We have always had rules against the monetization of Kodi addons at the expense of the end user. The pursuit of profit has no place within our community, we are about freedom and sharing – not personal gain. Earlier this week, an independent developer released an addon which included Coin-Hive functionality. Because the developer’s repository had been previously indexed within our unoffcial Kodi addon library, his new tool was also scraped and indexed. While we do not consider this particular developer’s addon to be malware, the situation was quite alarming and we feel the need to address it in order to ensure that it doesn’t happen in the future.
We carefully vet individual developers before their repositories are added to our addon library. If we get a whiff of anything sketchy, we will not approve of the developer. The problem is that once a developer is approved, any new addons he or she creates in the future would also be scraped into our index. This leaves room for things to fall through the cracks, but there’s not much we can do about that without putting ourselves in a position where we’d be micromanaging individual developers. In order to continue to innovate and expand, we need to encourage developer participation and not get involved in their code unless absolutely necessary.
In over six years of operation, there was only one event which ever occured which could be defined as malicious. When that happened, we took swift and immediate action to ensure that end users would not be further exposed. We also permanently banned the developer, even though he was a very loved member of the community. We have always done everything we can to protect our users security and privacy and will continue to do so for as long as we exist. We have never put profit ahead of user experience, and will not tolerate developers doing so. Profit is the kind of thing that poisons an open source community, pegging one developer against another, and we want no part of that.
In case it isn’t already clear: cryptocurrency mining within Kodi addons will not be tolerated. Moving forward, anyone caught including this kind of code in their addons will receive a permanent ban from our community. If we find that something malicious is being done without user consent, we will take steps necessary to disable the addon from our users’ devices using our Indigo tool’s malicious script blocker. We are sorry for anything that may fall through the cracks, but when you run a platform the size of ours it is difficult to directly supervise everything. Worse things happen in the Google Play Store almost daily, open platforms will always be susceptible to abuse.
As for the addon which we referred to in the beginning of this article, it has been banned from our platform and its developer has issued a public apology. To be clear, this addon was never part of our community repository, nor was it pushed to any of our users. It is doubtful that anyone actually downloaded it from our addon library, but even if you did it would not run in the background, so there isn’t really anything to worry about. This was however an eye opener which will result the entire community paying closer attention to any new Kodi addon releases. Please say something if ever you see something.
Thank you in advance for your continued support of our community. We have big things coming which will be sure to excite many of you!