Tuesday, March 13, 2018

Calendar 2 App Could Mine Crypto-Currency in Lieu of IAP

Dan Goodin (MacRumors):

The app is Calendar 2, a scheduling app that aims to include more features than the Calendar app that Apple bundles with macOS. In recent days, Calendar 2 developer Qbix endowed it with code that mines the digital coin known as Monero. The xmr-stack miner isn’t supposed to run unless users specifically approve it in a dialog that says the mining will be in exchange for turning on a set of premium features. If users approve the arrangement, the miner will then run. Users can bypass this default action by selecting an option to keep the premium features turned off or to pay a fee to turn on the premium features.

[…]

“On the one hand, using the user’s CPU for cryptomining has become extremely unpopular,” Thomas Reed, director of Mac offerings at antimalware provider Malwarebytes, told Ars. “The fact that this is the default is something I don’t like. I would want to see a legit app informing the user in advance or making it an option that can be turned on but is off by default. On the other hand, they [the developers] do disclose that they are doing it and give other options for people who don’t like it. My personal feeling on this is that, given the disclosure, I think the user should be allowed to make their own choice. Some people might be perfectly willing to let an app like this mine cryptocurrency so that they can use it for free.”

[…]

In an e-mail sent about 90 minutes after this post went live, Magarshak said he has decided to remove the miner from future versions of Calandar 2.

Patrick Wardle (tweet):

Hooray for honestly I guess!? And is getting “all advanced features for free” in return for allowing the app to turn your box into a cryptocurrency miner a fair deal? Maybe? But users clearly are not stoked about this[…]

Patrick Wardle:

Apple’s App Store guidelines seem rather clear RE: cryptocurrency mining in Apps: “monetizing built-in capabilities provided by the hardware or operating system” is “Unacceptable”-section 3.2.2 (ii)

I don’t think this is the type of thing the guideline is talking about, but who knows how Apple would interpret it.

Update (2018-03-15): Dani Deahl (MacRumors):

Apple pulled Calendar 2 from the Mac App Store yesterday, and today, Qbix CEO Greg Magarshak tells 9to5Mac that it was because it violated App Store guideline 2.4.2, which states: “Design your app to use power efficiently. Apps should not rapidly drain battery, generate excessive heat, or put unnecessary strain on device resources.”

Magarshak says that within an hour Qbix had removed all mining features and worked with Apple to expedite putting the app back on the App Store. It is now offering both new and preexisting users a free year of premium features. He also says that in the three days the app was mining, it earned about $2,000 worth of Monero[…]

Via Marcin Krzyzanowski:

Best AppStore business model, or what?

3 Comments RSS · Twitter

The Mac App store already provides dubious value to developers. What's the point of a curated app store for users if it can't keep out scammy crap like this?

I have no idea....I just don't grok the Mac app store "experience". I like to moan about the iOS app store, but there's still a lot of good apps out of the seas of crap (I have a lot of clients on iOS, so I stay abreast of basic trends there). Sailing on the Mac side is getting choppier and choppier. Developers pulling out, crappy apps moving in, I just don't get it.

P.s. I'm not thrilled with the Windows app store either.

> My personal feeling on this is that, given the disclosure, I think the user should be allowed to make their own choice. Some people might be perfectly willing to let an app like this mine cryptocurrency so that they can use it for free.

I think this is an optimist take on where this road would lead. Disclosure can take many forms. Even assuming the honest case where software tries to disclose what's going on honestly, "free" is a button label that can be understood in <1 second. Summarizing the tradeoff of cryptomining takes more than one word, and it's difficult to get more than a minority of people to read explanatory UI copy.

And anyway, given the history of software that treads in this type of gray area, the more likely outcome is lots of people using computers that are bogged down by a few apps doing cryptomining, and thinking that their slow computers are the normal state of technology.

Leave a Comment