Unauthorized Apple Music Web Player Attracts More Than 200,000 Users
Students at the University of Kent have created a web-based Apple Music player, filling a need Apple has so far ignored.
Musish launched five months ago, and since then, the web-based player has attracted over 200,000 users.
Musish is careful to note in a box on its homepage that the service is not affiliated with Apple in any way. The service requires that users enter an Apple ID — which should probably make you nervous. The developer, Brychan Bennett-Odlum, spoke with Cult of Mac about how the service works.
When a user clicks on login, a new browser window opens under the Apple.com domain. Musish cannot access this window. Once logged in, users are prompted with an access request to allow Musish to access your Apple Music content. Musish can see the media library and listening activity for any account that allows access.
“Apple then sends the Musish web app a token which we send back to Apple in subsequent requests which they use to identify the user and return us data / perform an action (such as playing a song, or adding an album to their library). This token is only valid for the scope of Apple Music, and not other services they provide. It’s also only valid for a limited time. On top of this, we make sure to never even send the user’s token to any server we host.”
The unofficial Apple Music portal provides access to songs you have previously played. Playlists are also available, but it appears as though Apple Radio is not available in Musish for now.
Bennett-Odlum says his team is hard at work on making the radio feature work inside Musish. Musish is built using official public Apple Music APIs and the official MusicKit JS library. The project is open-source, and the code is available from GitHub.
Despite that, I’d still be wary of using the unofficial service. Accessing listening activity has powerful marketing implications if the app gains widespread popularity — and this isn’t exactly a trusted third party.