Affiliate links on Android Authority may earn us a commission. Learn more.
What is Widevine digital rights management (DRM) and why does it matter?
A number of video services like Disney Plus, Netflix, and Prime Video restrict smartphones from taking screenshots of movies or TV shows. The reason for the lockout is that these services are protected by digital rights management (DRM). The goal is to prevent the copying and unauthorized redistribution of copyrighted video files.
To trust that Android smartphones and many other devices are secure from piracy, these popular streaming services make use of Google’s Widevine DRM platform. As one of the industry’s oldest DRM services, it’s estimated install base stands at some 4 billion devices around the world.
Here’s everything you need to know about Widevine and how it works.
What is Widevine and how does it work?
Widevine implements a selection of industry standards to protect content as it’s transferred over the internet and played back on devices. For a quick overview, it makes use of a combination of CENC encryption, licensing key exchange, and adaptive streaming quality to manage and send video to users. The idea is to simplify the amount of work on the service provider’s end, by supporting multiple levels of streaming quality based on the security capabilities of the receiving device.
To achieve this, Widevine protects content across three levels of security, simply named L3, L2, and L1. Your device will need to be certified to meet the full L1 specification if you want to stream HD and HDR content from services like Netflix. If your device doesn’t meet this requirement, it may not receive a high-resolution stream even if your internet connection and display can output it.
To meet security Level 1, all content processing, cryptography, and control must be performed within the Trusted Execution Environment (TEE) of the device’s processor. This is to prevent external tampering and copying of the media file. All ARM Cortex-A processors implement TrustZone technology, creating a hardware separation that allows a trusted OS (such as Android) to create a TEE for DRM, and other secure applications.
Security Level 2 only requires that cryptography, but not video processing, be carried out inside the TEE. L3 applies either when the device doesn’t have a TEE or when processing is done outside of it. However, appropriate measures must still be taken to protect cryptography within the host operating system.
How Widevine is implemented
Android devices support either L1 or L3 security levels, depending on hardware and software implementations, as does Chrome OS. The Chrome web browser on desktops will only ever support L3 at maximum. If your device is only L3-compliant, you’re capped at sub-HD resolutions. Only L1 secure devices with processing taking place entirely in the TEE can playback HD or higher quality content from Widevine-secured services.
Notably, Widevine doesn’t charge a license fee in order to implement its protection technology. So there’s no financial reason why some smartphones are missing out.
Widevine doesn't charge a license fee. Instead, hardware manufacturers only need to pass a certification process.
Instead, hardware manufacturers need to pass a certification process. This includes the completion of various legal agreements, implementation of some software libraries, and client integration testing to verify support, among other steps. Apparently, this process is designed to be streamlined for easy adoption. Nearly all SoCs used for Android smartphones support the necessary technologies. So if a particular smartphone isn’t compatible, it’s only because that manufacturer didn’t complete testing. Fortunately, it seems that it’s possible for smartphone OEMs to address any lack of compliance after release.
In January 2019, Security researcher David Buchanan claimed on Twitter that he managed to break the DRM on Widevine L3. It’s not clear if he has disclosed this reported issue to Google, and there’s been no word from the company on if it has fixed this DRM flaw.
Can my device stream HD and 4K content?
Unfortunately, you won’t find information about DRM conformity on many specification sheets, so knowing before purchasing a new phone is difficult. Most smartphones, especially in the flagship tier, will allow for HD streaming from Widevine-powered services, even if the smartphone is a few generations old. Technically, all Android smartphones can support L1 Widevine security, but implementation mileage may vary with lower-cost smartphones that may skimp on testing times.
Widevine supports matters for non-smartphone devices too. Many cheaper Android-based streaming boxes don’t support HD or 4K streaming as they lack the certification. You can still use these devices to play back local media or unsecured sources like Plex, but don’t expect Netflix or Disney Plus to work seamlessly.
If you want to check that your particular Android device is compatible with Winevine, along with other popular DRM services, you can check out the level of support with apps like DRM Info, which is free to download from the Play Store. Simply scroll down to the Google Widevine DRM section and check what Security Level your device supports, just like in the image above.
Widevine support is often not quoted on spec sheets, so you'll have to rely on reviews to know if HD streaming will work or not.
In addition, Netflix has posted a constantly updated list of Android smartphones and tablets that are able to stream its movies and TV shows in HD resolution. The list also includes the chipsets from Qualcomm and Samsung that are capable of streaming Netflix videos in HD.
Further reading: What are video codecs and why do they matter?