Netflix Mobile

A number of video services like Google Play Movies, Netflix, and Amazon Prime Video don’t allow some smartphones to stream movies or TV shows at resolutions higher than 480p. The reason for the lockout is that these services are protected by digital rights management (DRM), to prevent the copying and unauthorized redistribution of these video files.

To trust that Android smartphone and many other devices are secure from piracy, these popular streaming services make use of Google’s Widevine DRM platform. As one of the industry’s oldest DRM services, it’s estimated to be installed on some 4 billion devices around the world.

Here’s what you need to know about Widevine and how it works.

How does Widevine work?

Widevine implements a selection of industry standards to protect content as it’s transferred over the internet and played back on devices. For a quick overview, it makes use of a combination of CENC encryption, licensing key exchange, and adaptive streaming quality to manage and send video to users. The idea is to simplify the amount of work on the service provider’s end, by supporting multiple levels of streaming quality based on the security capabilities of the receiving device.

To achieve this, Widevine protects content across three levels of security, simply named L3, L2, and L1. Your device will need to be certified to meet the full L1 specification if you want to stream HD content from services like Netflix.

TrustZone technology within Cortex-A based application processors is commonly used to run trusted boot and a trusted OS to create a Trusted Execution Environment (TEE), which separates DRM and other processing from potentially exploitable applications.
ARM TrustZone technology within Cortex-A based application processors is commonly used to run trusted boot and a trusted OS to create a Trusted Execution Environment (TEE), which separates DRM and other processes from potentially exploitable applications.

To meet security Level 1, all content processing, cryptography, and control must be performed within the Trusted Execution Environment (TEE) of the device’s processor, to prevent external tampering and copying of the media file. All ARM Cortex-A processors implement TrustZone technology, creating a hardware separation that allows a trusted OS (such as Android) to create a TEE for DRM, and other secure applications.

Security Level 2 only requires that cryptography, but not video processing, be carried out inside the TEE. L3 applies either when the device doesn’t have a TEE or when processing is done outside of it. However, appropriate measures must still be taken to protect cryptography within the host operating system.

How Widevine is implemented

Android devices support either L1 or L3 security levels, depending on hardware and software implementations, as does Chrome OS. Chrome on desktops will only ever support L3 at maximum. If your device is only L3-compliant, you’re capped at sub-HD resolutions. Only L1 secure devices with processing taking place entirely in the TEE can play back HD or higher quality content from Widevine secured services.

Perhaps one of the most important points to note about Widevine is that it doesn’t charge a license fee in order to implement its protection technology. So there’s no financial reason why some smartphones are missing out.

Widevine doesn't charge a license fee. Instead, hardware manufacturers only need to pass a certification process.

Instead, hardware manufacturers only need to pass a certification process. This includes the completion of various legal agreements, implementation of some software libraries, and client integration testing to verify support, among other steps. Apparently, this process is designed to be streamlined for easy adoption, and all chipsets used for Android smartphones support the necessary technologies, so it’s only likely that manufacturer oversight or lack of testing time is to blame if smartphones aren’t compatible. Fortunately, it seems that it’s possible for smartphone OEMs to address any lack of compliance after release. 

In January 2019, Security researcher David Buchanan claimed on Twitter that he managed to break the DRM on Widevine L3. It’s not clear if he has disclosed this reported issue to Google, and there’s been no word from the company on if it has fixed this DRM flaw.

Can my device stream HD content?

Unfortunately, you won’t find information about DRM conformity on many specification sheets, so knowing before purchasing a new phone is difficult. Most smartphones, especially in the flagship tier, will allow for HD streaming from Widevine powered services, even if the smartphone is a few generations old. Technically, all Android smartphones can support L1 Widevine security, but implementation mileage may vary with lower cost smartphones that may skimp on testing times.

If you want to check that your particular handset is compatible with Winevine, along with other popular DRM services, you can check out your smartphone’s level of support with apps like DRM Info, which is free to download from the Play Store. Simply scroll down to the Google Widevine DRM section and check what Security Level your device supports, just like in the image above.

In addition, Netflix has posted a constantly updated list of Android smartphones and tablets that are able to stream its movies and TV shows in HD resolution. The list also includes the chipsets from Qualcomm and Huawei that are capable of streaming Netflix videos in HD.

If you’ve had problems streaming HD content from Netflix or Amazon Video, let us know in the comments below.