A Mac App Store app called Calendar 2 has been mining a digital coin known as Monero using customers' machines, and Apple took no action against the app despite knowing about it for at least 24 hours.
As Ars Technica points out, Calendar 2 is supposed to have an opt-in feature that allows users to choose to let the app mine cryptocurrency to unlock paid features that normally require an in-app purchase, but instead, it's been bugged and has been mining Monero by default.
Surprisingly enough, Apple has allowed the Calendar 2 app to remain available in the Mac App Store despite the fact that it openly embraces cryptocurrency mining. Ars Technica asked Apple if the app violated App Store policies, but did not receive a response, and more than 24 hours after Ars contacted Apple, the app remains available for purchase in the Mac App Store.
It's not clear if Apple has left the app in place because it approves of allowing cryptocurrency mining in the Mac App Store as a way to enable paid features or because Mac App Store apps often receive little attention from the company.
Regardless, because of the attention the feature has received from the media today, Qbix, the company behind Calendar 2, has decided to remove the feature from the app. Qbix founder Gregory Magarshak told Ars Technica that the currency miner's rollout had been complicated by bugs that prevented it from working as intended, with the miner running continuously even when not approved by the user. Other bugs caused it to use too much of a Mac's resources.
Magarshak originally said Qbix would update the app to fix the bugs, but he later told Ars that Qbix has decided to remove the miner in the app, so there will be no way to get free features via cryptocurrency mining going forward. From an email he sent to Ars Technica:
We have decided to REMOVE the miner in the app. The next version will remove the option to get free features via mining. This is for three reasons:
1) The company which provided us the miner library did not disclose its source code, and it would take too long for them to fix the root cause of the CPU issue.
2) The rollout had a perfect storm of bugs which made it seem like our company *wanted* to mine crypto-currency without people's permission, and that goes against our whole ethos and vision for Qbix.
3) My own personal feeling that Proof of Work has a dangerous set of incentives which can lead to electricity waste on a global scale we've never seen before. We don't want to get sucked into this set of incentives, and hopefully our decision to ultimately remove the miner will set some sort of precedent for other apps as well.
Even though the features are going to be removed from the Mac App Store app, it continues to be unclear how Apple feels about cryptocurrency mining within apps and if the company's apparent indifference on the issue is going to lead to additional Mac apps attempting to go this path to implement features in exchange for processing power.
Websites and malware have been sneakily mining for currency by taking advantage of unsupecting users, but Calendar 2's method of openly offering features in exchange for free mining is new to the Mac App Store.
Update: Calendar 2 is no longer available from the Mac App Store, but it is not clear if it was removed by Qbix or pulled by Apple.
Update 2: Apple did indeed pull the Calendar 2 app from the Mac App Store after learning of the currency mining issue. Qbix says it worked with Apple to remove the feature and introduced a new version of the app with no mining.
1st of all lets give credit where due: an hour after we updated Ars about removing the mining feature, Apple removed our app citing 2.4.2 &worked w us to put it back on the store. New release has NO mining and we are giving all old&new Calendar users ALL features free for a YEAR. — Qbix Apps (@QbixApps) March 13, 2018
