Is new Popcorn Time app dangerous?

Time4Popcorn, one of several groups that revived the now-folded Popcorn Time, has released a fully functional Android app to use torrents to stream Hollywood and other movies. This app will join their existing apps for Windows, Mac OSX, and Linux users. However, some of the other Popcorn Time supporters have raised doubts about the trustworthiness of Time4Popcorn.

In order to get the app, you’ll have to download it straight from the developers at Time4Popcorn. Unsurprisingly, it will not be listed in the Google Play Store due to their copyright infringement rules. While users should always tread lightly when sideloading apps from outside the Play Store, the developers release all source code via Github, so everyone can see whether they have hidden some malware within the app.

Popcorn Time surged to popularity earlier this year. The app, originally only available on desktops and laptops, made the vast array of movie torrents much more navigable by making them searchable with an interface not unlike Netflix or Hulu. Popcorn Time itself did not host or share any of the movies, just linked users to the torrents that could otherwise be found on any number of popular torrent search engines. The creators stayed anonymous, said they were from Argentina, and warned that downloading movies via torrents might be illegal, depending on which country you live in.

The legality of the app itself was always murkier, since it was a middle-man between the torrent itself, which is a clearer violation of the law in the United States and many other countries, and the downloader his or herself, who is also more clearly performing an illegal act in many countries.

“Popcorn Time as a project is legal. We checked. Four Times.”

Just as soon as Popcorn Time exploded in terms of its downloads, media attention, and, probably, legal scrutiny, they shut things down. Popcorn Time’s developers insisted, even then, “Popcorn Time as a project is legal. We checked. Four Times.” Luckily for its fans, the entire project was open source, so groups like Time4Popcorn were able to pick up where the original creators left off.

With the Android app now available, the Time4Popcorn developers promise Chromecast support very soon. This would be an even bigger gamechanger, as Popcorn Time users have always wanted an option that made it simple to watch movies on their televisions.

As great as this might sound, Time4Popcorn’s popularity has come with some detractors, and they seem to have a point. A group of enthusiastic supporters of the Popcorn Time project on Reddit have pointed out a few different concerns about the coding and the ethically questionable tactics of the Time4Popcorn (all typos and emphases in original):

Time4Popcorn uses a centralized server system which can make it vulnerable to takedowns,backdoors and other malwarious code. At this point in time however there has not been found any harmful code in Time4Popcorn. So although this could become a problem, it isn’t now.

At the beginning of the Time4Popcorn project there was also another fork around, called Popcorn Time – Team on Github. Managed and by Jduncanator and later merged by Isra_17. Time4Popcorn stole the entire source code we used, however they did not technically steal anything since according to @jtsiomb only one part of the code was protected. This means that they could just take it since it was Open Source, our Popcorn Time Community however still wants to see credits for the rip-off, since they did use the code.

Time4Popcorn has recently released their own Android version, which uses the same “cloud” that the windows version used aswell. This might be dangerous regarding Android malware but then again, at this point No dangerous code was found in their app. As far as name goes, they named it Popcorn Time, which is not a nice thing to do. This could be to steal traffic from the official Popcorn time (/r/popcorntime) but it could also just be because they want a name change. So once again, there are some things who could be called shady, but there not dangerous as far we know.

Basically, Time4Popcorn is first accused of making their apps in such a way that leaves users vulnerable to a variety of security breaches. It makes it fairly easy for Time4Popcorn to build a backdoor for government surveillance and makes a hack of Time4Popcorn something that puts all of its users at risk. This is at odds with what peer-to-peer technology is all about, which is decentralization. If you have the data coming from all kinds of users, there is no one point at which hackers or law enforcement can break in and affect everyone.

“Time4Popcorn uses a centralized server system which can make it vulnerable to takedowns, backdoors and other malwarious code.”

The second issue is that the code used to build the app has been poorly attributed, according to the allegation. It apparently has not violated any laws, but certainly goes against precedent within the open source community. The use of the name “Popcorn Time” seems to be adding insult to injury, in terms of ripping off former developers.

Time4Popcorn has come back with their own response, which I will excerpt here: was the first available source on the Internet to download Popcorn Time after the original was taken down. We just went for it because we wanted to keep using this awesome program and allow all the other users to keep using it.
The enthusiastic responses came instantly after the launch, and taking the risk of sounding corny- they really touched us. We understood suddenly how much this project meant not only to us, but to thousands of people from all over the world. That’s when we really made the decision to take this project upon our selves and to make Popcorn Time the best live streaming app that ever existed. And to prove this, a week after we first launched we already managed to put TV series on our version of Popcorn Time, which was not an easy task.

We’re writing to defend ourselves against a group of developers who spend their time making accusations instead of working on an awesome project they took upon themselves.

This may sound radical, but these things they are doing in our perspective not only jeopardize our hard work, but maybe even the whole existence of Popcorn Time since potential users who want to download Popcorn Time see it’s “not safe” and withdraw from their plan all together.

As for the nonsense of “stealing” code from others and not giving credit:
In the upcoming weeks, sooner than you think, time4popcorn will work for the first time on Windows XP. We will have Chromecast support, release an Android version, a smart TV version and everything else we wrote above.

In order to achieve all of this we had to develop the whole app over from scratch. The current Popcorn Time is built on technology called NodeWebkit which cannot support our vision, therefore we rebuilt everything from the ground up using Delphi, C++ and Javascript. This new, stronger version of Popcorn Time will also include a new video player which will support every video format out there, a thing that will enable our app to use every video torrent which exists on the web. It will also have a new cross-platform Bittorent engine.

All of these developments will be released as open source under GPL V3 license for the world to use.

Approx 2 months ago we released our version of Popcorn time called time4popcorn. On the top of our home page we wrote these words that are the most important for us: “this PopcornTime service will never be taken down”.
We see this as the first attempt to take us down, first out of many which with no doubt we are expected to receive down the road, so this is our first chance to prove these words we wrote and that we believe in:

We are not going to be taken down. We are here to stay.

Strong words indeed. Of course, there is nothing presently unsafe about Time4Popcorn and it is difficult as an outside observer to make strong declarations about the aforementioned “code nonsense.” If they have indeed rewritten so much, it seems quite odd that their publicly released code has been so close to matching other projects’ code. As the rest of the critique against them discusses, the way they have adapted the software is rather unsafe, even if they don’t have bad intentions.

“We are not going to be taken down. We are here to stay.”

The Time4Popcorn opponents are advocating for Flixtor as a good alternative, especially for Android users.

We don’t want to neglect to warn you that, at least in the United States, you are probably violating the law by using Popcorn Time or any of its variants. The original creators saw this as an ideological stand against anti-consumer copyright protections, and you might too; unfortunately, that won’t get you too far when the federal government comes knocking at your door. Bear in mind that the legality of the project is separate from the legality of the act of using it.

Please tread lightly!

Tags: Android Linux Mac Movies Piracy Technology Windows

comments powered by Disqus