Security on the Roku platform

The Roku Platform is designed to protect each app's intellectual property, while ensuring the audience is safe from malicious attacks.

Roku devices are designed to play a variety of streaming content directly from the Internet. We understand that this content is valuable to the content owners and must be protected from unauthorized access to prevent both casual and professional copying and distribution. Multiple types of security provisions are available if needed.

System security

The Roku platform has been designed to be hardened against unauthorized attack. This process starts at the Roku factory as each system is individualized and uniquely keyed as a foundation for robust security. The platform supports a secure key store and hardware encryption engine. The core set of system software has been encrypted and is protected by a secure boot process and the use of signed binaries.

SSL is the primary method provided for developers to implement content and/or communications security for their application. The device supports both client and server authentication via SSL to provide a secure communications app between trusted end-points.

Application security

Applications that run on Roku devices must be encrypted and signed using the developer's unique developer specific set of keys generated by the Roku Streaming Player in developer mode. Code signing is done automatically as part of generating a package and ensures the integrity of code. Application packages are also encrypted to ensure confidentiality of the source code. Packaging tools are available on the Developer web page of Roku Streaming Players. By default, the Developer page is not enabled. You must enter the remote code Home 3x, Up 2x, Right, Left, Right, Left, Right to enable it. A walkthrough of the packaging process is detailed later in this document.

The packaging process is designed to be lightweight and focuses on ensuring that an application originates from a known source and is protected against tampering. It is the responsibility of the developer to ensure that the application is properly tested, high quality, and provides a good user experience.

Protected environment

BrightScript applications are run within a unique context in the BrightScript Virtual Machine. Applications are "sand-boxed" and run protected from other areas of the system. Scripts have limited access to platform resources and can only access functionality specifically exposed through the scripting layer as BrightScript components. This ensures the overall integrity of the platform and prevents unauthorized access to the operating system or any third party content. Applications are restricted from interacting with other applications on the system or accessing their private data. Applications store their data separately and securely in a unique area of the system registry. Suites of applications can share registry data by creating each application's package with the same developer ID keys.

App intellectual property

All intellectual property and code is protected by the publisher/partner/developer.

Account and payment protection

When a new user creates a Roku account, their personal information is recorded in our secure online system. For making purchases in Roku apps, the customer can opt-in to require a PIN and dialog prompt before approving a purchase.

In addition, apps are allowed to request limited information from users. When an app is creating a new user account for their backend service, the Roku OS will prompt a dialog for the user to approve the requested information before sharing.

Information that apps can request about users includes:

• first name
• last name
• email
• street
• city
• state
• zip
• country
• phone

Learn more about the APIs to add purchases to your apps:

• roChannelStore
• ChannelStore node

Packaging

Regarding protecting the code and assets within an app, we require that all apps are packaged with a secure encryption key. When apps are submitted for the Streaming Store, the encrypted package is uploaded from the Developer Dashboard, ensuring that only the Roku device playing content has the secure package running. Read more about app packaging.

Digital rights management

Roku takes copyright protection seriously. Built into every Roku device is some of the broadest support of Digital Rights Management (DRM) formats. From streaming protocols to authenticated SSL connections, publishers can bring their content to the Roku Platform with the proper security standards in place.

For more details on DRM support, see DRM details.

Content protection

The Roku OS supports High-bandwidth Digital Content Protection (HDCP) for content copy protection between the Roku player's HDMI port and the connected display. In addition, 4K-capable Roku devices support the Trusted Execution Environment (TEE).

For more details, see Content Protection.

Related resources:

• How apps work
• Packaging apps
• DRM details
• Content protection