There seems to be a growing amount of reports where users are suddenly missing add-ons from their Kodi installation. It seems there are some factions out there that are removing each others add-on without the user approving or even knowing this. While we as team do not want to be associated with the groups we do feel that we must at least warn people that this can happen.
Kodi official repository
Since v10.0 which was the first version with an add-on repository, we as team have always checked the contents of each add-on and what it’s intentions are before it was added. This is done with the intention to prevent unwanted things happening when installing certain add-ons and upholding a certain quality standard. To give a better understanding on what this entails I will provide a short walk through of this process before these add-ons are added to our official repo. First of all a third-party developer writes a certain add-on and decides if he wants to make it available for public testing first for initial user feedback, or directly send it to us depending how confident he/she is about the functionality. We urge every developer to first read our repository rules before sending the add-on for review as that might already make it clear it will never be considered.
• All add-ons must be developed as described on the Add-on development page.
• You must include a license file (named LICENSE.txt). We recommend the CC-BY-SA 3.0 for skins and the GPL v2+ for others, but most copy left licenses will suffice. Please investigate which license suits your needs and you fully understand the contents.
• All files must be free and legal to distribute.
• The add-on must not violate any known copyright laws – if in doubt, let us know and we’ll look into it for you.
• All source files must be included. No pre-compiled files will be allowed.
• You acknowledge that you are the maintainer of your add-on.
• Team-Kodi reserves the right to update or remove it at any time as we deem necessary.
• If a new stable Kodi is going to be released no new submissions are accepted to the repository for the previous version. This will start from when the first release candidate (RC) of the new version is released. Only fixes and updates will be accepted and processed for the previous version (e.g. if the current stable is 13.x, no updates are allowed for 11.x any more).
• Monetization of add-ons (for instance advertising or paid subscriptions) will not be allowed. We can make an exception in case you own the copyright for the content the add-on provides. Please contact us on the forum (or add-on mailing list) if you believe such an exception may apply to your add-on.
These are the main rules that they should follow, with an additional longer list of items they must follow before they get the green light, you can view the full list here in case you are interested. Once the team has received the request we will go through the add-on and review code as good as we can according to our checklist, but of course there’s always the chance of human error however we do our best to reduce this a minimum. The first submission of an add-on can be especially hard as there’s so much code to go through that there’s as always a chance something slips through, however during this process we will always communicate with the developer should there be some doubts about certain functions, or simply point out improvement that could be done. Once all this done and the add-on is approved, we do an upload of this add-on to our central code repository then from this repository the server automatically creates the needed files, distributes them to a variety of servers, and about a day later this add-on is available to all users around the world. Any succeeding update will follow the same process, however is a lot easier as we compare the new code to the old and we can easily see what changed.
Of course all this is based on trust, and although we do our best it’s not fool proof system (though what is). We don’t claim Kodi is 100% secure or that any of the add-ons in our repository are 100% secure, the end responsibility is still with the end user and his/her decision on what will be installed.
Now comes the possible problem with any third-party repository. We as Team Kodi have a set of rules that each add-on must follow, however third-party repository might not have the same set of rules and standards. Do you as user know if there’s a certain review process in place? or is everything just uploaded and distributed to you as end user? This is a very important question that you must ask yourself when installing anything outside Kodi official repository.
Let’s first try make it more clear that there are different kinds of repositories available to install. The first kind are by an individual that uses it in a way that users can easily beta test the add-on(s) before sending them to official repo. It might also be that the developer simply doesn’t want to submit them, or that they do not fit within our policy that we can allow it to be added, or it could be a combination of these reasons. Second kind are by a group of developers working together in a single repository, with each maintaining their own add-on but sending it to this central repository. This makes it quite convenient for the user as he only needs to add a single repo instead of several separate ones, and it’s kind of similar to our official Kodi version. Another kind is a gathering of whatever repositories or add-ons that are out there and dumped into one huge list, some might be curated to what is added, however others just automatically grab whatever latest and available versions can be found. Hopefully we don’t have to explain that this could cause a variety of problems or even be dangerous to some extent.
Luckily there are certain repositories out there that are nearly, or equally trustworthy (we do our best) as ours, since they respect the users as much as we do and will not try to tamper with they beloved Kodi installation. The sad truth however is that certain individuals, or even groups are out there that can do damage to your Kodi installation. Some might install certain code on your computer that will start showing advertising, or any other annoying pop ups, but worst of all some might even go and delete certain files, add-ons or even wipe your system. Another possibility is they start gathering personal information, and/or retrieve username and password for certain websites. It is a fact that some of these things have already happened, with advertising being forced upon the users with pop ups, and add-on’s getting deleted by “competing” groups as they try to gain as many souls as they can. We are not sure if there has been any cases of personal information being stolen, however having seen some of the things that can happen there’s a strong possibility this may have occurred.
To sum up it, be aware of where you download Kodi from. The official Kodi version has no add-ons or plugins installed that would provide any kind of access to media. Should you manually install a third-party repository, then at least familiarize yourself with that individual or group to what their intentions are, or if they can be trusted (as far as you could tell), we cannot stress enough that you must be very careful on what you install. Don’t blindly follow online tutorials, how-to guide and YouTube videos that tell you to install whatever you can find, most of them will just point you to some one-click install wizard that does strange things without you even understanding the possible implications.
With this blog we try to add least give the users more awareness to this problem, and for Kodi v17 “Krypton” we have added an additional one time warning where you as user must first accept that you are about to install something from an unknown source, and ask you think about this before proceeding. It is of course not foul proof and bad stuff could still happen though hopefully it will at least help to some extend.