Digital rights management (DRM) solutions aim to prevent the copying or distribution of copyrighted material. On mobile devices, a variety of DRM technologies have become widely deployed. However, a detailed security study comparing their internal workings, and their strengths and weaknesses, remains missing in the existing literature. In this paper, we present the first detailed security analysis of mobile DRM systems, addressing the modern paradigm of cloud-based content delivery followed by major platforms, such as Netflix, Disney+, and Amazon Prime. We extensively analyse the security of three widely used DRM solutions -- Google Widevine, Apple FairPlay, and Microsoft PlayReady -- deployed on billions of devices worldwide. We then consolidate their features and capabilities, deriving common features and security properties for their evaluation. Furthermore, we identify some design-level shortcomings that render them vulnerable to emerging attacks within the state of the art, including micro-architectural side-channel vulnerabilities and an absence of post-quantum security. Lastly, we propose mitigations and suggest future directions of research.

翻译：数字版权管理（DRM）解决方案旨在防止受版权保护材料的复制或分发。在移动设备上，多种DRM技术已得到广泛部署。然而，现有文献中仍缺乏对其内部机制、优势与劣势进行详细安全比较的研究。本文首次对移动DRM系统进行详细安全分析，涵盖主流平台（如Netflix、Disney+和Amazon Prime）采用的基于云的内容交付现代范式。我们广泛分析了三种广泛部署于全球数十亿设备上的DRM解决方案——Google Widevine、Apple FairPlay和Microsoft PlayReady——的安全性。随后，我们整合其功能与能力，推导出共同特征及安全属性用于评估。此外，我们识别出若干设计层面缺陷，导致其易受当前最前沿攻击手段（包括微架构侧信道漏洞及后量子安全缺失）影响。最后，我们提出缓解措施并建议未来研究方向。