Music service Spotify has closed a flaw in its service that allowed free downloads from its song library through Google’s Chrome browser.
A Chrome extension called Downloadify appeared in the Chrome Web Store this week that took advantage of a hole in Spotify’s web player. With the extension installed, songs played through the web player could be downloaded free, without any digital-rights protection.
Under Spotify’s subscription model, subscribers can download songs to their devices and listen to them as long as they keep their membership current. If they leave Spotify or miss a payment, listening is disabled.
With Downloadify, songs could be downloaded from Spotify’s library of more than 20 million songs without being subject to the subscription restrictions.
Moves made to stop free downloads
When news of Downloadify began to spread, Google took the applet down from the Chrome Web Store.
Subsequently, Spotify closed the hole in its web player, although when it was contacted by PC World for comment about the flaw, a spokesperson said via email, “We are aware of the issue and are currently working on a fix.”
Downloadify was developed by Robin Aldenhoven, a web designer in The Netherlands, who says he created the extension to get Spotify to fix the flaw that has been unaddressed for months.
“I wanted them to fix it, and they did,” he told PCWorld in an interview.
“I thought it was taking too long – four or five months – and now they fixed it in a day,” he said. “As a result, I’m pretty happy.”
Aldenhoven estimates that about 16,000 songs were downloaded without any digital-rights protection before the extension was sacked.
He said he discovered the flaw while studying the operation of Spotify’s website to improve his own web designs.
When he saw the MP3s downloading, he assumed they were restricted by DRM. “When I saw it didn’t, I said, ‘Whoa! this is going to be big trouble for them’,” he said.
by John P Mello Jr, Techhive