[dpatk]

Hi! I'm a newbie to Kodi and am wondering how safe it is to use Kodi and how to use it in the safest way. Please forgive me if this has been asked and answered before. I've spent several hours reading various articles on the Web and various threads in the Kodi forums and haven't found either a comprehensive or succinct answer to this question.

From what I've read, it seems that there are at least three potential sources of viruses/malware:

• Malevolent add-ons from third parties
  
• Sites sending malware via subtitles
  
• Man in the middle attacks
  

Are there more to watch out for (I did notice that there is a potential buffer overrun in versions of Kodi older than 19.0; but I'll get the latest version)?

I only want to listen to music, and only to music that I am providing locally (mainly via a flashdrive). I don't want Kodi to try to get album art, song information, or anything else. I just want it to find, index, and use whatever I supply it. Basically, I want to keep Kodi locked down to what artwork/information I provide. Can I do this? If so, how?

As for add-ons, it has been stated elsewhere that add-ons provided by the Kodi team are safe. I doubt that I'll need any add-ons; but if I do, I'll just stick with the Kodi-supplied add-ons.

As for subtitles, I won't be watching movies; so I assume that subtitles will be a non-issue for me.

As for man in the middle attacks, I have no clue what to think or do about these.

Is there anything else I should watch out for and/or turn off? If so, what?

I'm also fairly new to the Linux world. Can someone tell me how to tell what version of Kodi a particular Linux distro has? I'll be using a Raspberry Pi with Debian "bullseye."

Thanks!

Don

[Klojum]

I think you already gave all the answers yourself. Third-party add-ons can be a hazard, we've seen that in the past with certain piracy add-ons. Subtitles are text files, they are pretty immune to malware. Man in the middle... I wouldn't know where to look.

As far as Linux goes, you can either go with a full distro such as Ubuntu for a PC, and install Kodi as per our instructions on the Kodi wiki page. For the RPi4, there is also LibreELEC, a minimalistic Linux setup with Kodi as the sole application. Debian should be okay too, I think they finally caught up with Kodi 19.3 now.

[dpatk]

Thanks for the help!

Is there a way to lock down Kodi as I mentioned? Basically, I don't want it to access the Internet for anything; I just want it to use the information that I personally provide it.

[DarrenHill]

The Pi with RaspiOS Bullseye has Kodi Matrix in their official repo, and I think Debian does too.

All the addons in the official Kodi repo (the one that is built into Kodi and installed with it) are checked by Team Kodi before inclusion, so can be considered safe. For anything else from 3rd party sources, caveat emptor very much applies. If you don't want any risks, then don't install any addons or repos from third party sources. By default Kodi will not allow that anyway, and if you do decide to enable doing so you will get a warning when you switch it on.

Generally speaking, just be sensible about what you install and where you get it from, as you hopefully would with any other software install. If something seems to be too good to be true or is offering stuff that is obviously dodgy (premium stuff for free, or other dubious items like movies that are currently in theatres and haven't been released to free streaming) then avoid them.

[Karellen]

I doubt that I'll need any add-ons;

You can't use Kodi without some addons. Kodi is installed with a number of critical addons which are required to make Kodi work. Skins are an addon. But if you stick to the Kodi repo, you are pretty safe.

To set up the music library, have a look through the guide... https://kodi.wiki/view/HOW-TO:Create_Music_Library

[dpatk]

Thanks for the help! I'll move forward with Kodi and be careful. 

[the_other_guy]

as someone who has been looking at the best kodi skins of 21  a lot of them clearly do not care about using illegal addons (www.kodi.org.) is one such site


If it is an unofficial Kodi addon. This means that Kodi’s developers have no supervision over what kind of content this addon brings. And also, there’s no way of knowing whether addon.NOT brings malicious code until after it gets inside your system. 
In the past, we’ve seen that forks and clones are among the most dangerous Kodi addons. This is how cryptocurrency miners have found their way to Kodi, in addition to plenty of other types of malware. That’s the main reason why Kodi’s developers strongly recommend avoiding third-party repositories.

[scott967]

As far as MITM attacks, Kodi has moved to https protocol and provides warning when http is used by addons.  You would need to use standard firewall and router security.   You could turn on "never check for updates" in the system settings.

Note that Kodi music library can work well just using metadata included with your music media files IF you use the tagging advice in the wiki prior to scanning the files into your library.

scott s.
.