Apple approved a Mac app with a misbehaving crypto-mining feature
You’d think apps with crypto-miners could only be found in various shady venues on the internet. But that’s apparently not the case: a popular alternative for the Mac calendar called Calendar 2 recently gave people a way to unlock its Premium features by bundling in a Monero miner with a recent update. And, yes, it was available for download straight from iTunes — it’s just not clear whether it slipped past Apple’s watchful eye or if the tech titan really approved it. While you’re supposed to agree to switch the miner on in a dialog box (pictured below), at least one person is saying that it launched without his permission:
@SGgrc @QbixApps Calendar 2 for Mac (from the App Store) launched a cryptocurrency miner without my permission. Then it ate 200% CPU until I found it and killed it. I didn’t expect a miner infection from an App Store vendor. Wow. It runs the xmr-stak Monero miner.
— Fred Laxton (@fredonline) March 12, 2018
[Image credit: Ars Technica]
Gregory Magarshak, founder of Calendar 2’s developer Qbix, told Ars Technica that the miner’s rollout was affected by a couple of bugs. One caused it to run indefinitely, even if you didn’t agree to switch it on or even if you changed your settings. The other caused it to consume more resources than the 10 to 20 percent of computer power Qbix thought it would use. That increase on consumption means the miner could push host computers beyond their limits and use a lot more electricity than usual.
Qbix has decided to completely remove the miner from future versions of the app, telling Ars:
“We have decided to REMOVE the miner in the app. The next version will remove the option to get free features via mining. This is for three reasons:
1) The company which provided us the miner library did not disclose its source code, and it would take too long for them to fix the root cause of the CPU issue.
2) The rollout had a perfect storm of bugs which made it seem like our company *wanted* to mine crypto-currency without people’s permission, and that goes against our whole ethos and vision for Qbix.
3) My own personal feeling that Proof of Work has a dangerous set of incentives which can lead to electricity waste on a global scale we’ve never seen before. We don’t want to get sucked into this set of incentives, and hopefully our decision to ultimately remove the miner will set some sort of precedent for other apps as well.
Ultimately, even though we technically could have remedied the situation and continued on benefiting from the pretty large income such a miner generates, we took the above as a sign that we should get out of the “mining business” before we get sucked into the Proof of Work morass of incentives.”
Apple didn’t respond to Ars’ and our emails asking whether an app with a crypto miner is in violation of its guidelines. The version of Calendar 2 with a miner remained live in the App Store 24 hours after Ars reported it to the company. It’s been removed from iTunes shortly after the publication’s story went up either by Apple or the developer itself. Since Cupertino didn’t say whether Qbix violated its guidelines, though, there’s still a lot in the air. It’s unclear whether the tech giant would relist future versions of the app without a miner and whether iTunes truly welcomes applications that come with crypto miners with open arms.
Source: Ars Technica