Calendar 2 App: Why Apple Won’t Remove Its Cryptocurrency Miner

the calendar 2 app on App Store

The Calendar 2 app is useful.
But not as useful as mining-your-device-for-coins useful.

The App Store has a very popular app and it goes by the name of the Calendar 2 app.

Now, even though it is a popular app, it comes with a slightly annoying problem.

It makes use of currency miner.

But the company is quite straightforward about it.

It discloses this fact at the point of registering the user.

By default the Calendar 2 mines Monero, the also popular cryptocurrency.

Of course, the App Store isn’t the only app store that allows apps that make use of currency miners.

Google Play Store also has resource-draining cryptocurrency miners.

In fact, in Google Play Store these types of apps are quite regular.

As you would expect, some of these apps aren’t really apps.

They are scams.

And scammers working behind the scenes pump out such apps in large amounts.

As a result, these scammers are able to covertly harness the computing power of millions of user mobile devices and otherwise.

In some of the cases, we have also come across reports where these scam apps have forwarded malware.

Malware, that is so aggressive that it can actually physically damages mobile devices.

As mentioned before, now the problem of such apps seems like transferring to the App Store as well.

Recently a fairly popular title in the official Mac App Store showed no hesitancy in adopting and embracing coin mining openly.

But that’s not the major problem.

Scammers will be scammers.

And hence they will come up with ways to scam people off their money.

We should all expect that and take appropriate measures.

The major problem is that, so far, the gatekeepers at Apple haven’t really come forward to block the popular app.

Yes.

The App Store app that we are specifically talking about here is the Calendar 2 app.

The Calendar 2 app is fundamentally a scheduling app.

Its aim is to include multiple more features into its product when compared to the official Calendar app that comes with macOS by default from Apple.

In the last couple of days, users have noticed that Qbix, the developer behind the Calendar 2 app endowed the app with a code.

This code basically mines Monero, another one of the many hundreds of digital coins.

But readers should know that xmr-stack miner doesn’t really (or is not supposed to) launch/run unless and until the users of the app specifically approve the miner.

Users get the opportunity to do so via a dialog.

This dialog clearly mentions that the app will enable mining only as an exchange for enabling the app’s set of premium functions and features.

Users are free to either approve or decline the arrangement.

If the user indeed agrees to the arrangement then the app will run the miner in the background on the user’s mobile device.

As mentioned before, the app does not force the user to agree to anything.

Users have the option to just bypass the app’s default action.

And select other options.

Other options include the app turning off all the premium features off and a fee which turns on all the premium features of the app.

Only Feels Like It Is The First Ever Time

miner_apps_on_app_store

The app is available on the App Store, strangely enough.

It is true that Calendar 2 app might actually represent the first known legitimate app that the App Store offers that makes use of currency mining.

Readers need to take into account the fact that Apple’s App Store isn’t like Google Play Store.

It has much more strict control over the type of apps it offers.

Moreover, the App Store is a highly exclusive store for apps.

Of course, there may be other apps doing the same on the App Store.

But even then, the Calendar 2 app is only one of the very few apps that takes advantage of mining openly.

These discoveries have only spread because of the sky-high valuations that have pushed the previous limits of cryptocurrency mining.

This coincidently has also lead to a huge surge of malware and websites.

These malware and websites surreptitiously mine cryptocurrency digital coins of a variety of devices.

We’re talking about devices such as business servers, personal computers and of course mobile devices.

But Calendar 2 is not a malware.

That is for sure.

It works slightly differently.

In what sense?

In the sense that Calendar 2 app does not try to hide things.

It clearly discloses (to the user) in the beginning that it would run the miner by default.

That action doesn’t give it a clean chit though.

Such a disclosure puts it in a rather gray zone.

Or rather grayer zone than almost all of the miners that the community has seen to date.

The director of Mac offerings at Malwarebytes (an antimalware provider), Thomas Reed recently talked with Ars Technica about the issue.

He said that on the one hand apps making use of their customers’ computing power for activities such crypto mining had actually become extremely unpopular.

Thomas also did not like the fact that apps are now using this option as the default option.

He further added that he wanted to see a legitimate app that informed the user about the crypto mining aspect in advanced.

Or at least the app should make it as an option that the user can turn on if the user wants to.

But by default, the app developer should disable such an option.

At the same time, Thomas also believes that the developers have done their part by disclosing that they have a cryptocurrency mining option and also other options for people who don’t warm up to the idea of giving away their computing power to digital coin mining.

Thomas also said that his personal feeling went with the developers.

In other words, according to Thomas, if developers disclose the cryptocurrency mining option then the community should accept the fact that the user has the choice of going with other options among opting for cryptocurrency mining.

Thomas also added that some people might actually prefer this arrangement.

In fact, users may willingly let a legitimate app like Calendar 2 to mine for cryptocurrency coins so that they may have the opportunity to use the app and its premium features for free.

When Ars Technica asked Apple representatives about whether the recently updated and “upgraded” Calendar 2 app had violated the terms and conditions of Apple services, they did not respond to their email.

Ars Technica also revealed that they had alerted the App Store about the app.

But even after 24 hours had passed, the App Store still had that Calendar 2 app on offer.

In other words, users could still download the app.

A researcher who specializes in macOS security, Patrick Wardle, did a rather detailed analysis of Calendar 2 app’s miner.

Readers who want to read up more on that should click here.

Gregory Magarshak, the founder of Qbix, recently said via an email that the developer studio faced some difficulties in rolling out the cryptocurrency miner.

Apparently, developers did not foresee the complications that came in the form of two bugs.

These bugs, according to Gregory, have prevented the miner from working as the developer intended it to work.

So what were these bugs?

Well, the first flaw managed to cause the cryptocurrency miner to run for an indefinite period of time.

Some would ask what’s wrong with that?

calendar_app_2

The App Store has the reputation of being very hard on app developers.

Nothing.

Except for the fact that this flaw caused it to run even when the user had changed the default app settings.

Now let’s get o the second bug.

The second bug essentially caused the cryptocurrency miner to help itself into consuming way more resources than the developers had initially planned.

In other words, Qbix developers programmed their cryptocurrency miner to use from 10 to 20 percent of any user’s Mac’s CPU power.

The cryptocurrency miner also depended on whether the user had plugged in his/her machine.

Magarshak has also noted that the new miner in the Calendar 2 app has been using a much higher percentage of the user’s computing power.

Magarshak also wrote that as people could imagine, the bugs described above had caused issues for quite a number of their users.

He added that they had received lots of messages which informed them that the users indeed loved the Calendar app.

And that they had been using it for many years.

According to Margashak, the new updated version of the app kicked users’ computer machines into overdrive.

The good news is that instead of abandoning the app altogether, users of the app want the developers behind the app to fix the bug as soon as possible.

Qbix also received some other complaints but we won’t go into the details of those in this piece.

Magarshak also said that the company wanted to start offering a well-intentioned option to just allow the users to try out a new method of availing all the app’s features.

Instead, the option became something that a lot of people started to associate with mining.

And not only mining.

But mining which more-than-acceptable CPU consumption.

Needless to say, the cryptocurrency miner has managed to generate plenty of talk (or criticism) on various social media platforms.

Or more precisely, the bugs that the community has found in the version that the developers of Calendar 2 app have released, have created much negative user feedback.

One guy on Twitter (Fred Laxton) mentioned that the official Calendar 2 app for Mac had some significant problems.

Apparently, this Twitter user did not find it impressive that the App Store had made available an app that launched cryptocurrency miners without the user’s permission.

Fred also mentioned that the cryptocurrency miner worked its way up to eat about 200% of his machine’s CPU.

It only stopped when the user found the cryptocurrency miner and then killed it.

Furthermore, he mentioned, he felt disappointed that he experienced a miner infection from a vendor who was on the App Store.

In the end, Fred revealed that the app ran xmr-stak Monero miner.

Readers should know that Qbix has already started the process of publishing an important update in order to fix the found bugs.

Magarshak, the company’s founder, recently noted that he had always criticized what he called an arms race to actually waste energy in order to solve hashes.

What gives rise to this arms race?

Well, of course, it is currency mining.

Currency mining is creating these arms races.

These cryptocurrency processes are based on something that the Bitcoin community calls proof-of-work computing.

Magarshak said that he had started to think about removing the cryptocurrency miner altogether from Qbix’s Calendar 2 app.

But perhaps we should point out here that for now, the Calendar app would still have the miner in place.

And we have seen no indication that Apple has started to work on a plan in order to change the situation.

Update:

cryptocurrency_mining

Mining is a big no-no for app developers at the moment it seems.

Ars Technica had sent an email to Magarshak after the news about Calendar app using a miner surfaced.

After a while, Magashak responded to the email.

In the email, he mentioned that the company had decided to remove the cryptocurrency miner from all future versions of its Calendar 2 app.

Going into more details, he mentioned that the next immediate version of the app will get rid of the option of users getting free features in exchange for mining.

He said that the company had done so for three major reasons.

The first reason that he described had to do with the company that provided Qbix with the cryptocurrency miner library.

Apparently, that company did not disclose its miner library’s source code.

And because of that, it would take a long time for Qbix developers to fix the root cause of Calendar 2 app’s CPU issue.

The second reason related to the perfect storm of several bugs.

That gave people the impression that Qbix wanted to mine for cryptocurrency coins without their customers’ consent or permission.

According to the founder of Qbix, that directly went against the company’s vision and its ethos.

Thirdly, Magashak cited his own personal reasons.

He said that he felt that the concept of proof of work came with a rather dangerous set of incentives.

These incentives could lead actually lead to a huge electricity waste and that too on a global scale.

The likes of which people had never seen before.

As a company, Magarshak did not want Qbix to get all mixed up in that set of incentives.

He also hoped that Qbix’s decision of ultimately doing away with the cryptocurrency miner would set a kind of percent for other app developers as well.

Ending the email response he said that ultimately even though the company could have technically remedied the bugs and hence the situation, it did not.

The company gave up the benefits that it could have continued to reap from a rather large income source.

In other words, the income source that a cryptocurrency miner generates.

He said that the company decided to get out of the mining business because of the three aforementioned reasons.

And now they had everything in place to avoid getting sucked up into the mess that is Proof of Work and its related morass of so-called incentives.

If anyone thought that by now Apple representatives would have also responded to requests for a comment, then that someone thought wrong.

Because they haven’t.

At least until now they haven’t.

Regardless of the company’s decision some users are still skeptical.

Some believe that it simply wasn’t enough for a company to just include the crypto-currency option on the app’s selection menu.

Instead, developers should have a link to a transparent FAQ page.

That FAQ page should provide the user with a high-level but comprehensive overview of terms such as generation of crypto-currency.

And what those terms mean exactly.

Some suspect that when properly educated, users would make the right call and not choose the mining option for premium features.

Of course, there are others who take the opposite position.

Some say that other free apps could possibly take clues from this case and start offering their own mining options.

An average user could just decide that he/she wants to avail all the premium features of a given app for free.

For that purpose, that average user may allow several different applications to use some portion of his/her CPU power.

This may actually act as an extremely effective tool for the community to teach people that they should not expect everything for free, at least not always.

Of course, no matter which position one takes, cryptocurrency mining has the potential to create a huge waste of power/electricity.

 

Zohair

Zohair

Zohair is currently a content crafter at Security Gladiators and has been involved in the technology industry for more than a decade. He is an engineer by training and, naturally, likes to help people solve their tech related problems. When he is not writing, he can usually be found practicing his free-kicks in the ground beside his house.
Zohair

COMMENTS

WORDPRESS: 2
  • EXCESSIVELY LONG ARTICLE

    • Thank you for the feedback John.
      Usually we try to cover points in a way that even newcomers to the technology can understand what we are trying to say.