Downloadify, an extension for Google’s web browser Chrome, is allowing users to download full MP3 versions of any song from Spotify’s extensive music catalogue. According to The Verge the app takes advantage of a lack of encryption in Spotify’s web player, a product the company launched in beta in November of last year.
Once installed, the Downloadify app allows users to download a full DRM-free MP3 version of any song they listened to via Spotify’s web player. Google has since had the app removed from their Chrome Web Store, offering a statement that read, “We remove apps from the Chrome Web Store that do not comply with our terms of service.”
This hasn’t fully stifled the threat of the exploit, however, as the code has found its way onto Github a web-based hosting service for software development projects. The leak in Spotify’s own encryption is yet to be addressed.
The ramifications for Spotify are potentially catastrophic, as users with the malicious exploit have full access to the music streaming service’s extensive catalogue of over 20 million songs. Despite the company’s incredible take-up rate, with a total of 20 million users as of December 2012, it has faced lengthy battles with both major and independent record labels and harsh criticism from artists due to their comparatively miniscule royalty payments. This new issue is likely to cause a further backlash against the service.