Le Google Play Store se prépare à une véritable révolution avec cette nouvelle mise à jour. On vous présente tous les changements annoncés par Google.

The positions of Apple and Google are very clear when it comes to piracy app availability in their respective stores. Whether created for iOS or Android, they are not allowed. Period.

With the theory neatly wrapped up, reality tends to take over and at that point, the bright lines become a little blurred. Right now there are apps on the App Store and Google Play which offer TV schedule/EPG-type functionality out of the box, exactly as advertised. However, a tap here and an adjustment there reveals new functionality mentioned nowhere in official product descriptions.

Stealth Piracy

A report late last week revealed that an iOS app called “Collect Cards: Store Box” which claimed to manage photos and videos, had hidden its true potential away for more than a year.

This wolf in sheep’s clothing was reportedly a full-blown pirate streaming app offering content from Netflix, Disney+, Amazon Prime, HBO Max, even Apple TV+ according to the report. Such was the app’s success, it made it the top #2 slot on the App Store in Brazil; through the use of geo-blocking, users of the app in the United States weren’t shown the illegal features, which limited the chances of being quickly shut down.

Tactics like these aren’t new. Piracy functionality has been hidden inside puzzle games and Shazam-like audio recognition apps, on both the App Store and Google Play. The music industry has complained that apps that don’t make any real effort to hide have also been able to evade vetting .

Apps and App Stores Discussion Paper

These issues and more are addressed in a new discussion paper released this month. Titled Apps and App Stores , the paper is based on the work of the EU’s Intellectual Property Office Observatory’s Expert Group on Cooperation with Intermediaries. The paper doesn’t represent the official position of the EUIPO but does provide an interesting overview of piracy-related problems in connection with mobile apps.

Mainstream app stores have systems in place to screen apps and their updates. In part this is to prevent infringing apps from being offered to the public, but developers can employ various evasion techniques to undermine that.

Evasion Techniques

As well as disguising piracy apps as something more benign, malicious code and/or infringing functionality can be hidden from the review process using encryption or delays. Additional code can be installed after the initial review, or following a subsequent update.

The paper also touches on apps behaving differently depending on the region and by changing when an app is made available. The report says that developers have been observed “hiding the app from their account and subsequently on the app store during certain days of the week to avoid detection from right holders.”

Rather than using encryption or other techniques that provide an element of stealth, other apps are said to operate right out in the open by simply claiming to be a legitimate service.

“[S]ome apps, purportedly disguised in a false appearance of legality, dissociate themselves from the illegal sharing of protected content they support, which is the core of their activities. These apps have terms and conditions highlighting their neutral nature with regard to the content used through their services, which do not reflect on the reality of the service provided,” the paper explains.

“This may lead app stores to require additional information and proof of the illegal nature of the app from right holders before making a decision on whether to block or remove the app in question.”

Third-Party App Stores

From the perspective of the average user, iPhone and iPad devices running iOS are restricted to content available from their respective app stores. For Android users, however, the app landscape is much more open. It’s likely that most users will be satisfied with Google Play, but on Android it’s trivial to allow apps not obtained from the official store to be installed on a device.

As the ‘stealth’ app issue demonstrates only too well, app store review processes are not bulletproof. However, users who ‘sideload’ apps using alternative app stores, or even randomly from anywhere else on the internet, expose themselves to apps (APK) that in many cases undergo no review whatsoever. While that doesn’t automatically make these apps unsafe, there’s nothing in place to ensure the opposite either.

The discussion paper notes that software is available from official app stores that may be able to identify potentially malicious apps and alert users to prevent installation. The paper also cites an article published by TF in 2023 in which we offered some basic tips on how to use beginner-friendly tools to reduce exposure to malicious Android software.

Don’t Install Any Mobile App Before Testing It

When users are 100% confident that the source of the app they wish to sideload is safe, there is almost nothing anyone can do to convince them otherwise. Other users may be more on the fence; while they may generally trust the source, a little persuasion wouldn’t hurt.

If reassurance arrives in the form of a VirusTotal report which declares that dozens of security companies tested the app and found nothing wrong, that’s merely a good start. The reality is that these companies are looking for certain types of behavior that piracy-focused apps tend not to display.

Since the topic offers the opportunity, today we’d like to mention a single piece of software that’s extremely easy to use, doesn’t cost a penny, and provides enough information to allow even a beginner to make an informed choice.

MobSF: Free and Easy to Use

Mobile Security Framework (or simply ‘MobSF’) is an all-in-one application that scans Android and iOS apps and provides a detailed security/malware analysis. If one has an APK file to hand, it’s simply a case of dragging the file into MobSF and waiting for the analysis to finish. That’s the first step and also the last, other than reading the generated report.

Installation instructions are available in MobSF’s GitHub repo for both Linux and Windows users , and for those without either, MobSF provides a live demo accessible via a web browser.

After scanning the app, a generated report begins with three or four pages of straightforward information, a few pieces of which we’ve quickly edited together in the image below. Item 3 actually appears first in the report and amounts to an overall score out of 100. A total of 37 means that the streaming app we tested has pretty big issues.

Item 2 provides basic information about the app including its name, filesize and hashes, while item 1 shows where the app had its most significant failings.

The reasons why the app failed are in the report and since even the most technical details receive a clear explanation, overall the report is pretty accessible, even if the exact terms aren’t immediately understood. More often that not, however, learning that an app can obtain the user’s GPS location, telephone number, contacts information, and for some reason has the ability to turn on the phone’s camera and microphone, is clear enough.

Even if very little is understood on the technical side, the report also supplies information about piracy apps unrelated to security, that most people never see but will definitely be intrigued to read.

For those already familiar with this type of report, MobSF also supports dynamic analysis with the assistance of an Android VM.

The discussion paper can be found here on the EUIPO website.

From: TF , for the latest news on copyright battles, piracy and more.

Une vaste campagne de vol de données personnelles sur les smartphones a été repérée par des experts en cybersécurité. Le logiciel malveillant est programmé pour infecter des appareils sous Android.

Spain found itself at the center of a worldwide controversy last month when it was revealed that various rightsholders had somehow managed to convince a local judge to block Telegram in its entirety .

Under intense pressure, the judge quickly rolled back the decision after an advisor concluded that the planned measure was massively disproportionate. Just weeks later, a row over an app that’s no longer available from any official app store, seems to be heading towards another controversy and yet more debate on what constitutes a proportionate response to online piracy.

This time top-tier football league LaLiga stands front and center.

Newplay: Popular .M3U Player Unpopular With LaLiga

For an explanation of the capabilities of the Newplay app, here’s what LaLiga itself told the European Commission in a 2022 submission to its Counterfeiting and Piracy Watch List ( pdf, translated )

The ‘Newplay IPTV’ player application, developed by ITECH SLU, is one of the main player apps focused on Spain. In 2021, more than 900,000 users downloaded the app through Google Play, in Spain alone. This application has its own website (www.newplay.site) and has various profiles on social networks and communication channels: Telegram (+17k members); Twitch (+2,000 followers); Instagram (+29.2k followers); YouTube (23k subscribers). Through these, the use of the app is promoted. As can be seen in the attached evidence, through this application users can access various audiovisual content such as sports, TV channels, series, movies, etc.

That the description above offered plenty of facts and figures for everything except the alleged infringement, which only gets a line of attention right at the end, isn’t exactly typical of these kinds of submissions. The evidence amounted to a screenshot of a video of the app on YouTube, showing icons for various TV channels, two of which appeared to relate to LaLiga.

Crucially, there were no claims that the app arrives in the hands of users already configured to supply LaLiga match streams, nor was there any mention that the app requires users to supply their own M3U playlists. However, there was a screenshot of a comment made by a user querying an in-app message (“It asks me to enter a URL, what do I have to do?”) and two responses.

One response appeared to be from someone affiliated with Newplay, who wrote: “You have to add or create a channel list.” The other response linked to a URL where a playlist could be obtained. If that playlist had been posted by someone working for Newplay, that could’ve caused problems. There are no signs that was the case though; in isolation it only adds weight to the claim that no channels were provided in the app.

LaLiga Takes Complaint to Court

In the same month as the submission, April 2022, LaLiga walked away from a Spanish court (Juzgado de. Instrucción Nº 1 de Cieza) with an order that targeted Newplay.

The order is referenced multiple times on the LaLiga website but no copy has been posted for public consumption and, thus far, we’ve had no luck locating a copy. The big question is whether the order was handed down after an adversarial procedure or one that relied purely on evidence supplied by LaLiga.

What does seem clear, however, is that the order required various intermediaries to take action to undermine Newplay’s ability to remain functional. Whether the companies took action before or after the order was handed down isn’t clear but Google, Apple, and Huawei acted similarly by removing Newplay from their app stores.

But for LaLiga’s top man, that wasn’t enough. Last September, Javier Tebas revealed that LaLiga had “eliminated” 58 pirate apps, by unspecified means, together worth a million downloads in Spain. He said that having “eliminated” the apps, LaLiga wanted Google to ‘locate’ apps already downloaded onto users phones, so they too could be “eliminated”. If the same can be done for child abuse images, then the same should apply to piracy tools, Tebas said.

There was no official response from Google, but it’s not difficult to see why the prospect of digging into users’ phones, to remotely delete content, could be problematic. The privacy implications alone could cause huge headaches, as LaLiga is well aware; a 250,000 euro fine for turning fans phones into piracy spying devices should’ve been an instant reminder, logically at least.

Instead, LaLiga is doubling down

According to an eLDiario.es report, LaLiga has now asked the investigating judge in the Newplay case to charge the local directors of Google, Apple, and Huawei, with “a crime of serious disobedience.” This relates to their alleged failures to prevent users of their app ecosystems from continuing to use downloaded copies of Newplay that still exist on their devices.

It’s a crime that carries a sentence of up to a year in prison.

In these preliminary proceedings, Google, Apple, and Huawei as corporate entities also stand accused of the same “crime of serious disobedience.” They also stand accused of cooperating with Newplay’s developer while profiting from his allegedly infringing, ad-supported activities.

“The person under investigation used his ‘simple’ video player as a necessary instrument for his clients to access the Television services he offered in exchange for a subscription or advertising, violating the rights of the content owners,” LaLiga informed the court, as recalled by elDiario.es .

In addition to removing the app from their stores, the order required Google, Apple, and Huawei to “prevent users” who had downloaded app from “accessing the application.” It further ordered them to “immediately cease payment of commissions” derived from Newplay’s paid version (without ads) and make available to the court “the amounts that may be pending delivery” to the Newplay developer.

According to LaLiga, the companies haven’t complied in either respect. All three refused to comment for legal reasons.

As reported this weekend, the app Smart IPTV was blocked by ISPs in Spain recently . In common with Newplay, Smart IPTV is also an .M3U player and comes with no infringing content or links.

From: TF , for the latest news on copyright battles, piracy and more.

Read 19 remaining paragraphs | Comments

Quelques semaines après l'entrée en vigueur du Digital Markets Act (DMA), la Commission européenne va enquêter sur l'application du texte chez Alphabet, Apple et Meta. En cas de non-conformité avérée, ces entreprises pourraient être forcées à changer leurs pratiques.

Comme Apple, Google annonce plusieurs changements à venir sur le Play Store, le magasin d'applications d'Android. Parmi eux, la possibilité pour un développeur de rediriger vers un site web pour finaliser un paiement.

While anti-piracy enforcement actions are likely to be at the highest level ever seen, there’s no shortage of sites and services surging to millions of monthly visits before appearing to attract negative attention.

Piracy services slipping through the net may not have actually done so completely unnoticed, however. Finite anti-piracy resources or strategy may play a role in services staying online, and not every platform warrants immediate attention.

That being said, when piracy-focused apps appear on Google Play and somehow manage to grow huge audiences for month, that can be puzzling. Google will take down obviously infringing apps in response to a DMCA takedown notice and since major rightsholders can file those in an instant, it’s difficult to know why popular apps don’t get taken down.

Pirate Streaming Apps on Google Play

As part of its coverage of the new Piracy Shield IPTV blocking system recently deployed in Italy, local tech news outlet DDAY.it recently highlighted pirate streaming apps on Google Play, some with hundreds of thousands of downloads. Those mentioned in the article focus on live football streams, the same priority content Piracy Shield is supposed to wipe out.

While that lofty goal was never likely to be achieved in two weeks, DDAY asked Google why the apps hadn’t been delisted and, from Google’s response, the question seems likely to have mentioned Piracy Shield.

The platform built by AGCOM, Piracy Shield, is used to notify providers who provide access to sites hosting infringing content with orders to disable such access. However, hosting service providers such as the Google Play Store are not subject to these orders.

In any case and regardless of the legislation in question, it is always possible for authorities and users to report apps that allow activities in violation of the law or platform rules as described here . (Response from Google)

As a statement of fact, Google’s response is non-controversial. In contrast, a subsequent comment from AGCOM significantly muddies the waters.

Comply With The Law, But Do More

Google accepts DMCA takedown notices from copyright holders and those authorized to act on their behalf, as the provided link demonstrates. That tends to suggest that takedown notices to remove the apps from Google Play may not have been sent by the relevant rightsholders.

In his response, AGCOM Commissioner Massimiliano Capitano doesn’t address the possibility that an existing anti-piracy option wasn’t used. Instead, he says that others simply need to do more.

In this historical moment we need an alliance for legality, which passes through respect for the rules but also through autonomous initiatives by private entities inspired by ethics and self-regulation. Nobody asks for an ex ante filter, nor to wear blindfolds. (Response from AGCOM Commissioner Capitano)

If “respect for the rules” means compliance with the law, the law says that if Google receives a proper complaint, those apps would have to come down. If “autonomous initiatives” is a reference to private deals that go beyond the strict requirements of the law, Google would still need to know which content to remove and why.

Since only the relevant rightsholders have that information, having them supply it in a takedown notice seems like a clear and efficient option.

Law 93/2023, Article 2, Paragraph 5

After suggesting that Google should ethically remove content without rightsholder involvement, Commissioner Capitano goes on to claim that the new law passed last year does indeed apply to the Play Store, contrary to Google’s earlier statement.

[I] would like to remind you that law 93/2023 following the amendments prepared by the Caivano Decree, paragraph 5 of article 2 expressly provides that search engines and other sites, even if they are not directly involved in accessibility of Pirate sites subject to Agcom investigation, must adopt all technical measures useful to hinder the visibility of illicit content. (AGCOM Commissioner Capitano )

The relevant section of the law ( art. 2, para 5 ), states that network access service providers, search engine operators and information society service providers “involved in any capacity in the accessibility of the website or illegal services” must within 30 minutes, disable DNS resolution of domain names and traffic routing to the notified IP addresses.

Google Can’t Comply With The Above

While AGCOM and Google argue over whether Google Play qualifies under the law, it’s beyond clear that Google’s ability to comply with the above terms in respect of an app is all but impossible.

Any app providing access to pirated streams will do so using IP addresses and DNS servers of which Google Play has no knowledge. Even if it had knowledge, Google Play could do nothing about that; it doesn’t supply internet connectivity and doesn’t control DNS. In the event the app relied on Google DNS, then Google DNS should be served with a blocking order, not Google Play.

Google Play Could Do ‘Something’

The law does provide a catch-all clause that requires platforms, “in any case…to adopt technological measures or the organizational measures necessary to prevent access to content disseminated illegally.”

That could logically mean the removal of an app from Google Play. However, regardless of what action is eventually taken, the targets are first identified by rightsholders and then placed in a list, which is subsequently made available to the service providers to take action. Without that list, no action can be taken because, ethically or not, guesses are no match for facts.

That leads to the conclusion that as well as likely receiving no takedown notices, Google Play has received no lists of targets to take action against under the new law, regardless of whether the law applies to it or not.

Furthermore, the only reason those pirate streaming apps remain useful is purely down to the availability of streams accessible within the app. Since it’s Piracy Shield’s job to render those inaccessible, that might be a good place to start.

From: TF , for the latest news on copyright battles, piracy and more.

Read 1 remaining paragraphs | Comments