the name of pragmatism and not being a complete neckbeard, I have
separate, unfree, locked down devices for that specific purpose)

~~~
izacus
AACS 2.0 is a DRM standard used in UHD/4K Blu-Ray disks. It requires the
device to call home via internet to retrieve the decryption keys for the BR
disc you're holding in your hand. You need a full stack supporting DRM
(including a CPU with ironically called "Software Guard Extensions"). At this
point there's obviously no way of playing back these on Linux or non-
whitelisted hardware, which is an issue because they're the only source of
truly high-quality 4k/HDR content (the videos are encoded in 50+ MBit bitrate
as opposed to HDR content on streaming services which barely gets to 15Mbit
and is therefore not really much visually different than fullHD content).

Also, I've just noticed that Netflix on the web demands to "verify my
hardware" (on Chromebook) to determine if my laptop is properly locked down
for video playback. The DRM assault is getting worse, not better.

~~~
bogomipz
Thanks for the detailed response. You mentioned:

>"AACS 2.0 is a DRM standard used in UHD/4K Blu-Ray disks."

How does this relate to the context of streaming from HBO/Netflix? Are these
companies offering 4K streams on their services?

~~~
izacus
They offer 4K streams already, but they don't use this DRM standard. They
mostly now use Widewine or some similar which is also slowly pushing to the
same restrictions as AACS 2.0 on BR discs has.

It was more demonstration of a trend.

------
jackewiehose
Isn't it possible for a rooted device to fake beeing a non-rooted device to
(selected) applications? To my understanding root means having the full
control but I fear that this definition doesn't apply to smartphones.

~~~
chickenbane
Obviously I don't know the implementation details of how Netflix is detecting
rooted devices, but my guess is they're using Play Services's new "GMS
Certification".

This involves using signed hardware that helps determine if the execution
environment is trusted. So, users can still root the device, but Android +
Play Services can still determine if features (such as DRM) can be relied on.

It makes sense for Google to develop these features, especially as it wants to
move Android to new devices (Cars?), reduce risk for mobile payments, in
addition to giving stronger security features to content distributors. This
also lets Android devices compete with security features like Apple's secure
enclave.

Honestly, if you are going to root your device you must accept you are not
using it in the supported way the vendor intends. Therefore, you should not
expect all the features of the supported configuration. I think that's a fair
trade-off. Rooting your device is awesome!

~~~
phunehehe0
I think it's actually the SafetyNet Attestation API. Checking for root means
requiring "certified, genuine device that passes CTS". It also excludes
"genuine but uncertified device, such as when the manufacturer doesn't apply
for certification".
[https://developer.android.com/training/safetynet/attestation...](https://developer.android.com/training/safetynet/attestation.html#possible-
results)

I was reluctant to unroot an old phone to try Android Pay, but having to do it
just to watch some movies a tad too far. For me anyway.
[https://phunehehe.net/xperia-android/](https://phunehehe.net/xperia-android/)

~~~
godzulu
My Nexus 6p is running the latest purenexus room, so it is unlocked. Before I
rooted, I installed both DirecTV and Netflix and logged in to both. Rebooted
recovery, flashed magisk 12, rebooted. installed magisk manager from
playstore, enabled su hide in magisk settings. Rebooted again. pass safety
net, Netflix works like always

------
thomastjeffery
As someone with an unlocked and rooted android phone, what are they afraid of,
and where can I get it?

~~~
bubblethink
Get Netflix ? Yalp Store
([https://github.com/yeriomin/YalpStore](https://github.com/yeriomin/YalpStore))
should work I guess. There are also mirror sites for apks. Netflix/Google may
decide to block playback too in the future, at which point you'll have to
explore other options. You can also try to use Magisk to circumvent safetynet.

~~~
thomastjeffery
By "where can I get it?", I meant "where can I get the thing that Netflix is
presumably afraid of me using on my rooted phone?"

------
aidenn0
This is particularly absurd because it's trivial to record from any device
that has HDMI out; HDCP 1.x is quite thoroughly broken, and there is a steady
stream of HDMI splitters that can strip HDCP 2.x

~~~
topranks
The problem is dumping all that data to disk, or encoding on the fly and doing
so.

HDMI caps are mostly kind of shitty quality. Look at the UHD BluRay releases
(smurfs excluded.)

~~~
aidenn0
I know there are non-compressing UHD cards; can x264 on a modern multicore not
keep up at -qp 0 -preset ultrafast for 4k/24p?

------
geofft
Does "unlocked" mean carrier-unlocked or bootloader-unlocked? I'm confused by
this sentence:

 _For example, Artem 's unlocked stock Pixel is still on Widevine Level 1, the
most secure level, but fails SafetyNet because it is unlocked._

(What does "unlocked stock" mean - does the Pixel ship carrier-unlocked? Was
it unlocked by calling up the carrier and asking for an unlock, or in some
other way?)

~~~
drampelt
I would assume bootloader unlocked, I believe that causes SafetyNet to fail
and can't imagine why a carrier unlocked phone would.

~~~
Namidairo
Yeah, an unlocked bootloader passes androidboot.verifiedbootstate=ORANGE to
the kernel cmdline.

That said, the kernel could just lie about what was passed to it sooooo...

------
dingo_bat
Are they going to block admin Windows accounts too?

~~~
syshum
Why would they....

ohh you believe if you are an "Admin" on windows you have control over the
OS.... no Redmond has control over the Windows OS, they have DRM built in well
below "Admin"

~~~
dingo_bat
Ok, let's put it this way: Are they going to block root Linux accounts too?

~~~
syshum
Well

1\. Root on Linux is not the same as Admin on Windows. Sorry

2\. They do limit Linux playback to 720p, you can not play 1080p or higher
streams on linux largely due not having control over the OS.

~~~
dingo_bat
> 1\. Root on Linux is not the same as Admin on Windows. Sorry

No need to be sorry, but how so?

> 2\. They do limit Linux playback to 720p, you can not play 1080p or higher
> streams on linux largely due not having control over the OS.

I didn't know that. Is it done based on OS detection or is it just Netflix
neglecting to support? What if I fool Netflix into thinking I'm running
windows? Will I be able to play 1080p/4k then?

~~~
syshum
>No need to be sorry, but how so?

With root on linux there is nothing outside of your control, With Admin on
Windows there are still all kinds of things outside of your control. Just look
at the Telemetry controversy as an example. No way for even an "admin" to
disable it

>I didn't know that. Is it done based on OS detection or is it just Netflix
neglecting to support?

In order to play HD Content you much have a OS that refuses to follow the
Admin's wishes, instead follows the wishes of the OS Vendor.

You much have full stack DRM built into the OS that is not bypassable.

Currently the Only OS that support browser based HD Playback from netflix is
Windows in the Edge Browser because MS DRM is built into the OS and the Admin
of the OS has no control over it.

------
sametmax
This is kinda silly though. Pirates will not bother using netflix. You have
stremio, pop corn time, the pirate bay and 100 of streaming websites with more
content for free. If somebody is paying, let the client have the unlocked
phone.

------
shmerl
So they are now admitting they have gone completely insane with DRM craze.
That was expected.

Now let someone come and disrupt this industry swamp with DRM-free video.

~~~
tdb7893
The drm is probably a requirement to stream many of the videos. I would rather
Netflix with drm than not being able to stream legally

~~~
type0
Next thing you know the photos you upload to facebook might use DRM so that
you wouldn't be able to move to other site. Would you be happy about such a
development?

~~~
tdb7893
I'm unsure how this is related to my argument. I never said I liked drm, I
basically just said that it's a tradeoff I'm willing to make because it's
probably a necessity if they want to license the content legally. Obviously I
would be mad at Facebook but it's an entirely different situation

~~~
type0
> because it's probably a necessity if they want to license the content
> legally.

For sure the same argument could be applied to fb photos, the point is - it's
a slippery slope and I'm not willing to walk it. It is a tradeoff though, the
one which means that society is willing to trade their freedom. "The dancing
pigs" phenomenon if you wish, the Felten & McGraw quote applies so much to
security as it does to freedom and privacy: Given a choice between dancing
pigs and _security /freedom/privacy_, users will pick dancing pigs every time.

~~~
tdb7893
I still don't understand how the argument applies to Facebook photos. With
Netflix we are talking about a requirement imposed by the people creating
their content so my guess would be that the analogue in Facebook terms would
be if users started not posting photos unless Facebook implemented drm but I
don't really see the point of that analogy.

------
mnm1
It's shit like this (and the VPN bullshit) that keeps piracy alive.
popcorntime has chromecast support and a much better selection anyway. Or kodi
or whatever people use these days. The _only_ selling point and advantage that
Netflix ever had over the alternatives was convenience. That's no longer the
case.

------
faragon
Bad move, in my opinion. So now most 30$ Android-TV devices are not going to
be able to run Netflix? I hope they don't blame piracy afterwards.

------
jpambrun
Wait. I can't cast Netflix to my TV from my phone anymore?

What the f __* are they expecting us to do? Surely they can 't be that
stupid?!

------
erikb
What I don't understand is what Netflix has from it. Is Google paying them
money for that "feature"?

------
cmurf
rooted != unlocked

My phone is not rooted. It is unlocked. Netflix app works fine on this phone.

~~~
archon810
If your phone is unlocked, you will no longer find the app in the Play Store,
or any updates to it. If it's already installed or sideloaded, it will work,
for now.

~~~
cmurf
Not true. My phone is unlocked, the Netflix app was not installed, and right
before posting my above response I installed it from Play Store.

------
eveningcoffee
This is outrageous.

------
ryanlol
Why prevent installing the app when you could instead stop specific content
from being played?

Surely not all Netflix content is licensed under terms which prevent it from
being distributed to rooted devices.

~~~
yellow_postit
Testing and complexity. (in their estimation) There's just not a large enough
population to shoulder the additional engineering overhead and maintenance
costs of partitioning the data and testing/monitoring with every single
release.

------
bitmapbrother
There are going to be people that blame Netflix for this, but it's really not
their fault. They didn't even care if people used VPN's to access their
service. Pressure from the content providers forced them to do this.

~~~
syshum
>There are going to be people that blame Netflix for this, but it's really not
their fault.

There are going to be people that continue to excuse netflix and believe it is
all pressure from content providers.

News Flash for people that believe that, Netflix is a content provider now.
They fully support DRM for their content, they are not being "pressured" by
content providers to do this. They support anti-consumer policies like DRM,
and are just like the MPAA in this regards

Stop allowing Netflix to hide behind their PR machine and blame 3rd parties
for polices they fully support and endorse

No I do not believe for 1 second Neflix is being pressured by anyone to enact
these draconian drm polices nor where they forced to support EME in HTML5.

Netflix is just another anti-consumer, anti-freedom corporation.

~~~
bitmapbrother
Here's another news flash - Netflix without content ceases to become worth
their subscription fee. What did you really expect Netflix to do? Ignore the
demands of their content providers and then have the content taken away?

~~~
syshum
Keep defending netflix if you want, they are not innocent victims of content
provider threats, they are content providers.

MPAA did not come in strong arm Netflix, Netflix is a willing and eager
participant in the development and spread of DRM

~~~
bitmapbrother
There's no need to defend Netflix as they're simply doing what they need to
contractually do to stay in business. Did you really think Netflix was going
to defy the demands of their content providers? Content is king and if Netflix
didn't have it they wouldn't be worth subscribing to.

~~~
izacus
Again, Netflix is actively pushing DRM on content they themselves produce (no
"content provider" pressure there).

