I have indeed inspected the contents of their CDN servers. The URLs have an auth token in them but you can edit the range parameters to grab the whole mp4 in one go without invalidating the auth.
Then this is either an exploit or more likely the mp4 file is virtual. You can find out if you are so inclined by grabbing it from two separate accounts using two separate devices (or keys) and then compare how many of the segments are identical.
Also, I assume the file in question is 4K content. Don't know about how they treat other types.
Also, I assume the file in question is 4K content. Don't know about how they treat other types.