Mac app 'Calendar 2' mined cryptocurrency by default, removed from Mac App Store
Popular Mac app "Calendar 2" recently added a "payment" option that uses customer computers to mine the cryptocurrency Monero in exchange for free access to premium features, but a bug in the app's code allowed the miner to run indefinitely even when users opt out of the default setting.
As outlined by ArsTechnica, Calendar 2 developer Qbix integrated an xmr-stack miner that runs when users agree to default terms. Specifically, users are presented with a dialog box that notes the app dedicates CPU cycles to mining digital coins in return for access to premium features.
Though set as the default option, customers can elect to pay a one-time fee or subscription rate to unlock all premium features. Alternatively, users can access a version of the app without any extras for free.
Unfortunately, Qbix founder Gregory Magarshak in a statement to the publication said the mining rollout has run into two issues, the first being a bug that caused the miner to run even when the default setting was not selected. A second flaw allows the miner to consume more than the designed 10 to 20 percent of a host Mac's CPU duty cycle.
Apple failed to respond to requests for comment on Calendar 2's mining activities, specifically whether they breached App Store terms of service, and allowed the app to remain on the App Store. The company's guidelines are largely undefined when it comes to cryptocurrencies, and there appears to be few contingencies in place for strategies like the one put in place by Qbix.
In response to the report, Magarshak decided to remove the mining function from his app, citing problems with the miner's source code, the feature's buggy launch and a personal distaste of "proof of work" computing.
As outlined by ArsTechnica, Calendar 2 developer Qbix integrated an xmr-stack miner that runs when users agree to default terms. Specifically, users are presented with a dialog box that notes the app dedicates CPU cycles to mining digital coins in return for access to premium features.
Though set as the default option, customers can elect to pay a one-time fee or subscription rate to unlock all premium features. Alternatively, users can access a version of the app without any extras for free.
Unfortunately, Qbix founder Gregory Magarshak in a statement to the publication said the mining rollout has run into two issues, the first being a bug that caused the miner to run even when the default setting was not selected. A second flaw allows the miner to consume more than the designed 10 to 20 percent of a host Mac's CPU duty cycle.
Apple failed to respond to requests for comment on Calendar 2's mining activities, specifically whether they breached App Store terms of service, and allowed the app to remain on the App Store. The company's guidelines are largely undefined when it comes to cryptocurrencies, and there appears to be few contingencies in place for strategies like the one put in place by Qbix.
In response to the report, Magarshak decided to remove the mining function from his app, citing problems with the miner's source code, the feature's buggy launch and a personal distaste of "proof of work" computing.
Following the report and subsequent statement from Magarshak, Calendar 2 is no longer available for download on the Mac App Store. Whether it was Apple or Qbix that pulled the app is unknown.We have decided to REMOVE the miner in the app. The next version will remove the option to get free features via mining. This is for three reasons:
1) The company which provided us the miner library did not disclose its source code, and it would take too long for them to fix the root cause of the CPU issue.
2) The rollout had a perfect storm of bugs which made it seem like our company *wanted* to mine crypto-currency without people's permission, and that goes against our whole ethos and vision for Qbix.
3) My own personal feeling that Proof of Work has a dangerous set of incentives which can lead to electricity waste on a global scale we've never seen before. We don't want to get sucked into this set of incentives, and hopefully our decision to ultimately remove the miner will set some sort of precedent for other apps as well.
Ultimately, even though we technically could have remedied the situation and continued on benefiting from the pretty large income such a miner generates, we took the above as a sign that we should get out of the "mining business" before we get sucked into the Proof of Work morass of incentives.
Comments
For instance, while I’m reading a book on my IPad, I might benefit from an app mining CC. But there are unknowns...
How long does it take to make X dollars? How much power (and cost of that power) is mining using?
The cost of powering the device might be more than the mining of CC...
If you use apps that integrate CC the user might benefit. But, what about the users parent that gets the electronic bill?
Allowing CC in apps (not dedicated to mining) sounds like a lawsuit waiting to happen. They’re like unapproved micro transactions...
Can iOS be exploited like this?
Performance wise, I can happily run the miner while I'm working in something like MS Word or Access but it is impossible to do serious computing while it runs in the background (large inventor model or rendering for example).
It's definitely a money maker but I can't imagine a miner restricted to 10-20% of cpu usage generating huge sums.
I did check its resource usage and while the Network numbers are 0, why does a calendar app need 9 threads?