Kodi Logo
  • Using repositories is the easiest way to install plenty of Kodi addons and keep them updated at all times.
  • Third-party repos can easily infect your Kodi with malware, in the background, and without your knowledge.
  • It’s recommended to exercise caution, double-check the addons you plan to install, disable automatic updates, and avoid relying on piracy.

Kodi is, without any doubt, one of the world’s most popular home theater applications. One of the reasons for this can be found in its high level of customization. Just like you would install an app on your smartphone, you can install different kinds of addons for Kodi – both from official and unofficial sources on the Web. However, as a recently published blog post reminds, Kodi’s developers are recommending you to exercise caution when installing addons and repositories.

As you can read in our Kodi Ultimate Guide, where we explain what to expect and how to use this application, there are two ways to install addons. Many Kodi users are not aware of this, so let’s remind you about these two procedures:

  • Install from ZIP File: If you download a ZIP file from the Web (containing a Kodi addon), you’re doing a static installation. If a new version of the addon becomes available, Kodi won’t be aware of that – and you’ll need to update the addon manually (by using a ZIP file of the newest version, which then overrides the existing one).
  • Install from Repository: By first adding and installing a repository, you’re making sure that you always have the latest available version of your addons. That’s because repositories host new and older addon versions, in addition to any required dependencies. In general, Kodi will automatically update your add-ons, allowing you always to use the latest available version. There are many options out there, and we’ve already highlighted the best Kodi repositories right now.

Now, here’s something very important. Even though repositories are the best way to install and update add-ons, they also pose a significant security risk. When repositories receive a new version of the addons you have installed, this update will be automatically distributed to your Kodi. In case this new addon includes malicious code or malware, you’ll end up with compromised files, and your device can quickly become infected. Let’s remind you that Kodi was recently plagued by cryptocurrency malware via addons like Bubbles and Gaia.

There’s also another critical issue with Kodi repositories. Long-term users probably have dozens, if not hundreds of repos installed on their Kodi. If a repository becomes obsolete or abandoned, nothing is stopping malicious individuals from obtaining that repository and distributing malicious scripts. Once again, Kodi will automatically update in the background, and you’ll get those malicious files automatically. Something similar had recently happened, with a hacker hijacking GitHub accounts of prominent Kodi add-on developers.

So, is there a way for you to protect your Kodi installation? Well, as per the blog post, Kodi’s development team thought about how to minimize all those risks. However, this is easier said than done. By employing safety precautions and disabling third-party repos, Kodi will also lose internal ‘beta’ repos, used for testing new builds, skins, official addons, and more. Therefore, it’s your responsibility to keep yourself safe.

Disable Kodi Automatic Updates
Make sure to disable automatic add-on updates.

We recommend you stay away from illegal addons. Instead, focus on legal Kodi addons only, and there’s quite a few of those (here’s how to use Kodi legally, in the first place). You can also disable automatic updates by going to Settings > System > Add-ons, and then select ‘Notify, but don’t install updates’ (on the right side of the ‘Updates’ field). Finally, you can also use a tool called ‘Addon-Check,’ which checks your addons for known problems and deprecations.

What kinds of safety measures do you use? Did you ever encounter malware via Kodi addons? Let us know in the comments section below, and don’t forget to follow us on Facebook and Twitter. Thank you!