84df64fcfe
Go backend: - Add sensitive data redaction in log buffer (tokens, keys, passwords) - Validate extension auth URLs (HTTPS only, no private IPs, no embedded creds) - Block embedded credentials in extension HTTP requests - Tighten extension storage file permissions (0644 -> 0600) - Sanitize extension ID in store download path - Summarize auth URLs in logs to prevent token leakage Android (Kotlin): - Add sanitizeRelativeDir to prevent path traversal in SAF operations - Apply sanitizeFilename to all user-provided file names in SAF Flutter: - Add sensitive data redaction in Dart logger (mirrors Go patterns) - Mask device ID in log exports - Add in-flight guard to progress polling (download queue + local library) - Remove redundant _downloadedSpotifyIds Set, use _bySpotifyId map - Remove redundant _isrcSet, use _byIsrc map - Expand DownloadQueueLookup with byItemId and itemIds - Lazy search index building in queue tab - Bound embedded cover cache in queue tab (max 180) - Coalesce embedded cover refresh callbacks via postFrameCallback - Cache album track filtering in downloaded album screen - Cache thumbnail sizes by extension ID in home tab - Simplify recent access aggregation (single-pass) - Remove unused _isTyping state in home tab - Cap pre-warm track batch size to 80 - Skip setShowingRecentAccess if value unchanged - Use downloadQueueLookupProvider for granular queue selectors - Move grouped album filtering before content data computation
Download music in true lossless FLAC from Tidal, Qobuz & Amazon Music — no account required.
Download
Screenshots
Extensions
Extensions allow the community to add new music sources and features without waiting for app updates. When a streaming service API changes or a new source becomes available, extensions can be updated independently.
Installing Extensions
- Go to Store tab in the app
- Browse and install extensions with one tap
- Or download a
.spotiflac-extfile and install manually via Settings > Extensions - Configure extension settings if needed
- Set provider priority in Settings > Extensions > Provider Priority
Developing Extensions
Want to create your own extension? Check out the Extension Development Guide for complete documentation.
Other project
SpotiFLAC (Desktop)
Download music in true lossless FLAC from Tidal, Qobuz & Amazon Music for Windows, macOS & Linux
Telegram
FAQ
Q: Why is my download failing with "Song not found"?
A: The track may not be available on Tidal, Qobuz, or Amazon Music. Try enabling more download services in Settings > Download > Provider Priority, or install additional extensions from the Store.
Q: Why are some tracks downloading in lower quality?
A: Quality depends on what's available from the streaming service. Tidal offers up to 24-bit/192kHz, Qobuz up to 24-bit/192kHz, and Amazon up to 24-bit/48kHz. The app automatically selects the best available quality.
Q: Can I download playlists?
A: Yes! Just paste the playlist URL in the search bar. The app will fetch all tracks and queue them for download.
Q: Why do I need to grant storage permission?
A: The app needs permission to save downloaded files to your device. On Android 13+, you may need to grant "All files access" in Settings > Apps > SpotiFLAC > Permissions.
Q: Is this app safe?
A: Yes, the app is open source and you can verify the code yourself. Each release is scanned with VirusTotal (see badge at top of README).
Q: Why is download not working in my country?
A: Some countries have restricted access to certain streaming service APIs. If downloads are failing, try using a VPN to connect through a different region.
Want to support SpotiFLAC-Mobile?
If this software is useful and brings you value, consider supporting the project. Your support helps keep development going.
Disclaimer
This project is for educational and private use only. The developer does not condone or encourage copyright infringement.
SpotiFLAC is a third-party tool and is not affiliated with, endorsed by, or connected to Tidal, Qobuz, Amazon Music, Deezer, or any other streaming service.
The application is purely a user interface that facilitates communication between your device and existing third-party services.
You are solely responsible for:
- Ensuring your use of this software complies with your local laws.
- Reading and adhering to the Terms of Service of the respective platforms.
- Any legal consequences resulting from the misuse of this tool.
The software is provided "as is", without warranty of any kind. The author assumes no liability for any bans, damages, or legal issues arising from its use.
API Credits
- Tidal: hifi-api, music.binimum.org, qqdl.site, squid.wtf, spotisaver.net
- Qobuz: dabmusic.xyz, squid.wtf, jumo-dl
- Amazon: AfkarXYZ
- Lyrics: LRCLib
- YouTube Audio: Cobalt via qwkuns.me, SpotubeDL
- Track Linking: SongLink / Odesli, IDHS
Tip
Star Us, You will receive all release notifications from GitHub without any delay ~