This week was released an Android version of Popcorn Time. For those who don’t know the project, it’s similar to Netflix: you select the movie or serie you want to watch and could instantly play it. Unlike Netflix, it’s free, based on user torrent seed and illegal in almost all countries. So don’t use it and go buy you DVD instead !
Existing versions still confine to desktop releases until now. So be happy mobile users, you day is coming ! Except one thing (or two, which career will allow you to download 1080p movie with p2p ?), it’s not the official / legacy team of Popcorn Time which releases the application. What does it means ? An alternative team is releasing the same software under an alternate name « Time4Popcorn ». But what for ?
We still do not have (real) answers to this question. Why clone a (becoming popular) open source project to release it as closed source software ? Unfortunately, to add malware, spyware or anything you want to hide to your user. Moreover, the Android release is a server side application which means all the code is not in the application you choose to install but also on server of Time4Popcorn (server for KitKat, server for older versions of Android). So the Time4Popcorn team may include malwares at anytime they want on their servers and spread them then. More readings on reddit.
I also spend time analyzing the Android application code. Hopelessly, it is a really small application and it doesn’t not look like to contain any infection mechanism (neither obfuscation nor dex loading). It was removed from the Play store and I will not provide a link but please, consider this post before installing it. I spent some time contributing to the PopcornTime project and the least I could say is the whole community will discourage you from succumbing to Time4Popcorn releases.