CloudStream keeps showing up in the same conversation as piracy, and that conversation usually skips a detail that matters. The CloudStream app itself is an empty, open-source media player. It does not host a single movie, show, or episode on its own.
What changes that picture is the extension system built into the app, which lets anyone connect it to outside content sources through community-made repositories. That single design choice is why CloudStream keeps landing on rightsholders’ radar even though the base app has nothing to take down. Here is what the CloudStream app actually is, how the mechanism works, and what the legal record says about using it.
TL;DR: CloudStream is a free, open-source Android and Android TV app that plays media but stores none of it. The piracy risk comes entirely from third-party extensions and repositories users add afterward, not from the base app. Rightsholders including the MPA and Sky UK have already sent DMCA takedowns targeting CloudStream’s code and its associated repositories. The app itself is not illegal to install, but a large share of what people install it for crosses into unauthorized territory.
What the CloudStream app actually is
CloudStream, sometimes labeled CloudStream 3 or CS3, is a free and open-source Android and Android TV app built for streaming and downloading media. It is hosted on GitHub under the GPL-3.0 license, with contributions from hundreds of developers over the past few years.
Installing the base APK gets you a blank shell. Opening the extensions menu for the first time shows nothing there, no movies, no shows, no live channels, just an empty list waiting for something to be added.
That emptiness is the whole point. CloudStream was built as a framework rather than a content library, and the app stays small, around 25MB, because it does not carry any media inside it.
How repositories turn a blank app into a piracy tool
Repositories are what change CloudStream from an empty shell into something with content in it. A repository works like a mini app store inside CloudStream, bundling together multiple extensions that each connect to a different external source.
Once a repository is added and an extension installed, a search inside CloudStream pulls results from every connected source at once. Nothing about that process runs on CloudStream’s own servers, since the app has none, but the sources those extensions reach into are frequently unlicensed.
| Aspect | Base CloudStream app | With a repository added |
|---|---|---|
| Hosts content itself | No | No |
| Content visible on first launch | None | Depends on repository |
| Known DMCA takedowns | None on the core app | Yes, tied to specific repositories |
| Legal exposure | None known | Depends on repository’s sources |
This is the exact design that keeps drawing rightsholder attention. The app’s own disclaimer, repeated across its releases, argues that it behaves like a search engine and has no control over what any given source hosts.
Whether that argument holds up in practice depends entirely on which repository gets added, and that is the part this piece will not walk through.
The legal pressure CloudStream has already faced
CloudStream has been targeted by rightsholders more than once, and the record is public. In 2022, Sky UK sent a DMCA notice over a single TV episode that took down the CloudStream-3 GitHub repository entirely.
The bigger hit came in 2023, when the MPA, representing major Hollywood studios and Netflix, sent GitHub a DMCA notice covering multiple CloudStream-related files. According to TorrentFreak, the lead developer pulled the project offline voluntarily rather than wait for GitHub to act, citing fear of facing Hollywood’s anti-piracy coalition directly.
The pattern is not unique to CloudStream. Enforcement against similar apps has picked up sharply, as covered in DigitBin’s Operation Kratos 2 breakdown, where a seven month European investigation pulled down more than 27,000 illegal streaming URLs in one sweep.
Services like DaddyLive TV and TheTVApp face an identical cycle. A takedown lands, the project reappears under a new name or domain, and the legal exposure for anyone using it does not actually change, a pattern DigitBin’s DaddyLive TV explainer and TheTVApp coverage both lay out in detail.
Is the app illegal, or just what you add to it
The CloudStream app by itself is not illegal to download or run. Open-source media players that ship with zero content are not, on their own, copyright infringement tools, and CloudStream’s core GitHub project has stayed available longer than any individual repository has.
What crosses the line is the specific repository someone connects afterward. A repository indexing only licensed or public domain sources creates no legal exposure on its own.
A repository indexing unauthorized copies of copyrighted films and shows is where the actual infringement risk sits, for the person running that repository and, in some jurisdictions, for the person streaming from it. This is the same distinction that applies to Stremio, Kodi, and other extension based players. The player is neutral. The extension decides everything.
Frequently Asked Questions
Is CloudStream illegal to download?
No. The base CloudStream app has no content built in, and downloading it carries no known legal risk on its own.
Does CloudStream host pirated movies?
No. CloudStream does not host, upload, or store any media. It only displays results from sources connected through extensions.
What happened between CloudStream and Hollywood?
The MPA sent GitHub a DMCA notice in 2023 covering multiple CloudStream-related files, and the developer took the project offline in response.
Is adding a repository to CloudStream safe?
It depends entirely on what that repository connects to. Repositories linked to unauthorized sources carry real legal and security risk.
Did anyone else try to take CloudStream down before the MPA?
Yes. Sky UK sent a DMCA notice in 2022 over a single TV episode, which took down the CloudStream-3 GitHub repository at the time.
The part that matters more than the app itself
CloudStream’s code is not the risk. What a person chooses to connect it to is. That distinction gets lost in most conversations about the app, which either paint it as harmless because it hosts nothing, or as straightforwardly illegal because of what it is most commonly used for.
Neither framing is complete on its own. The honest answer sits in the middle, a legitimate open-source project that exists almost entirely to be paired with repositories rightsholders have already gone after through takedowns and legal notices.
DigitBin does not encourage installing repositories, extensions, or any third-party source that provides unauthorized access to copyrighted movies or shows. This article covers how CloudStream works and the legal history around it for informational purposes only, and is not a guide to using the app for piracy.






