Fans eager to get their hands on the new album from acclaimed electronic music duo Daft Punk, “Random Access Memories,” a week early were in luck when Apple’s iTunes software recently released an inadvertent leak. The computing giant’s music store has helped promote many major albums in the last year by offering full-length, high-quality streams in advance of their release in an effort to combat piracy. However, due to a software security flaw discovered by 9to5Mac, Apple may have instead been enabling illegal downloads.
Since Apple does not hide or encrypt HTTP requests in iTunes, users could find the URL hosting the stream by using a URL scraping tool, 9to5Mac reported. Equipped with the URL, they could then go to the site to download the entire album for free and save it to their computer in high-quality MP4 format. Although DRM prevented users from playing it on other devices, the hole still raised some significant challenges for the company to address.
The economics of streaming
Artists such as Bob Dylan, Justin Timberlake and David Bowie have all had albums previewed as iTunes streams, and rock band The National was also debuting their album this way at the same time as Daft Punk. Artists generally opt to offer a stream in the hope that fans will go to iTunes to listen to – and possibly, as a result, pre-order – the album rather than downloading a leaked copy, 9to5Mac noted. While doing so might enable fans to rip a lower-quality version, the hope is that added exposure is more valuable.
In the case of Daft Punk, the album had already leaked, but such issues could raise broader concerns as Apple prepares to launch its iRadio streaming service with iOS 7. A tweak to secure the software and prevent such leaks will be important to maintain the trust of record labels with full catalogs of music available.
This problem recently occurred with popular music streaming service Spotify, with a flaw that The Verge dubbed “Spotify’s nightmare.” The publication reported that a freely available Chrome extension could be used to download a full, DRM-free MP3 file of any track being played in the company’s web player, which has been in beta since November but did not encrypt its file transfers. The extension was removed from Chrome’s Web Store and Spotify issued a patch, but the flaw briefly gave anyone access to download any song from the service’s 20 million song catalog.
With the economics of music streaming services still in flux and the music industry as a whole struggling to determine viable business models for the internet, ensuring that such tools do not offer built-in workarounds is essential. To shore up the software security of these types of applications and avoid leaks, programmers can use tools such as static analysis to catch potential errors and make their applications, in the words of Daft Punk, “harder, better, faster and stronger.”
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.