So, as expected, Airfoil Speakers Touch got the boot. This, of course, was expected as Apple has a track record of expelling apps from the store that provide AirPlay-related functionality. AirView was the most recent example.
What’s happening under the hood?
AirPlay Audio (née AirTunes) is a protocol sending ALAC-encoded audio over the network. Authentication is handled by a RSA public/private key pair. The protocol and public key were reverse engineered a while ago, enabling software to emulate iTunes sending audio to a real Airport Express.
The private key was extracted from an Airport Express about a year ago in the Shairport project, enabling third party software to act as an AirPlay receiver, authenticating itself against iTunes or other iOS devices sending audio.
This all comes from an era when music had DRM, CDs held huge amounts of data and iTunes as industry player was still tiny.
Update 2012-06-09: When introducing the Airport Express in Mid-2004, Steve Jobs explicitly confirmed this:
We encrypt the data stream to make the music companies happy.
AirPlay Video shares the name, but none of the implementation. It is just a very thin protocol layer on top of HTTP, supplying video bits to a media player framework. Take a look at the AirView source. They merely implement a HTTP server and feed bits to MPMoviePlayer. As far as I can tell, there is no secret handshake. Anyone may announce itself as an AirPlay video receiver via Bonjour.
A thin layer of DRM-like encryption is handled on a media stream basis when using HTTP Live Streaming, not on a protocol level. Apple even goes as far as saying that HLS does not support DRM, but just simple access control. This seems to suffice even for paranoid Hollywood. Maybe they just didn’t understand.
Apple has demonstrated the following explanations when removing apps
- Removing apps for using the AirPlay name or the triangle-pointing-to-a-box icon? Silly, but legit. Their trademarks.
- Removing apps that use an, ahem, borrowed private RSA key? A bit less silly, but also very legit, in my opinion. They sell Airport Express stations and license the key to hardware vendors.
- Removing apps that implement a HTTP server and announce it over Bonjour? Totally silly and not even close to justified. If Apple wanted to lock this down, they should have put technical measures in place, and not badly enforce this at review. Delayed by poorly trained reviewers.
So what’s the Right Thing to do, Apple?
If Apple really is in the business of licensing both AirPlay protocols to vendors, which is silly but legit, offer software vendors the same licensing deal that hardware vendors can get. Bloomberg cites a $4 license cost for AirPlay Audio, which is a fairly large amount. To compare, Microsoft states that MPEG2 Playback for DVDs costs $2 per license. I’m not aware of any third party AirPlay Video receivers as of now.
On one level, I can understand that Apple doesn’t want products out there that are based on poorly reverse-engineered protocols and break at every minor iOS update. On the other hand, I would love to be able to freely stream audio and video between all my devices. So the Really Right Thing to do is documenting the protocol, exposing it via an public API, and enabling AirPlay Audio and Video without any DRM-era bullshit restrictions. But as AirPlay is at the heart of Apple’s strategy for the living room TV, they probably won’t.
Update 2012-06-07: Rogue Amoeba does the stupid thing and lets Apple pull the in app purchase item and still includes the functionality hidden within the app. They still don’t mention the private key. So it’s just a publicity stunt.
Update 2012-06-09: Phil Schiller confirms this:
The story as I understand it is simple, and not accurately recounted on Rogue Amoeba’s website. Rogue Amoeba’s app added a feature that accessed encrypted AirPlay audio streams without using approved APIs or a proper license and in violation of Apple’s agreements. […] We have an Airplay licensing program explicitly to assist companies in creating AirPlay capable products.