Downloadify exploited a vulnerability in Spotify s web player to allow a user to download a DRM-free, MP3 backup of a song as it started playing. Google this week pulled from its Chrome Web Store the browser extension known as Downloadify. The Dutch developer also published the code on GitHub, according to CNET. He reportedly took advantage of a flaw in the Spotify Web client that lacked encryption unlike the desktop and mobile versions. He also told a reporter he did not plan to update the program and believed Spotify had taken steps to boost its security.
Source: https://threatpost.com/spotify-fixes-security-hole-that-allowed-free-song-downloads/100407/