Tuesday, March 13, 2018

Calendar 2 pulled from App Store after cryptocurrency mining feature goes rogue

A popular calendar app for the Mac has disappeared from Apple’s App Store after it was found to be mining cryptocurrency without the user’s permission.

We should note right off-the-bat that the app in question, Calendar 2, was upfront about its usage of the Mac’s CPU for mining cryptocurrency (Monero), and this was actually concocted as a (rather novel) alternate payment method to unlock premium features.

In other words, Calendar 2 had both a free version and a version with advanced features that could be unlocked via a one-off or subscription payment – but if you didn’t fancy either of the former, you could unlock the additional features by giving the app permission to use your processor to mine cryptocurrency.

Mining without permission

The problem was that even if the user was running the free version of the app, and hadn’t given said permission, the software was still mining cryptocurrency – and this happened thanks to a bug, the developer (Qbix) explained.

As Apple Insider reports, Qbix founder Gregory Magarshak also admitted that a second bug existed which caused the mining process to consume more CPU cycles than the intended 10-20% of processor usage.

Following these discoveries, Magarshak issued a statement to say he was removing the mining feature from the app, but Calendar 2 subsequently got yanked down from the Mac App Store (and remains unavailable at the time of writing).

It’s not clear whether the developer removed the app or Apple pulled the software. What also isn’t clear is Apple’s stance on this potential new way of paying to unlock premium features.

Mining minefield

Certainly this episode points out the potential dangers in running such a cryptocurrency mining scheme to unlock an app’s advanced features, most notably the possibility of mining happening without the user’s consent or knowledge.

The other potential bugbear here is the fact that the miner was grabbing more than the intended processor usage, and policing that could be a tricky matter. That said, if loads of CPU resources are being erroneously grabbed, the impact on the Mac’s performance will obviously become quite noticeable.

Indeed, surely Apple will be concerned if this sort of mining payment method is in danger of appearing to make its computers seem like they’re running sluggishly.

Still, there will doubtless be attractions for some in what’s certainly an innovative way to get premium features for what seems like a very small outlay, but we have to bear in mind that it is a continuous outlay (and the increased level of CPU usage will draw extra power which will be reflected on your electricity bill).

We’ll just have to see what happens in the future with Calendar 2, and more broadly, whether Apple will take a stand against this sort of scheme in its terms for developers hoping to get their wares on the App Store.

Let’s not forget that all this, of course, is happening against a backdrop of increasingly prevalent crypto-mining malware.

Via Apple Insider



from blogger-2 http://ift.tt/2FR2LAV
via IFTTT

No comments:

Post a Comment