FUD alert: There is not a secret plan to use Denuvo DRM on the Play Store

Android Police

By David Ruddock

Published Feb 6, 2017

A thread gaining steam on the r/android subreddit asserts a leaked email from DRM firm Denuvo's website as evidence that Google is looking into implementing such DRM on the Play Store. Additionally, the existence of an APK file on Denuvo's server marked as a 'Denuvo Sample' was used to bolster the claims.

This is unsubstantiated fear-mongering.

First, the email cited, sent by Jan Newger, is well over two years old (looking at the raw dump, it was sent November 24th, 2014). Second, there is no reason to believe that email is at all related to the APK on Denuvo's server, which may well just be a sample package sent to potential customers (which could be any app publisher). The email is pasted below.

I’m working in the security team at Google, and would like to evaluate the denuvo product to get an understanding on how it would integrate with existing solutions, I’m specifically interested in further strengthening existing solutions to hinder understanding/tampering with binary programs. Is it possible to obtain some kind of demo version of the product? Also, could you send a quote to me? If I have some more technical questions, is this the desired contact, or is this sales only?

A Google+ profile appears to show Newger is employed by Google, though that much doesn't even really warrant scrutiny. Because even if Newger was investigating Denuvo's product as part of his work at Google, the email is already severely lacking any support for the poster's claims: Android is not mentioned, the Play Store is not mentioned, and nor is any kind of plan to use this DRM presented. In fact, Newger's email reads far more like a security researcher looking to understand and account for an on-the-market solution as part of his own work on anti-tampering. There is literally nothing here to suggest his inquiry has anything to do with Android, the Play Store, or Google's future plans in regard to DRM of any kind. Zilch.

And in the intervening two-plus years since this email was sent, we've heard absolutely nothing about Google looking into more restrictive, third-party DRM on the Play Store or otherwise.

Unfortunately, this appears to be a case of a rather major failure of the reddit hive-mind, with users simply upvoting the baseless speculation in the title (because that never happens!). The thread really should be deleted or at least labeled to indicate it's irresponsibly spreading one person's rather poorly-informed speculation (that is also almost certainly completely wrong), but the damage may already be done.

Anyway, if you see this floating around the next couple of days, now you know where it came from, and you know it's totally bunk.

Source: reddit