research-article

Decoding the Kodi Ecosystem

Authors:
Yunming Xiao

Northwestern University, Evanston, IL

Northwestern University, Evanston, IL

0000-0002-4913-4881
View Profile

,
Matteo Varvello

Nokia Bell Labs, New Providence, NJ

Nokia Bell Labs, New Providence, NJ

0000-0001-8500-4630
View Profile

,
Marc Warrior

Northwestern University, Evanston, IL

Northwestern University, Evanston, IL

0000-0003-3253-4552
View Profile

,
Aleksandar Kuzmanovic

Northwestern University, Evanston, IL

Northwestern University, Evanston, IL

0000-0003-2622-6019
View Profile

Authors Info & Claims

ACM Transactions on the Web Volume 17 Issue 1Article No.: 2pp 1–36https://doi.org/10.1145/3563700

Published:01 February 2023Publication History

ACM Transactions on the Web

Abstract

Free and open-source media centers are experiencing a boom in popularity for the convenience they offer users seeking to remotely consume digital content. Kodi is today’s most popular home media center, with millions of users worldwide. Kodi’s popularity derives from its ability to centralize the sheer amount of media content available on the Web, both free and copyrighted. Researchers have been hinting at potential security concerns around Kodi, due to add-ons injecting unwanted content as well as user settings linked with security holes. Motivated by these observations, this article conducts the first comprehensive analysis of the Kodi ecosystem: 15,000 Kodi users from 104 countries, 11,000 unique add-ons, and data collected over 9 months.

Our work makes three important contributions. Our first contribution is that we build “crawling” software (de-Kodi) which can automatically install a Kodi add-on, explore its menu, and locate (video) content. This is challenging for two main reasons. First, Kodi largely relies on visual information and user input which intrinsically complicates automation. Second, the potential sheer size of this ecosystem (i.e., the number of available add-ons) requires a highly scalable crawling solution. Our second contribution is that we develop a solution to discover Kodi add-ons. Our solution combines Web crawling of popular websites where Kodi add-ons are published (LazyKodi and GitHub) and SafeKodi, a Kodi add-on we have developed which leverages the help of Kodi users to learn which add-ons are used in the wild and, in return, offers information about how safe these add-ons are, e.g., do they track user activity or contact sketchy URLs/IP addresses. Our third contribution is a classifier to passively detect Kodi traffic and add-on usage in the wild.

Our analysis of the Kodi ecosystem reveals the following findings. We find that most installed add-ons are unofficial but safe to use. Still, 78% of the users have installed at least one unsafe add-on, and even worse, such add-ons are among the most popular. In response to the information offered by SafeKodi, one-third of the users reacted by disabling some of their add-ons. However, the majority of users ignored our warnings for several months attracted by the content such unsafe add-ons have to offer. Last but not least, we show that Kodi’s auto-update, a feature active for 97.6% of SafeKodi users, makes Kodi users easily identifiable by their ISPs. While passively identifying which Kodi add-on is in use is, as expected, much harder, we also find that many unofficial add-ons do not use HTTPS yet, making their passive detection straightforward.¹

REFERENCES

[1] Crean el primer antivirus para Kodi: protégete de addons con malware. [n. d.]. Retrieved June 2021 from https://www.adslzone.net/noticias/seguridad/safekodi-primer-antivirus-kodi.Google Scholar
[2] Is Your Kodi Virus Free? How to Scan With SafeKodi - TROYPOINT Vids. [n. d.]. Retrieved June 2021 from https://www.youtube.com/watch?v=xCW_2v1vkWM.Google Scholar
[3] Kodi2020 - Novedad para kodi - El antivirus! - tutvboxaldia kodiAndroid. [n. d.]. Retrieved June 2021 from https://www.youtube.com/watch?v=tLxmJLcaZq4.Google Scholar
[4] mwarrior/dekodi. [n. d.]. Retrieved June 2021 from https://github.com/mwarrior92/dekodi.Google Scholar
[5] Safekodi, el addon definitivo si quieres utilizar Kodi de forma segura. [n. d.]. Retrieved June 2021 from https://www.hobbyconsolas.com/noticias/safekodi-addon-definitivo-quieres-utilizar-kodi-forma-segura-599759.Google Scholar
[6] Sandvine 2017. [n. d.]. Spotlight: The “Fully Loaded” Kodi Ecosystem. Available at Retrieved June 2021 from https://www.sandvine.com/hubfs/downloads/archive/2017-global-internet-phenomena-spotlight-kodi.pdf.Google Scholar
[7] Warning - Be Aware What Additional Add-ons You Install. 2016. Retrieved June 2021 from https://kodi.tv/article/warning-be-aware-what-additional-add-ons-you-install/.Google Scholar
[8] Kodi Add-ons Launch Cryptomining Campaign. 2018. Retrieved June 2021 from https://www.welivesecurity.com/2018/09/13/kodi-add-ons-launch-cryptomining-campaign/.Google Scholar
[9] Rampant Kodi Malware? It’s Time to Either Put Up or Shut Up. 2018. Retrieved June 2021 from https://torrentfreak.com/rampant-kodi-malware-its-time-to-either-put-up-or-shut-up-190610/.Google Scholar
[10] Cisco Umbrella Top 1 Million. 2019. Retrieved June 2021 from https://umbrella.cisco.com/blog/2016/12/14/cisco-umbrella-1-million/.Google Scholar
[11] ffprobe Documentation. 2019. Retrieved June 2021 from https://ffmpeg.org/ffprobe.html.Google Scholar
[12] Fishing in the Piracy Stream: How the Dark Web of Entertainment is Exposing Consumers to Harm. 2019. Retrieved June 2021 from https://www.digitalcitizensalliance.org/clientuploads/directory/Reports/DCA_Fishing_in_the_Piracy_Stream_v6.pdf.Google Scholar
[13] Kodi Add-On Developer Arrested On Same Day as Popular Repo Goes Down. 2019. Retrieved June 2021 from https://torrentfreak.com/kodi-add-on-developer-arrested-on-same-day-as-popular-repo-goes-down-190619/.Google Scholar
[14] Microsoft Azure. 2019. Retrieved June 2021 from https://azure.microsoft.com/en-us/.Google Scholar
[15] Popular Kodi Addon ‘Exodus’ Turned Users into a DDoS “Botnet”. 2019. Retrieved June 2021 from https://torrentfreak.com/popular-kodi-addon-exodus-turned-users-into-a-ddos-botnet-170203/.Google Scholar
[16] Real-Debrid. 2019. Retrieved June 2021 from https://real-debrid.com/.Google Scholar
[17] Tesseract Open Source OCR Engine. 2019. Retrieved June 2021 from https://github.com/tesseract-ocr/tesseract.Google Scholar
[18] Tstat - TCP STatistic and Analysis Tool. 2019. Retrieved June 2021 from http://tstat.polito.it/.Google Scholar
[19] XVFB. 2019. Retrieved June 2021 from https://www.x.org/releases/X11R7.6/doc/man/man1/Xvfb.1.xhtml.Google Scholar
[20] Add-on Structure.2020. Retrieved June 2021 from https://kodi.wiki/view/Add-on_structure#Directory_Name.Google Scholar
[21] AWS EC2. 2020. Retrieved June 2021 from https://aws.amazon.com/ec2/.Google Scholar
[22] Canadian ISPs Continue Quest To Bankrupt TVAddons, Site That Hosted Tons Of Legal Kodi Addons.2020. Retrieved June 2021 from https://www.techdirt.com/articles/20190924/17181743063/canadian-isps-continue-quest-to-bankrupt-tvaddons-site-that-hosted-tons-legal-kodi-addons.shtml.Google Scholar
[23] CBlocked Kodi Streams by UK Service Providers: Access More Streams!2020. Retrieved June 2021 from https://koditips.com/blocked-kodi-streams-uk/.Google Scholar
[24] Conline: 18 Million Brits Fall Victim To Counterfeit Electrical Goods Online.2020. Retrieved June 2021 from https://www.electricalsafetyfirst.org.uk/media-centre/press-releases/2018/06/conline-18-million-brits-fall-victim-to-counterfeit-electrical-goods-online/.Google Scholar
[25] Docker. 2020. Retrieved June 2021 from https://www.docker.com/.Google Scholar
[26] EasyList. 2020. Retrieved June 2021 from https://easylist.to/.Google Scholar
[27] Exodus Redux. 2020. Retrieved June 2021 from https://github.com/I-A-C/I-A-C.github.io/.Google Scholar
[28] FireHol IP Lists. 2020. Retrieved June 2021 from https://iplists.firehol.org/.Google Scholar
[29] GeoLite2. 2020. Retrieved June 2021 from https://dev.maxmind.com/geoip/geoip2/geolite2/.Google Scholar
[30] Github. 2020. Retrieved June 2021 from https:/github.com.Google Scholar
[31] Google Safe Browsing. 2020. Retrieved June 2021 from https://safebrowsing.google.com/.Google Scholar
[32] HTTPS Encryption on the Web.2020. Retrieved June 2021 from https://transparencyreport.google.com/https/overview.Google Scholar
[33] Kodi’s JSON-RPC. 2020. Retrieved from https://kodi.wiki/view/JSON-RPC_API/v8.Google Scholar
[34] LazyKodi. 2020. Retrieved from https:/lazykodi.com.Google Scholar
[35] Mitmproxy. 2020. Retrieved June 2021 from https://mitmproxy.org/.Google Scholar
[36] Pirate TV Box Seller Sentenced to 16 Months in Jail.2020. Retrieved June 2021 from https://torrentfreak.com/pirate-tv-box-seller-sentenced-to-16-months-in-jail-180820/.Google Scholar
[37] Reddit. 2020. Retrieved June 2021 from https:/reddit.com.Google Scholar
[38] SafeKodi. 2020. Retrieved June 2021 from https://safekodi.com/.Google Scholar
[39] Shodan. 2020. Retrieved June 2021 from https://www.shodan.io/.Google Scholar
[40] SportsDevil. 2020. Retrieved June 2021 from https://github.com/AsvpArchy/plugin.video.SportsDevil/.Google Scholar
[41] TVAddons Returns, But in Ugly War With Canadian Telcos Over Kodi Addons.2020. Retrieved from https://torrentfreak.com/tvaddons-returns-ugly-war-canadian-telcos-kodi-addons-170801/.Google Scholar
[42] Böttger Timm, Cuadrado Félix, Antichi Gianni, Fernandes Eder Leão, Tyson Gareth, Castro Ignacio, and Uhlig Steve. 2019. An empirical study of the cost of DNS-over-HTTPS. In Proceedings of the Internet Measurement Conference. 15–21. DOI:Google ScholarDigital Library
[43] Cisco. 2020. A New Paradigm for Dealing with Illegal Redistribution of Content. 2020. Retrieved June 2021 from https://blogs.cisco.com/sp/a-new-paradigm-for-dealing-with-illegal-redistribution-of-content.Google Scholar
[44] Clay Andrew. 2011. Blocking, Tracking, and Monetizing: YouTube Copyright Control and the Downfall Parody. Institute of Network Cultures: Amsterdam.Google Scholar
[45] Dewes Christian, Wichmann Arne, and Feldmann Anja. 2003. An analysis of Internet chat systems. In Proceedings of the 3rd ACM SIGCOMM Internet Measurement Conference. 51–64. DOI:Google ScholarDigital Library
[46] Ding Yuan, Du Yuan, Hu Yingkai, Liu Zhengye, Wang Luqin, Ross Keith, and Ghose Anindya. 2011. Broadcast yourself: Understanding YouTube uploaders. In Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference. ACM, 361–370.Google ScholarDigital Library
[47] Hilderbrand Lucas. 2007. YouTube: Where cultural memory and copyright converge. FILM QUART 61, 1 (2007), 48–57.Google ScholarCross Ref
[48] Hsiao Luke and Ayers Hudson. 2019. The price of free illegal live streaming services. arXiv:1901.00579. Retrieved from http://arxiv.org/abs/1901.00579.Google Scholar
[49] Ibosiola Damilola, Steer Benjamin, Garcia-Recuero Alvaro, Stringhini Gianluca, Uhlig Steve, and Tyson Gareth. 2018. Movie pirates of the caribbean: Exploring illegal streaming cyberlockers. In Proceedings of the International AAAI Conference in Web and Social Media.Google ScholarCross Ref
[50] Joseph Dilip Antony, Tavakoli Arsalan, and Stoica Ion. 2008. A policy-aware switching layer for data centers. In Proceedings of the ACM SIGCOMM 2008 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. 51–62. DOI:Google ScholarDigital Library
[51] Karagiannis Thomas, Broido Andre, Faloutsos Michalis, and Claffy Kimberly C.. 2004. Transport layer identification of P2P traffic. In Proceedings of the 4th ACM SIGCOMM Internet Measurement Conference. 121–134. DOI:Google ScholarDigital Library
[52] Karagiannis Thomas, Papagiannaki Konstantina, and Faloutsos Michalis. 2005. BLINC: Multilevel traffic classification in the dark. In Proceedings of the ACM SIGCOMM 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. 229–240. DOI:Google ScholarDigital Library
[53] Kim Hyunchul, Claffy Kimberly C., Fomenkov Marina, Barman Dhiman, Faloutsos Michalis, and Lee KiYoung. 2008. Internet traffic classification demystified: Myths, caveats, and the best practices. In Proceedings of the 2008 ACM Conference on Emerging Network Experiment and Technology. 11. DOI:Google ScholarDigital Library
[54] Lauinger Tobias, Onarlioglu Kaan, Chaabane Abdelberi, Kirda Engin, Robertson William, and Kaafar Mohamed Ali. 2013. Holiday pictures or blockbuster movies? Insights into copyright infringement in user uploads to one-click file hosters. In Proceedings of the 16th International Symposium on Research in Attacks, Intrusions, and Defenses - Volume 8145. Springer-Verlag New York, Inc., New York, NY, 369–389. DOI:Google ScholarDigital Library
[55] Li Wei and Moore Andrew W.. 2007. A machine learning approach for efficient traffic classification. In Proceedings of the15th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems. 310–317. DOI:Google ScholarDigital Library
[56] Lu Chaoyi, Liu Baojun, Li Zhou, Hao Shuang, Duan Hai-Xin, Zhang Mingming, Leng Chunying, Liu Ying, Zhang Zaifeng, and Wu Jianping. 2019. An end-to-end, large-scale measurement of DNS-over-encryption: How far have we come?. In Proceedings of the Internet Measurement Conference. 22–35. DOI:Google ScholarDigital Library
[57] Mahanti Aniket, Carlsson Niklas, Arlitt Martin, and Williamson Carey. 2012. Characterizing cyberlocker traffic flows. In Proceedings of the 37th Annual IEEE Conference on Local Computer Networks. IEEE, 410–418.Google ScholarDigital Library
[58] Matic Srdjan, Iordanou Costas, Smaragdakis Georgios, and Laoutaris Nikolaos. Identifying sensitive URLs at web-scale. In Proceedings of the 20th ACM SIGCOMM Internet Measurement Conference.Google Scholar
[59] Moore Andrew W. and Papagiannaki Konstantina. 2005. Toward the accurate identification of network applications. In Proceedings of the International Workshop on Passive and Active Network Measurement. 41–54. DOI:Google ScholarDigital Library
[60] Moore Andrew W. and Zuev Denis. 2005. Internet traffic classification using bayesian analysis techniques. In Proceedings of the International Conference on Measurements and Modeling of Computer Systems. 50–60. DOI:Google ScholarDigital Library
[61] Nikas Alexios, Alepis Efthimios, and Patsakis Constantinos. 2018. I know what you streamed last night: On the security and privacy of streaming. Digital Investigation 25 (2018), 78–89. DOI:Google ScholarCross Ref
[62] Rescorla E.. 2020. The Transport Layer Security (TLS) Protocol Version 1.3. 2020. Retrieved June 2021 from https://tools.ietf.org/html/rfc8446.Google Scholar
[63] Rescorla E., Oku K., and and N. Sullivan. 2020. TLS Encrypted Client Hello Draft-ietf-tls-esni-07. 2020. Retrieved June 2021 from https://tools.ietf.org/html/draft-ietf-tls-esni-07.Google Scholar
[64] Sandvine. 2018. Global Internet Phenomena Spotlight - Kodi. 2018. Retrieved June 2021 from https://www.sandvine.com/hubfs/downloads/archive/2017-global-internet-phenomena-spotlight-kodi.pdf.Google Scholar
[65] Sen Subhabrata, Spatscheck Oliver, and Wang Dongmei. 2004. Accurate, scalable in-network identification of p2p traffic using application signatures. In Proceedings of the 13th international conference on World Wide Web. 512–521. DOI:Google ScholarDigital Library
[66] Sherry Justine, Hasan Shaddi, Scott Colin, Krishnamurthy Arvind, Ratnasamy Sylvia, and Sekar Vyas. 2012. Making middleboxes someone else’s problem: Network processing as a cloud service. ACM SIGCOMM Computer Communication Review 42, 4 (2012), 13–24.Google ScholarDigital Library
[67] Sun Haifeng, Xiao Yunming, Wang Jing, Wang Jingyu, Qi Qi, Liao Jianxin, and Liu Xiulei. 2019. Common knowledge based and one-shot learning enabled multi-task traffic classification. IEEE Access 7 (2019), 39485–39495. DOI:Google ScholarCross Ref
[68] Vallina Pelayo, Pochat Victor Le, Feal Álvaro, Paraschiv Marius, Gamba Julien, Burke Tim, Hohlfeld Oliver, Tapiador Juan, and Vallina-Rodriguez Narseo. Mis-shapes, mistakes, misfits: An analysis of domain classification services. In Proceedings of the 20th ACM SIGCOMM Internet Measurement Conference.Google Scholar
[69] Wamser Florian, Pries Rastin, Staehle Dirk, Heck Klaus, and Tran-Gia Phuoc. 2011. Traffic characterization of a residential wireless Internet access. Telecommunication Systems 48, 1–2 (2011), 5–17.Google ScholarDigital Library
[70] XBMC. 2019. Official:Forum Rules/Banned Add-ons. 2019. Retrieved from https://kodi.wiki/view/Official:Forum_rules/Banned_add-ons.Google Scholar

Index Terms

Recommendations

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on the Web Volume 17, Issue 1
February 2023
189 pages
ISSN:1559-1131
EISSN:1559-114X
DOI:10.1145/3575872
Editor:
Ryen White
Microsoft Research, USA
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 February 2023
- Online AM: 15 September 2022
- Accepted: 11 September 2022
- Revised: 3 June 2022
- Received: 9 June 2021
Published in tweb Volume 17, Issue 1

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Kodi
crawling
crowdsourcing
measurement
Qualifiers
- research-article
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 212
  Total Downloads
- Downloads (Last 12 months)83
- Downloads (Last 6 weeks)8
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Full Text

View this article in Full Text.

View Full Text

HTML Format

View this article in HTML Format .

View HTML Format

Decoding the Kodi Ecosystem

ACM Transactions on the Web

Abstract

REFERENCES

Cited By

Index Terms

Recommendations

KODI: The Missing Guide A Step By Step Guide With Pictures On How To Download & Install Kodi, The Installation & Setting Up Of Mouse Toggle, VPN, ... Stick Or Fire TV, Android Phone, Windows...

Kodi Mastering: A Simplified Guide With Pictures On How To Download, Install, Update & Un-install Kodi Version 17.6 on Fire TV or Fire TV Stick, ... Movies, Musics And TV Shows For Free

Kodi's Master Guide: A Step By Step Pictorial Guide On How To Download, install & Upgrade To Kodi 18.0 On Xbox One & 17.6 On iPhone, iPad, Amazon Fire ... VPN, Mouse Toggle, Add-ons, IPTV, SET TV...