Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
People gloat about Apple integration all the time but not having a browser accessible Apple Maps/Music/etc. is a killer.
[doublepost=1548109004][/doublepost]
They use Apples native API for authentification, so they actually never get to see your credentials as far as I understood.

People have been trained to avoid phishing sites so the uneasiness is fully warranted. There's no excusing Apple for not releasing an official web site like their competitors Soundcloud, Google Music, Amazon Music, etc.
 
Last edited:
I've noticed that this site- musi.sh and playapplemusic.com have the same problem in that they don't play tracks uploaded to iCloud Music Library that aren't matched.

For example, I have the original Slipknot album 870621345, not the rerelease titled "Slipknot" and not the 10th anniversary rerelease, and those tracks won't play.

So far all the content I checked like that won't play. But still cool.
Just to add, those tracks play fine on my phone, ipad etc

Right. This API only allows access to Apple Music, not to the iCloud Music Library.

That's a limitation on Apple's end. The same applies to, for example, playing Apple Music through Alexa; you don't get your own uploaded files there either. It's unclear if Apple intends to change this.
[doublepost=1548109664][/doublepost]
Would be hilarious if spotify used that API and integrated Apple Music then we don't need support for Apple Music anymore...

I mean, if paying $10 for Spotify and another $10 for Apple Music just to play Apple Music inside Spotify is your cup of tea…?
 
  • Like
Reactions: deadworlds
Right. This API only allows access to Apple Music, not to the iCloud Music Library.

That's a limitation on Apple's end. The same applies to, for example, playing Apple Music through Alexa; you don't get your own uploaded files there either. It's unclear if Apple intends to change this.
Noted. Thank you
 
iTunes is such a horrible user experience. Not sure if much has changed since i abandoned it many years ago, but its going to take more than a free U2 album I dont want to even get me to look at it again.
I second that. I've had problems too numerous to go into over the years. Spotify is my music source on iOS. "It just works."
 
  • Like
Reactions: martyjmclean
I mean, if paying $10 for Spotify and another $10 for Apple Music just to play Apple Music inside Spotify is your cup of tea…?
Most people use a family account... Currently Apple Music support is extremely bad. If a paying Spotfy user can also link their Apple Music account allowing them to use various Spotify enabled hardware that would really help Apple Music AND spotify. Apple gets more support and spotify can collect statistics and possibly gets Apple Music customers who want to play their music on their exisiting hardware. So, spotify would earn a few bucks a month just acting as proxy. Win-Win.
 
I hope Apple does not shut it down. I do not think Apple should be the prime think-tank of what a Music app should feel and look like.
 
Is this gonna be a trend... You'll soon have 10+ unofficial AM websites? and more, up until Apple gets the message across ?

All this is good, giving users want they want, but all being 'unofficial' its just a 'bait and trap' approach... Since everyone is looking for a web based player, and Apple is not doing one, everyone rushes to anyone that does it... they then loose control of passing their AppleID to these unofficial websites, (something which always happens when you login via google or any website that allows Google login) its the same principal.

And being unofficial, says its more open to attack. I'd rather stick with good old iTunes.. although websites are good, i'm wanting Apple to to it, no one else.
Remember TeenSafe iOS DB got hacked.
 
Last edited:
t... they then loose control of passing their AppleID to these unofficial websites, (something which always happens when you login via google or any website that allows Google login) its the same principal.

Once again, you really should understand how this works before commenting. No one is passing their Apple ID to unofficial websites. The 2FA login is done through Apple's own API on Apple's website and is fully supported. This is not a hack. It is in no way similar to what Google does. At all.

Here is some information for your edification.

https://developer.apple.com/documentation/applemusicapi

Overview
The Apple Music API is the web services portion of MusicKit. Using the Apple Music API, you can access information about media—such as albums, songs, artists, and playlists—in the Apple Music Catalog and in a user’s personal iCloud Music Library. If authorized by a user, you can also access or modify data associated with that user. For example, you can find music recommendations for the user or change their rating of a particular song, both in the catalog and in their library.

Authentication of Requests with Tokens
Requests to the Apple Music API are sent securely using HTTPS commands. All requests to the Apple Music API are associated with your app or website. A request includes a developer token that authenticates you as a trusted developer and member of the Apple Developer Program. Requests that access information for a specific user must also include a music user token that authorizes you to access that user’s information. See Getting Keys and Creating Tokens.
 
Last edited:
Once again, you really should understand how this works before commenting. No one is passing their Apple ID to unofficial websites. The 2FA login is done through Apple's own API on Apple's website and is fully supported. This is not a hack. It is in no way similar to what Google does. At all.

And i never even mentioned 2FA...I was referring to normal logins. I was not indicating it was a hack neither
 
Can't wait until they open up my music library as opposed to my music library subscription.
Then my movies and TV shows. I've got over $3,000 locked up at Apple, I may have to sue them sometime so I can get at it on Linux once I get rid of my last Mac and Apple TV.
That's your fault, buying content limited to a platform, then leaving the platform, and expecting the content to come with you.

You going to sue when your can't transfer your frequent flier miles between the different Alliances too? lmao
 
  • Like
Reactions: martyjmclean
Look up how this works. I'm very cautious and I see zero issue with this.
Well unknown guys on the internet says it’s ok, I’m all in /s
[doublepost=1548122990][/doublepost]
Okay enough we know already. I trust my login. That is the problem with this form someone comes out with a nice web player and all we have are people complain about security concerns. If you are not going to use it don't bother posting then.
I missed it when did you become Uber mod?
 
We are all heavy users of Apple Music, but found listening at work hard as it drained our phones' battery lives and we didn't want to set up our Apple IDs on our work laptops.

We started Musish at a hackathon in San Francisco in early December after noticing the APIs Apple provide for the service and realising that it'd be a pretty nifty solution to the problem!
Nifty, indeed, as long as one doesn’t mind entering one’s Apple ID credentials on an office workstation. I know I do.
 
Nifty, indeed, as long as one doesn’t mind entering one’s Apple ID credentials on an office workstation. I know I do.
Yeah without any documentation or a T&C, i’ll Leave the alpha testing to others. If there was another way to try without Apple ID I would. And yes to other posters, I know exactly how it works.
 
Again?
When was it great before?
Back when it was called SoundJam MP. :D

Seriously, before Apple bought SoundJam, that was a fantastic music player. So good, in fact, that I keep my registered version of it on an old PowerBook 2400 that I still use as a music server.
 
Everyone worried about Musish stealing your Apple ID, you do realize this is an open source project right? Meaning that hundreds if not throussauds of people can look at and inspect the code. If there was ever any risk of shady behavior someone would find it and start making a fuss about it. That’s the wonders of having open source software. There is never a piece of code that is hidden from the public.

Just saying, being open source doesn't make it safe. Those codes are there alright.
But it is dependent on who manages the project and servers. Code can always be be added to the service/server.
Not saying they did, but saying its safe because you can read the source code ain't it.

Its only safe, if you download the source code, inspect it, then host your own server.
Just like any other open source programs, download, inspect, compile. Now that's safe.
 
it's been done before (not with apple yet, but never say never).

there have been several known attacks where a page has a payment/login link that is hijacked. the target looks and acts correctly, and even works, but the form records the data.

Newegg in 2018 got nailed with one, where you got to the proper payment processor page, but the frame forwarding was logging payment information to a 3rd party. Newegg didn't isntall this, but was the function of a nefarius hacked 3rd party.

online, the more hoops, links, and forwards you have to go through, the more liklihood of security issues occur. IMHO, if you are not directly on Apple's own site, I wouldn't be putting my iTunes credentials in at all.

Dude, you have no idea what you're actually talking about.

The NewEgg attack was caused by a direct injection of malicious code into the checkout page on NewEgg's servers. For a similar attack to work here, someone would have to compromise the Apple ID system on Apple's servers, change the code, and collect the data, all with Apple not finding out. This would not be the fault of any 3rd party app that uses the Authentication API. It would Apple's fault for not properly securing and auditing their systems and code.

Secondly, you literally contradicted yourself. You said "IMHO, if you are not directly on Apple's own site, I wouldn't be putting my iTunes credentials in at all." Yet, this is actually what you are doing in this case. The app redirects you to Apple's own, 1st party hosted authentication server, and then sends an "authentication for 'obfuscated id' accepted" back to the application. The app only has access to the services requested, and never ONCE sees your password, either in plaintext or encrypted.

People who don't know a thing about how security is implemented on the Internet shouldn't be talking about it. It makes you sound ignorant and spreads false information into the community.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.