App stores are littered with apps that promise free access to music, but only few live up to expectations. Musi is one of them.

The music app made headlines in 2016 when its founders, who were teenagers at the time, presented their brainchild in an episode of the Canadian edition of Dragons’ Den.

In essence, the software itself is relatively simple. Musi can stream music, which it sources from YouTube, and allows users to create and share playlists. It essentially uses YouTube as a music library, without showing the video.

This functionality directly rivals other streaming apps such as Spotify. However, since content is sourced from YouTube, costs associated with payments to labels are absent from the Musi equation, and that means it’s much cheaper to run.

This business model is a win-win for Musi’s operators and the platform’s users. Music industry insiders, on the other hand, are less pleased. They describe the app as “parasitic”, a reference to the app’s reliance on YouTube content, which it allegedly obtains by circumventing the platform’s technical protection measures.

For Dragon’s Den judge Joe Mimran, potential challenges to the business proved too much. While he was initially interested in investing $125,000 in exchange for a 15 percent stake in the company, the entrepreneur eventually walked away from the deal due to legal concerns.

“I was advised that when companies such as Musi get to a critical size, they could be sued for past use by the publishers,” Mimran informed the Financial Post in 2016.

Musi’s Millions

Musi didn’t throw in the towel after this setback. The app, which was already operational, continued to grow its user base in Apple’s iOS store. In the years that followed, it was downloaded dozens of millions of times.

Currently, Musi is ranked 5th in the App Store’s music category with over 3.5 million mostly positive ratings. That’s truly remarkable for a bootstrapped company that relied on YouTube, without any direct licensing deals in place with the major labels.

Earlier this year, a Wired piece highlighted Musi’s success, while also shedding some light on the legal concerns. The piece doesn’t offer any conclusions, but it suggests that the app is making many millions of dollars by operating in a ‘gray area’.

At the headquarters of global music industry body IFPI, legal matters are black or white, however. The group has had the Musi app in its crosshairs for a while. Information reviewed by TorrentFreak shows that legal pressure is building.

IFPI Reports Musi to Apple

TorrentFreak learned that IFPI reported the Musi app to the App Store last summer. Apple had already removed Musi years ago but later reinstated it. With this new request, the music group hoped for a better outcome.

Four days after IFPI submitted its complaint, U.S. legal counsel for Musi Inc. reached out to IFPI, refuting its claims. Musi’s lawyer argued that the app was merely providing access to publicly available music, stressing that it doesn’t store any content on its servers.

It’s not clear whether Apple took any position in this dispute. We do know that the company, which typically has rigorous copyright standards, didn’t remove Musi from the app store.

Apple’s inaction shows that the legalities surrounding the software are certainly not straightforward. IFPI continued to press on, however, and they eventually booked a small success, which was noticeable for Musi users too.

Secret Sauce

After the initial back and forth in July last year proved unsuccessful, IFPI reached out to Musi’s law firm again in September. Among other things, the music group specifically called out Musi’s “secret sauce” feature which, purportedly, provided access to pre-release music.

The exact contents of the letter are unknown but, in October 2023, Musi permanently removed the “secret sauce” feature.

Meanwhile, IFPI continued to hammer on the precarious legal situation it believes Musi to be in. The group has two main arguments, starting with the claim that the app circumvents YouTube’s technical protection measures.

In addition, it argues that Musi infringes its members’ rights by communicating their works through ‘new means’ to a ‘new audience’.

Musi Inc, however, continues to refute these claims though its legal team and maintains that it operates within the boundaries of copyright law.

Escalation to Apply Maximum Pressure

The communication between IFPI, Musi, and Apple continued into 2024 and the status quo remains. Apple has decided to leave the matter open for now and Musi continues to add over a million new downloads per month, frustrating IFPI.

Around February, the music group proposed to escalate the matter, encouraging its members to help out by putting pressure on Apple, while also involving YouTube in the matter. The plans are as follows, paraphrased:

– Music companies might want to complain to Apple about Musi, using their existing contacts at the company.

– In addition, they should motivate YouTube to take an active stance against the app’s developers, and complain to Apple as well.

– IFPI, for its part, should inquire among legal contacts to see whether there’s a basis for a lawsuit against Musi.

These plans would use existing business relationships to tackle the Musi problem. Whether any of these suggestions were followed up, and if so, to what extent, is unknown. The proposal is a few months old by now and from the outside there doesn’t appear to be much movement. That could easily change, of course.

After more than a year, users of the Musi app haven’t noticed anything new since much of the pressure is applied behind closed doors. In itself that’s an interesting observation, as it makes one wonder what else is going on.

It’s clear, however, that IFPI can garner the full power of its high-profile record label members. These are also the names that are likely to be listed on a lawsuit, if it ever comes to that.

From: TF , for the latest news on copyright battles, piracy and more.

To a greater or lesser extent and depending on region, rightsholders across all major industries are now regular participants in site-blocking actions.

Most blocking takes place to prevent access to movies and TV shows on static platforms such as torrent sites and streaming indexes, plus streaming platforms typically operated by IPTV providers offering live sports. These video-based sectors now account for the majority of blocking but the major recording labels, publishers, and video game companies are all still involved.

New Action By The Music Industry

In France, where rightsholders are taking small, incremental steps to make blocking easier and potentially more effective, the major recording labels have recently obtained permission from a Paris court to add even more domains to their ever-expanding blocklists.

First reported by French news outlet L’Informe , the blocking application was made under the umbrella of collection organization SCPP (Civil Society of Phonogram Producers), which represents major labels including Sony, Universal and Warner, plus hundreds of others .

The 40 targets are domains operated by familiar pirate sites or those that facilitate access to them. They include torrent9, cpasbien, yggtorrent, tirexo, zone-annuaire, and wawacity.

Also on the list, three proxy domains that until recently helped users to access the previously-blocked BitTorrent DHT index, Magnet DL. Since that site disappeared offline a few weeks ago, blocking these three proxies ( magnetdl.unblocked.id, magnetdl.uproxy.to, magnetdl.proxyninja.net ) will achieve nothing, but it’s possible that French ISPs will implement blocking regardless.

SCPP Evidence Supports Site-Blocking

Citing the decision of the Paris court, L’Informe reports that “SCPP established in a sufficiently convincing manner that the disputed sites, which are aimed at a French-speaking public, allow Internet users, via the aforementioned access paths, to download or continuously access protected works via hyperlinks without obtaining authorization from rights holders.”

Since in this context hyperlinking amounts to copyright infringement, the court agreed that ISP blocking is warranted. In the event that the sites switch to new or alternative domains to evade blocking, SCPP will be able to return to court to have those blocked too.

SCPP did just that in April and then again in May, to counter two recent rounds of circumvention by torrent9, cpasbien, and yggtorrent. This latest order comes in response to what appears to be a third, but certainly won’t be the last.

Deindexing Domains From Search Results

Search engine deindexing usually accompanies ISP blocking measures since the latter is believed to make the former more effective. For example, in a scenario where an ISP implements blocking measures against PersistentPirateSite.com, former users of that now-blocked domain may turn to Google hoping to discover the site’s new and unblocked domains. If all goes to plan, access to the site is restored.

In a combined blocking/deindexing scenario, domains blocked by ISPs are also removed from search results. It doesn’t necessarily follow that users searching for new domains will leave empty-handed, but deindexing does make the task harder for the less experienced. Using the latest order as an example, ISPs are required to block torrent9.sb, torrent9.rs, torrent9.ink, and nine others connected to a site of the same name.

With all of these domains now absent from search results, less experienced users who search for ‘torrent9’ will find dozens and dozens of almost identical domains, but no idea which – if any – lead to the real site. They may not even be aware that some may exist purely to spread malware and empty their wallets. The image below is just a small sample of the choices available.

I’m Spartacus! No… I’m Spartacus!

At this point it would be quite reasonable to conclude that the root of this problem isn’t deindexing at all, it’s a problem faced by those who prefer to get content for free rather than paying for it. On that basis, there will be no sympathy when instead of downloading an album, users silently install malware instead. Unfortunately, that becomes everyone’s problem.

Mitigating Piracy Should Not Increase Online Risks

The phrase “what’s illegal offline should be illegal online” is used to highlight disparity between laws in the physical world and those on the internet. Yet accepted standards in the ‘real world’ often tend to be higher than those applied online.

In this case, more savvy internet pirates will circumvent these recent blocks within seconds, negating any need to visit search engines, thereby avoiding the dangers associated with bogus sites. With every blocking measure, pirates are becoming even more savvy.

For those who are less savvy, the reverse is true. Forced to visit search engines, soon they will only see bogus platforms or at the very least, those sites will feature prominently in search results, appear more legitimate, and attract even more clicks. Increased traffic will likely lead to more revenue, increased visibility, and even more unwitting visitors than before.

When mitigating offenses in the ‘real’ world, solutions that expose people to even more risk are avoided. When dealing with the same online, the importance of not allowing site operators to generate revenue “that funds wider crime” is immediately forgotten, even when the measures themselves contribute to that.

Additional verification is needed but if a report concerning a Z-Library scam turns out to be accurate, the consequences of giving scam websites the oxygen to operate freely couldn’t be any more clear. When that happens without any progress being made in the reduction of piracy rates, there has to be a better way.

From: TF , for the latest news on copyright battles, piracy and more.

In terms of general internet security, there are few things worse than reports of yet another potentially massive leak of personal information.

Whether due to incompetence or deception, the bottom line is often the same; exploitation of data at the expense of those to whom it relates, and a further undermining of online safety to the detriment of all.

A report published by Cybernews.com claims that a Z-Library related scam lured 10 million people to a look-a-like site, where their personal information was held for nefarious purposes.

Key Claims

TorrentFreak has not seen the allegedly exposed database, so it necessarily follows that we’re in no position to confirm or reject any claim of authenticity. However, the general circumstances are familiar to us so with that as background, we’re able to provide some additional context.

Cybernews says its researchers discovered the database exposed on Z-Library lookalike site, z-lib.is, on June 27, 2024. It describes z-lib.is as a “malicious clone of Z-Library” and claims that the exposed database contains “almost 10 million users’ data.” The specifics are reproduced below verbatim.

Threat actors accidentally leaked usernames, email addresses, passwords, and Bitcoin and Monero wallet addresses of 9,761,948 users.

For many users, other data contains country codes, book requests, timestamps, comments, invoices, etc.

Researchers verified the validity of the data and confirmed that registered users were spammed with malicious links.

Researchers conclude with a high level of certainty that the data is authentic and filled out by users themselves

Z-Lib.is Previously Described as Malicious

Based on information publicly available for more than a year, Z-Lib.is is almost certainly malicious. In March 2023, the domain was reported alongside several others as fraudulent and a security risk by the official Z-Library team. They were very specific about the nature of the threat.

“These websites may steal your personal information and compromise your security,” Z-Library wrote.

The new report indicates that the data of almost 10 million users appears in the database. That is a very large number but on a base level, not impossible when considering traffic to the clone domains. Data shows that in February 2023 alone, Z-Lib.is had around 7.8 million visits. In the same month, the connected Zlibrary.to had around 9.1 million visits.

‘Data of 9.76 Million Users Leaked’

The claim that 9,761,948 people had their “usernames, email addresses, passwords, and Bitcoin and Monero wallet addresses” leaked in the database is less easily explained.

While it would be unremarkable for all users to have a username, an email address, and a password, it seems unlikely that details of Bitcoin and Monero wallets were handed over at anything like a similar rate. It’s of course feasible that the report didn’t intend to give that impression.

Yet if we assume that not every user handed over their crypto details (or even had any to hand over at all), that meets a challenge later in the report. It describes the leak as “extremely disturbing as it deanonymizes millions of crypto wallets and links related transactions to individuals who tried to access pirated content.”

Copyright Consequences, Punishment for Piracy?

After linking crypto with attempts to access pirated content, two further references to copyright infringement feature later in the report.

“The database backup was generated on June 20th, 2024. It contains user data and other information used in the operation, such as received Digital Millennium Copyright Act (DMCA) takedown requests and payments to access the website’s resources,” the report notes.

“Z-Lib users should expect that the exposed data will likely be used by authorities, cybersecurity researchers, cybercriminals, and potentially anyone who can benefit from it. The data is not widespread yet, but it is vital to take action to protect other accounts.

“Law enforcement and copyright holders may use the leaked data to take legal action against the website’s users,” the researchers add.

As stated at the beginning, we have no access to the database and no knowledge of what else it may contain. On that basis, predicting whether it might be useful for civil litigation or even criminal prosecution, would be premature. The report makes no mention of any implications for the operators of the website itself, but notes that there may be attempts to blackmail users.

The Cybernews report also warns that people could face targeted phishing campaigns for the purpose of stealing their cryptocurrency, and follows up with various tips for those who may be affected.

Whether any, all, or none of these dangers will surface any time soon is unknown. That being said, it does seem fairly ironic that Z-Library is seen as a platform for study and research, but the success of the scam relies on potential targets being oblivious to the threat, having done little or no research over the past year.

Of course, there’s as much misinformation as there is information right now, so research may prove difficult. The basics, on the other hand, are very predictable. No pirate site ever needs a user’s personal details and handing them over will never lead to anything good.

From: TF , for the latest news on copyright battles, piracy and more.

Free music is easy to find nowadays. Just head over to YouTube and there are millions of tracks, including many of the most recent releases.

The music industry earns billions of dollars through associated advertising but doesn’t like the fact that some people download the tracks for offline use.

A blunt solution would be to remove all music from YouTube. That would be easy enough, but only if losing massive revenue wasn’t a problem either. Instead, record labels and industry groups are countering the piracy threat with DMCA notices, lawsuits, and website blocking requests.

Italy’s Stream-Ripping Problem

Last year, EU research revealed that the popularity of stream-ripping services is in decline , perhaps in part due to these enforcement efforts. In Italy, however, the opposite is happening.

According to FPM, Italy’s Federation Against Music and Multimedia Piracy, stream-ripping is now the top source of music piracy, and it’s growing.

“[Stream-ripping] is the most widespread form of infringement of musical copyright and it accounts for 30% of total musical piracy in Italy,” FPM reports.

“This is a suddenly growing phenomenon: with an average of 10 million accesses from Italy per month, the illegal practice grew by 10% in the first quarter of 2024 alone.”

New Blocking Push

The good news for local music companies is that there are countermeasures available. While the music industry isn’t part of the state-of-the-art “Piracy Shield” solution, rightsholders can still request old-fashioned site-blocking measures.

FPM reported significant progress this week after local telco regulator AGCOM approved its request to block 11 domain names linked to six prominent stream-ripping services.

FPM’s request was made on behalf of the major record labels and was granted as part of AGCOM’s regular procedures, which add dozens of new blockades every month. These blockades should be noticeable, the group suggests, as they were recently responsible for a large percentage of Italy’s monthly stream-ripper visits.

Targeted domains

The circulated press release doesn’t mention the sites by name, but FPM and Enzo Mazza, CEO of Italian music industry group FIMI, was kind enough to share them directly.

One order targets various domains that use the popular YTMP3 brand. These include the domains ytmp3.nu, lumieremusic.net, ytmp3.im, and projectspark.ca. For good measure, www.lumieremusic.net, www.ytmp3.im, www.projectspark.ca are listed as ‘additional’ domains.

The five other orders target downmp3.yt, y2meta.app, x2mate.com, ytmp3.nu, and yt5s.io. These sites operate under various stream-ripper brands that are repeatedly used by copycats.

According to FPM, the sites recently had as many as three million visits per week, which is well above the average number of Italian stream-ripper visits over the past year. This is one of the main reasons the blocks were requested urgently.

FPM is pleased with the new blocking orders and thanks AGCOM for its cooperation, stating that the results have a clear impact on illegal access to music in Italy.

While the effectiveness of the blocking measures has yet to show up in the data, a brief look at AGCOM’s website shows that the domains targeted in this round are just the tip of the iceberg.

Other recent music-related targets include m3.urbanomp3s.com , beemp3.In , arcadefire.net , keepvid.online , z3.mp3juice.tools/it , id.mp3juices.vin , mp3juice.za.com , thenerdmentality.com , yt2mp3.mobi , yt8s.com , mp3juice.za.com , emp3juice.cc , mp3cielo.org , and many, many others.

From: TF , for the latest news on copyright battles, piracy and more.

After dragging on for years due to the complexity of the case, which was further complicated by a global pandemic, last month a Las Vegas jury convicted five men behind pirate streaming service Jetflicks.

Kristopher Dallmann, Douglas Courson, Felipe Garcia, Jared Jaurequi, and Peter Huber, generated millions of dollars in revenue through Jetflicks, a subscription platform that reportedly offered more content than Netflix, Hulu, Vudu, and Amazon Prime.

All five men were convicted of conspiracy to commit criminal copyright infringement. Dallmann was further convicted of two counts of money laundering by concealment and three counts of misdemeanor criminal copyright infringement.

No sentencing date was announced but based on their convictions, Courson, Garcia, Jaurequi, and Huber face up to five years in prison, Dallmann considerably longer; a maximum of 48 years according to the Department of Justice.

Dallmann Seeks Acquittal

Having battled for every inch of ground running up to the trial, and continuing until its eventual conclusion, Dallmann is still refusing to go quietly. After first seeking acquittal during the trial, counsel for Dallmann submitted a new motion for acquittal after his conviction.

The motion states that the government’s evidence fell short of the required standard on all counts, including conspiracy to commit copyright infringement, copyright infringement by distribution, copyright infringement by public performance, and two counts in connection with money laundering.

One of Dallmann’s objections relates to an episode of the TV show Paradise . He claims that the government failed to prove that he downloaded a copy, much less distributed it to the public. Noting that the episode in question was published on December 16, 2016, Dallmann claims that a list of TV shows seized during a raid on his home showed no releases beyond December 15, 2016.

The 17-page motion leaves no stone unturned in its efforts to present both offending and evidence in completely new light. We don’t intend to detail all instances here but in the unlikely event that any gain enough traction, we will return to them later.

For now, a claim that there was insufficient evidence to show that the defendant knew that Jetflicks was unlawful, or that the retail value of infringement was more than $2,500, appear to face significant challenges .

Co-Defendants Also Seek Acquittal

Despite facing significantly lighter sentences, Dallmann’s co-defendants, Jaurequi, Courson, Huber and Garcia, have also filed for acquittal. According to the government’s omnibus response filed on Tuesday, this is the third time the men have asked the court to acquit. Having been denied on two previous occasions, counsel for the government urges the court to deny these motions “and let the jury’s sound verdict stand.”

“The evidence showed that Jetflicks generated millions of dollars in subscription income during its operation from 2007-2017, and that the site boasted the availability of more than 180,000 individual television episodes and more than 37,000 subscribers paying
between $9.99 and $16.97 on a monthly basis to access the Jetflicks collection of infringing television shows,” the response notes.

“The evidence further showed that the conspiracy successfully reproduced copyrighted television show episodes in numbers that dwarf the statutory requirements for proof of criminal copyright infringement in both numbers and value. The success in achieving the criminal goals of the conspiracy were presented in multiple ways, each of which would allow a rational trier of fact to find beyond a reasonable doubt that the conspiracy existed.”

“No Comparisons With Original Copies”

One of Dallmann’s arguments in support of his motion for acquittal is that reproduction of a copyright work (such as a TV show) can only be shown with reference to the ‘original copy’ filed at the United States Copyright Office. He states that none of the government’s witnesses viewed these reference copies but viewed “authorized copies” instead. That being the case, he believes the government fell short of the ‘best evidence’ rule.

As the government’s motion points out, this approach was tested during the trial, with the court explaining how content reproduced at Jetflicks could be compared with representative copies of the copyrighted work.

“Arguments by defendants that Jetflicks reproduced works that did not meet the substantial similarity test are not legally supported, and the jury was reasonable in determining that the conspirators intended to reproduce copyrighted episodes for streaming and downloading by Jetflicks subscribers,” the government’s response continues.

Was the Retail Value of Infringement More Than $2,500?

To support its criminal copyright infringement allegations, the government needed to show that the defendants reproduced 10 or more copies of one or more copyrighted works, with a retail value of more than $2,500 during a 180-day period. Dallmann’s motion for acquittal suggests that by failing to meet the rule on “best evidence” there is insufficient evidence to meet that standard.

The government states that based on the evidence presented, including testimony from representatives of the copyright holders “who identified copyrighted titles and conducted direct comparisons between Jetflicks’ reproductions and the legitimate broadcast works,” the jury was able to “reasonably determine that Jetflicks possessed reproductions of copyrighted works which subscribers could view.”

In respect of the scope of the content on offer, the government highlighted the following:

– The Jetflicks website claimed to have 183,285 episodes available for viewing
– An MPA/ACE scrape of the website revealed ~55,000 titles owned by studio members
– Evidence showed that ~89,000 files were processed by Sickrage/Sickbeard software.
– A list relating to a seized storage device ran to 30,000 video files

“Each of these snapshots show the sheer size of the Jetflicks library of infringing works at a single moment, spanning across all times each co-conspirator was involved, thus satisfying the 180-day time window for each defendant,” the government adds.

At 23 pages long, the government’s response is comprehensive. It further states that since there was sufficient evidence to convince the jury that the defendants engaged in a conspiracy to commit criminal copyright infringement, all calls for acquittal should be denied.

Dallmann’s motion for judgment of acquittal ( pdf )
The U.S. Government’s omnibus response to the motions for acquittal ( pdf )

From: TF , for the latest news on copyright battles, piracy and more.

Founded in 2010, Hikari-no-Akari (HnA) positioned itself as the go-to site for fans of Japanese music.

With anime booming across the globe, HnA’s audience didn’t stop at the border. And with over a million visits per month, rightsholders started to take notice.

HnA Targeted in Subpoena

Hoping to stop the infringing activities, the Recording Industry Association of Japan ( RIAJ ) and IFPI repeatedly reached out to HnA’s operator, without result. Similar inquiries, sent to the cyberlocker where the pirated music was stored, didn’t help either.

Faced with the status quo, the music industry groups, though Sony Music Japan, went to a U.S. federal court . There, they obtained a DMCA subpoena, requiring Cloudflare to share all information they have on the customer associated with hikarinoakari.com.

Additionally, the subpoena targeted the associated cyberlocker; hnadownloads.co. The latter domain received the bulk of its traffic from HnA and, according to music industry insiders, is operated by the same people.

Through the subpoena, the music company hoped to obtain additional information on the people behind these sites, including their names, IP addresses, and payment details. Any information obtained could then be used for follow-up copyright enforcement actions.

HnA Shuts Down

Cloudflare typically requires some time to respond to subpoenas, and it hasn’t done so yet. However, the HnA operators decided not to wait for any follow-up action, and reportedly shut down the site of their own accord.

Indeed, at the time of writing, hikarinoakari.com is not resolving, and the hnadownloads.co domain is listed as suspended.

According to a press release from RIAJ, there is no agreement or settlement. In fact, the music group still doesn’t know who’s behind the site. If they find out more, they will take appropriate steps.

“[T]he operator voluntarily closed the website immediately after the disclosure order. Based on the information to be disclosed by ‘Cloudflare’ in the future, our association plans to continue to hold the operator accountable and take legal action against similar illegal sites,” RIAJ writes.

Sharing Culture?

RIAJ estimates that HnA had more than 15 million visitors in 2024, of which roughly 75% were from outside of Japan. According to data from SimilarWeb, the U.S. was the runner-up in terms of traffic, followed by Chile.

While HnA and its users might have been under the impression that they were sharing culture, the music group sees things differently. The unauthorized sharing practices resulted in lower revenues for rightsholders, which is counterproductive, RIAJ explains.

“Going forward, our association will continue to work on ongoing anti-illegal measures to eradicate pirate sites in order to contribute to the development of music culture,” the group adds.

No concrete follow-up action is mentioned but, as an extra warning to the public at large, RIAJ notes that knowingly downloading pirated music is a criminal offense in Japan, even if it’s for personal use.

From: TF , for the latest news on copyright battles, piracy and more.

The positions of Apple and Google are very clear when it comes to piracy app availability in their respective stores. Whether created for iOS or Android, they are not allowed. Period.

With the theory neatly wrapped up, reality tends to take over and at that point, the bright lines become a little blurred. Right now there are apps on the App Store and Google Play which offer TV schedule/EPG-type functionality out of the box, exactly as advertised. However, a tap here and an adjustment there reveals new functionality mentioned nowhere in official product descriptions.

Stealth Piracy

A report late last week revealed that an iOS app called “Collect Cards: Store Box” which claimed to manage photos and videos, had hidden its true potential away for more than a year.

This wolf in sheep’s clothing was reportedly a full-blown pirate streaming app offering content from Netflix, Disney+, Amazon Prime, HBO Max, even Apple TV+ according to the report. Such was the app’s success, it made it the top #2 slot on the App Store in Brazil; through the use of geo-blocking, users of the app in the United States weren’t shown the illegal features, which limited the chances of being quickly shut down.

Tactics like these aren’t new. Piracy functionality has been hidden inside puzzle games and Shazam-like audio recognition apps, on both the App Store and Google Play. The music industry has complained that apps that don’t make any real effort to hide have also been able to evade vetting .

Apps and App Stores Discussion Paper

These issues and more are addressed in a new discussion paper released this month. Titled Apps and App Stores , the paper is based on the work of the EU’s Intellectual Property Office Observatory’s Expert Group on Cooperation with Intermediaries. The paper doesn’t represent the official position of the EUIPO but does provide an interesting overview of piracy-related problems in connection with mobile apps.

Mainstream app stores have systems in place to screen apps and their updates. In part this is to prevent infringing apps from being offered to the public, but developers can employ various evasion techniques to undermine that.

Evasion Techniques

As well as disguising piracy apps as something more benign, malicious code and/or infringing functionality can be hidden from the review process using encryption or delays. Additional code can be installed after the initial review, or following a subsequent update.

The paper also touches on apps behaving differently depending on the region and by changing when an app is made available. The report says that developers have been observed “hiding the app from their account and subsequently on the app store during certain days of the week to avoid detection from right holders.”

Rather than using encryption or other techniques that provide an element of stealth, other apps are said to operate right out in the open by simply claiming to be a legitimate service.

“[S]ome apps, purportedly disguised in a false appearance of legality, dissociate themselves from the illegal sharing of protected content they support, which is the core of their activities. These apps have terms and conditions highlighting their neutral nature with regard to the content used through their services, which do not reflect on the reality of the service provided,” the paper explains.

“This may lead app stores to require additional information and proof of the illegal nature of the app from right holders before making a decision on whether to block or remove the app in question.”

Third-Party App Stores

From the perspective of the average user, iPhone and iPad devices running iOS are restricted to content available from their respective app stores. For Android users, however, the app landscape is much more open. It’s likely that most users will be satisfied with Google Play, but on Android it’s trivial to allow apps not obtained from the official store to be installed on a device.

As the ‘stealth’ app issue demonstrates only too well, app store review processes are not bulletproof. However, users who ‘sideload’ apps using alternative app stores, or even randomly from anywhere else on the internet, expose themselves to apps (APK) that in many cases undergo no review whatsoever. While that doesn’t automatically make these apps unsafe, there’s nothing in place to ensure the opposite either.

The discussion paper notes that software is available from official app stores that may be able to identify potentially malicious apps and alert users to prevent installation. The paper also cites an article published by TF in 2023 in which we offered some basic tips on how to use beginner-friendly tools to reduce exposure to malicious Android software.

Don’t Install Any Mobile App Before Testing It

When users are 100% confident that the source of the app they wish to sideload is safe, there is almost nothing anyone can do to convince them otherwise. Other users may be more on the fence; while they may generally trust the source, a little persuasion wouldn’t hurt.

If reassurance arrives in the form of a VirusTotal report which declares that dozens of security companies tested the app and found nothing wrong, that’s merely a good start. The reality is that these companies are looking for certain types of behavior that piracy-focused apps tend not to display.

Since the topic offers the opportunity, today we’d like to mention a single piece of software that’s extremely easy to use, doesn’t cost a penny, and provides enough information to allow even a beginner to make an informed choice.

MobSF: Free and Easy to Use

Mobile Security Framework (or simply ‘MobSF’) is an all-in-one application that scans Android and iOS apps and provides a detailed security/malware analysis. If one has an APK file to hand, it’s simply a case of dragging the file into MobSF and waiting for the analysis to finish. That’s the first step and also the last, other than reading the generated report.

Installation instructions are available in MobSF’s GitHub repo for both Linux and Windows users , and for those without either, MobSF provides a live demo accessible via a web browser.

After scanning the app, a generated report begins with three or four pages of straightforward information, a few pieces of which we’ve quickly edited together in the image below. Item 3 actually appears first in the report and amounts to an overall score out of 100. A total of 37 means that the streaming app we tested has pretty big issues.

Item 2 provides basic information about the app including its name, filesize and hashes, while item 1 shows where the app had its most significant failings.

The reasons why the app failed are in the report and since even the most technical details receive a clear explanation, overall the report is pretty accessible, even if the exact terms aren’t immediately understood. More often that not, however, learning that an app can obtain the user’s GPS location, telephone number, contacts information, and for some reason has the ability to turn on the phone’s camera and microphone, is clear enough.

Even if very little is understood on the technical side, the report also supplies information about piracy apps unrelated to security, that most people never see but will definitely be intrigued to read.

For those already familiar with this type of report, MobSF also supports dynamic analysis with the assistance of an Android VM.

The discussion paper can be found here on the EUIPO website.

From: TF , for the latest news on copyright battles, piracy and more.

Offering pirate streaming services is a serious offense in the UK, where several people have received multi-year prison sentences in recent history.

These sentences haven’t deterred others from following in their footsteps. Illegal access to paid sports and TV content remains readily available, with vendors and operators profiting from these unauthorized subscriptions.

There has been no shortage of news reports covering IPTV piracy enforcement actions in the UK. These interventions range from remote warnings to house visits, and arrests are no rarity either.

Today, anti-piracy group FACT announced that it has successfully completed yet another sweep. In collaboration with rightsholders, including Sky, the group helped police to identity various ‘sellers’ of so-called pirate streaming devices.

The targets reportedly offered ‘fully loaded’ smart TV devices or Firesticks, which can be used in combination with pirate IPTV subscriptions.

FACT and the 40 IPTV Operators

FACT mentions that 40 illegal ‘IPTV operators’ were served with official warnings. They were either notified via mail by FACT and police, or visited at their home, where a cease-and-desist notice was delivered personally.

The term ‘IPTV operator’ isn’t explained in detail but since the 40 seemingly got off with a warning, it’s unlikely that they played a central part in the broader IPTV piracy ecosystem.

These interventions took place across the UK, including in London, South East England, West Midlands, North West, North East, North Wales and Scotland. According to FACT, it’s part of a larger campaign that aims to disrupt piracy operations.

Three Arrests

In addition to the warnings, police also executed three warrants, resulting in three arrests and house searches. All three suspects have since been released, but investigations remain ongoing.

“Three warrants were also served leading to the arrest of a 42-year-old man in Nottingham, a 51-year-old man from Widnes and a 52-year-old man in Stockton-on-Tees,” FACT reports.

The men were arrested on various grounds ranging from fraud offenses, to violations of the Copyright, Designs and Patents Act, possession of criminal property and possession of Class A drugs.

Several items were seized during the operation, including IPTV streaming devices which will be investigated further.

“Digital devices and ‘fully loaded’ smart TV devices or Firesticks were also seized from the addresses and are currently undergoing forensic examination by FACT,” the group adds.

For those keeping track of law enforcement action in the UK, including arrests and seizures, it’s worth pointing out that the arrests mentioned above have already been heavily publicized. Each arrest appeared in its own press release, around the time they were carried out early to mid-June .

Social Media Purge

Besides targeting suspects, Sky has been busy removing advertisements and social media posts that offer illegal IPTV subscriptions and ‘loaded’ Firesticks to customers in the UK and Ireland.

Since June, the media company reportedly removed over 3,000 listings from various social media platforms. Various ads were removed from Facebook, Instagram, TikTok, and X, while associated accounts were suspended.

FACT and Sky are happy with the results and thank the police for their cooperation. Both hope that this latest enforcement round will send a deterrent message, but it’s unlikely to be the last.

“The action taken by FACT, police and Sky across the country sends a strong message to those involved in illegal streaming operations that they will be identified, and they will face consequences,” Sky’s Matt Hibbert comments.

According to FACT CEO Kieron Sharp, the recent actions are only the beginning.

“FACT and our partners are steadfast in our commitment to disrupt these criminal operations. This is just the start of our enforcement efforts, with more actions planned,” Sharp concludes.

From: TF , for the latest news on copyright battles, piracy and more.

It’s Tuesday, April 24, 2007, and other than Beyoncé & Shakira singing Beautiful Liar on the radio, nothing much is happening.

For someone called haroldlky , whose real identity is currently unknown, at least part of that day was spent opening a channel on YouTube, a video site that was yet to celebrate its second birthday.

On that day more than 17 years ago, the fledgling YouTuber uploaded three videos that appear to have an engineering theme. The total running time for the trio, a modest 42 seconds.

Whether ‘haroldlky’ was content with less than 400 views in total over the next 17 years, or whether he even visited YouTube ever again, is completely unknown. If he visited today, he might be a little surprised.

After suddenly bursting back to life two weeks ago, three new videos were uploaded to his channel. All of these uploads were movies (Eragon, The King, and The Green Knight) dubbed in Hindi, and have since been viewed 376,000 times.

No Isolated Incident

After receiving a tip this morning that something unusual may be playing out on YouTube, we took a closer look. Similar events to that outlined above may have happened before but, roughly two weeks ago, the pace appears to have quickened and may have further increased during the past few days.

Many of the channels currently offering pirated movies appear to be personal accounts that may have been compromised. That’s unlikely to mean an issue at YouTube but rather some kind of data breach on another platform, which typically lead to exploitation of users’ duplication of login credentials across various services.

We have no specific knowledge of the mechanism through which credentials may have been obtained, if indeed that’s the case here. However, if we look at events from the opposite direction, it seems unlikely that a YouTuber uploading math tutorials receiving a few hundred views (above) would suddenly switch to Hollywood blockbusters overnight.

In less than two weeks, these rogue uploads have already been viewed 917K times.

Bigger Movies, Bigger Numbers

It would be impossible for us to document every channel affected, but there are a few that catch the eye. Some channels may have been created in advance for use in nefarious activities. In most cases, however, it’s difficult to determine intent based on scant information. Out of caution, screenshots are partly redacted.

The pair of images below show that channel creation dates can differ wildly. On the left is a channel with 117K subscribers and just seven videos, displaying a join date of September 17, 2023. The pirated films uploaded to the channel are responsible for most of the 7.4 million views generated in the last 10 days.

On the right is a channel with just three videos, 6.1K subscribers, and an ancient join date of March 31, 2007. Just one pirated movie, Fate of the Furious, has already been viewed 582K times since it was uploaded yesterday.

Who, Why, and How is It Possible?

Who might be behind such a significant effort to spread so many movies is too early to say. We assume there’s no way of making money from these uploads, at least not on YouTube, so at least potentially, money may not be a factor.

Judging purely on outward impressions, various presentational factors, and the nature of those commenting on these movies, it seems likely that there’s at least some connection to India. Inbound links to the movies may be of interest to YouTube, but at least initially, a bigger question may be the focus.

For reasons unknown and with no outward indication of video tampering, these movie uploads appear to have completely circumvented Content ID, YouTube’s anti-piracy fingerprinting system. While that can happen for older titles or those already in the system, one would assume every angle would be covered for new and recent movies.

It’s feasible that fingerprints aren’t being supplied or maybe some glitch in the matrix is responsible. Interestingly, an upload of the Netflix series ‘The Gentlemen’ (every episode, running time 6h 23m) shows something that suggests it may have been subjected to scanning.

As seen in the image below, a music track by ‘Zoxer’ titled ‘Forward’ is listed as making an appearance in the series.

If this was indeed a content match and not something manually entered by the uploader, it seems unusual that the rest of the tracks in the series weren’t identified in the same way. Our searches found no record of ‘Forward’ by Zoxer appearing in the series; it may have done, we’ve just had no luck finding it.

The same can’t be said of those enjoying the uploaded movies, who appear to have had no problem finding them while racking up millions of views. It’s hard to say exactly how many millions of views overall, but it’s a significant number, especially when in normal circumstances the figure wouldn’t be worth reporting.

There’s no requirement for YouTube to be proactive in these circumstances, but why nobody has reported the haul below, which represents just a few of the movies uploaded, is certainly interesting.

From: TF , for the latest news on copyright battles, piracy and more.