I'm hosting multiple AR models on my website. For iOS I've got the AR models (.usdz) set up so they can be accessed directly via the browser.
One of the problems I run into is security of the AR models. I want to prevent users from being able to download them:
- On iOS, the AR models are automatically opened in Apple's AR Quick Look. It's probably also possible to download the underlying models, but this feature isn't easily accessible.
- Via Android (I know .usdz isn't the right file format) and MacOS/Windows it's easy to download the .usdz models by clicking on the link
Is there a way to protect the files so they can be accessed in AR Quick Look, but not downloaded in any way?
Ultimately, if the users device or browser will display the models then it needs to be able to download them.
This is a similar problem to protecting online videos. In that domain the usual approach is to encrypt the video so that even if it is downloaded it cannot be used without the decryption key.
That requires a secure way to share the decryption key with the device or browser and also a secure way to play the decrypted video without the user or other apps being able to access it. The standard approach to this is to use a DRM technology, although it may be possible to create custom solutions and share the keys separately by some other communication means.
At this time, there is no DRM that supports AR models and provides a secure display environment for them, AFAIK.
You could implement a solution where you encrypt the models and decrypt them just before you display them in your web app or browser, using a configured or hardcoded key. This might be enough to deter causal piracy, which may be enough for your needs - it won't deter a determined attacker for long, unfortunately.