App stores are littered with apps that promise free access to music, but only few live up to expectations. Musi is one of them.

The music app made headlines in 2016 when its founders, who were teenagers at the time, presented their brainchild in an episode of the Canadian edition of Dragons’ Den.

In essence, the software itself is relatively simple. Musi can stream music, which it sources from YouTube, and allows users to create and share playlists. It essentially uses YouTube as a music library, without showing the video.

This functionality directly rivals other streaming apps such as Spotify. However, since content is sourced from YouTube, costs associated with payments to labels are absent from the Musi equation, and that means it’s much cheaper to run.

This business model is a win-win for Musi’s operators and the platform’s users. Music industry insiders, on the other hand, are less pleased. They describe the app as “parasitic”, a reference to the app’s reliance on YouTube content, which it allegedly obtains by circumventing the platform’s technical protection measures.

For Dragon’s Den judge Joe Mimran, potential challenges to the business proved too much. While he was initially interested in investing $125,000 in exchange for a 15 percent stake in the company, the entrepreneur eventually walked away from the deal due to legal concerns.

“I was advised that when companies such as Musi get to a critical size, they could be sued for past use by the publishers,” Mimran informed the Financial Post in 2016.

Musi’s Millions

Musi didn’t throw in the towel after this setback. The app, which was already operational, continued to grow its user base in Apple’s iOS store. In the years that followed, it was downloaded dozens of millions of times.

Currently, Musi is ranked 5th in the App Store’s music category with over 3.5 million mostly positive ratings. That’s truly remarkable for a bootstrapped company that relied on YouTube, without any direct licensing deals in place with the major labels.

Earlier this year, a Wired piece highlighted Musi’s success, while also shedding some light on the legal concerns. The piece doesn’t offer any conclusions, but it suggests that the app is making many millions of dollars by operating in a ‘gray area’.

At the headquarters of global music industry body IFPI, legal matters are black or white, however. The group has had the Musi app in its crosshairs for a while. Information reviewed by TorrentFreak shows that legal pressure is building.

IFPI Reports Musi to Apple

TorrentFreak learned that IFPI reported the Musi app to the App Store last summer. Apple had already removed Musi years ago but later reinstated it. With this new request, the music group hoped for a better outcome.

Four days after IFPI submitted its complaint, U.S. legal counsel for Musi Inc. reached out to IFPI, refuting its claims. Musi’s lawyer argued that the app was merely providing access to publicly available music, stressing that it doesn’t store any content on its servers.

It’s not clear whether Apple took any position in this dispute. We do know that the company, which typically has rigorous copyright standards, didn’t remove Musi from the app store.

Apple’s inaction shows that the legalities surrounding the software are certainly not straightforward. IFPI continued to press on, however, and they eventually booked a small success, which was noticeable for Musi users too.

Secret Sauce

After the initial back and forth in July last year proved unsuccessful, IFPI reached out to Musi’s law firm again in September. Among other things, the music group specifically called out Musi’s “secret sauce” feature which, purportedly, provided access to pre-release music.

The exact contents of the letter are unknown but, in October 2023, Musi permanently removed the “secret sauce” feature.

Meanwhile, IFPI continued to hammer on the precarious legal situation it believes Musi to be in. The group has two main arguments, starting with the claim that the app circumvents YouTube’s technical protection measures.

In addition, it argues that Musi infringes its members’ rights by communicating their works through ‘new means’ to a ‘new audience’.

Musi Inc, however, continues to refute these claims though its legal team and maintains that it operates within the boundaries of copyright law.

Escalation to Apply Maximum Pressure

The communication between IFPI, Musi, and Apple continued into 2024 and the status quo remains. Apple has decided to leave the matter open for now and Musi continues to add over a million new downloads per month, frustrating IFPI.

Around February, the music group proposed to escalate the matter, encouraging its members to help out by putting pressure on Apple, while also involving YouTube in the matter. The plans are as follows, paraphrased:

– Music companies might want to complain to Apple about Musi, using their existing contacts at the company.

– In addition, they should motivate YouTube to take an active stance against the app’s developers, and complain to Apple as well.

– IFPI, for its part, should inquire among legal contacts to see whether there’s a basis for a lawsuit against Musi.

These plans would use existing business relationships to tackle the Musi problem. Whether any of these suggestions were followed up, and if so, to what extent, is unknown. The proposal is a few months old by now and from the outside there doesn’t appear to be much movement. That could easily change, of course.

After more than a year, users of the Musi app haven’t noticed anything new since much of the pressure is applied behind closed doors. In itself that’s an interesting observation, as it makes one wonder what else is going on.

It’s clear, however, that IFPI can garner the full power of its high-profile record label members. These are also the names that are likely to be listed on a lawsuit, if it ever comes to that.

From: TF , for the latest news on copyright battles, piracy and more.

Fortnite va partir de certaines boutiques sur mobiles, pour qu'on le retrouve plus fort ailleurs.

Epic Games a envie de frapper fort sur le mobile. La multinationale a conjointement officialisé le retour imminent de Fortnite sur iOS et l'arrivée de l'Epic Games Store au format mobile.

Depuis plusieurs années, Google Maps est de loin l'application qui domine le marché des cartes interactives en ligne. Mais, avec la nouvelle application Plans d'Apple (Apple Maps en anglais) disponible depuis hier sur les navigateurs, les cartes pourraient être redistribuées, sans mauvais jeu de mots.

Apple vient de lancer ce mercredi la version web de son service Apple Plans, plus de 10 ans après les débuts de l'application.

Read 10 remaining paragraphs | Comments

Apple n'a encore fait aucune annonce officielle, mais les rumeurs se multiplient concernant le futur de l'iPhone et l'arrivée d'une version pliante.

[Deal du jour] Dans le monde des enceintes connectées, Apple ne règne pas en maître. Pourtant, sa petite enceinte connectée HomePod Mini est un modèle qui possède de nombreux arguments, surtout à moins de 100 €.

The positions of Apple and Google are very clear when it comes to piracy app availability in their respective stores. Whether created for iOS or Android, they are not allowed. Period.

With the theory neatly wrapped up, reality tends to take over and at that point, the bright lines become a little blurred. Right now there are apps on the App Store and Google Play which offer TV schedule/EPG-type functionality out of the box, exactly as advertised. However, a tap here and an adjustment there reveals new functionality mentioned nowhere in official product descriptions.

Stealth Piracy

A report late last week revealed that an iOS app called “Collect Cards: Store Box” which claimed to manage photos and videos, had hidden its true potential away for more than a year.

This wolf in sheep’s clothing was reportedly a full-blown pirate streaming app offering content from Netflix, Disney+, Amazon Prime, HBO Max, even Apple TV+ according to the report. Such was the app’s success, it made it the top #2 slot on the App Store in Brazil; through the use of geo-blocking, users of the app in the United States weren’t shown the illegal features, which limited the chances of being quickly shut down.

Tactics like these aren’t new. Piracy functionality has been hidden inside puzzle games and Shazam-like audio recognition apps, on both the App Store and Google Play. The music industry has complained that apps that don’t make any real effort to hide have also been able to evade vetting .

Apps and App Stores Discussion Paper

These issues and more are addressed in a new discussion paper released this month. Titled Apps and App Stores , the paper is based on the work of the EU’s Intellectual Property Office Observatory’s Expert Group on Cooperation with Intermediaries. The paper doesn’t represent the official position of the EUIPO but does provide an interesting overview of piracy-related problems in connection with mobile apps.

Mainstream app stores have systems in place to screen apps and their updates. In part this is to prevent infringing apps from being offered to the public, but developers can employ various evasion techniques to undermine that.

Evasion Techniques

As well as disguising piracy apps as something more benign, malicious code and/or infringing functionality can be hidden from the review process using encryption or delays. Additional code can be installed after the initial review, or following a subsequent update.

The paper also touches on apps behaving differently depending on the region and by changing when an app is made available. The report says that developers have been observed “hiding the app from their account and subsequently on the app store during certain days of the week to avoid detection from right holders.”

Rather than using encryption or other techniques that provide an element of stealth, other apps are said to operate right out in the open by simply claiming to be a legitimate service.

“[S]ome apps, purportedly disguised in a false appearance of legality, dissociate themselves from the illegal sharing of protected content they support, which is the core of their activities. These apps have terms and conditions highlighting their neutral nature with regard to the content used through their services, which do not reflect on the reality of the service provided,” the paper explains.

“This may lead app stores to require additional information and proof of the illegal nature of the app from right holders before making a decision on whether to block or remove the app in question.”

Third-Party App Stores

From the perspective of the average user, iPhone and iPad devices running iOS are restricted to content available from their respective app stores. For Android users, however, the app landscape is much more open. It’s likely that most users will be satisfied with Google Play, but on Android it’s trivial to allow apps not obtained from the official store to be installed on a device.

As the ‘stealth’ app issue demonstrates only too well, app store review processes are not bulletproof. However, users who ‘sideload’ apps using alternative app stores, or even randomly from anywhere else on the internet, expose themselves to apps (APK) that in many cases undergo no review whatsoever. While that doesn’t automatically make these apps unsafe, there’s nothing in place to ensure the opposite either.

The discussion paper notes that software is available from official app stores that may be able to identify potentially malicious apps and alert users to prevent installation. The paper also cites an article published by TF in 2023 in which we offered some basic tips on how to use beginner-friendly tools to reduce exposure to malicious Android software.

Don’t Install Any Mobile App Before Testing It

When users are 100% confident that the source of the app they wish to sideload is safe, there is almost nothing anyone can do to convince them otherwise. Other users may be more on the fence; while they may generally trust the source, a little persuasion wouldn’t hurt.

If reassurance arrives in the form of a VirusTotal report which declares that dozens of security companies tested the app and found nothing wrong, that’s merely a good start. The reality is that these companies are looking for certain types of behavior that piracy-focused apps tend not to display.

Since the topic offers the opportunity, today we’d like to mention a single piece of software that’s extremely easy to use, doesn’t cost a penny, and provides enough information to allow even a beginner to make an informed choice.

MobSF: Free and Easy to Use

Mobile Security Framework (or simply ‘MobSF’) is an all-in-one application that scans Android and iOS apps and provides a detailed security/malware analysis. If one has an APK file to hand, it’s simply a case of dragging the file into MobSF and waiting for the analysis to finish. That’s the first step and also the last, other than reading the generated report.

Installation instructions are available in MobSF’s GitHub repo for both Linux and Windows users , and for those without either, MobSF provides a live demo accessible via a web browser.

After scanning the app, a generated report begins with three or four pages of straightforward information, a few pieces of which we’ve quickly edited together in the image below. Item 3 actually appears first in the report and amounts to an overall score out of 100. A total of 37 means that the streaming app we tested has pretty big issues.

Item 2 provides basic information about the app including its name, filesize and hashes, while item 1 shows where the app had its most significant failings.

The reasons why the app failed are in the report and since even the most technical details receive a clear explanation, overall the report is pretty accessible, even if the exact terms aren’t immediately understood. More often that not, however, learning that an app can obtain the user’s GPS location, telephone number, contacts information, and for some reason has the ability to turn on the phone’s camera and microphone, is clear enough.

Even if very little is understood on the technical side, the report also supplies information about piracy apps unrelated to security, that most people never see but will definitely be intrigued to read.

For those already familiar with this type of report, MobSF also supports dynamic analysis with the assistance of an Android VM.

The discussion paper can be found here on the EUIPO website.

From: TF , for the latest news on copyright battles, piracy and more.