First Google’s Chrome Store clamped down on crypto mining extensions. Now it’s decided that any apps which are used for cryptocurrency mining activities on devices are to leave its Play Store as well, and not come back. Only those crypto mining apps used to manage cryptocurrency remotely will be allowed to be submitted, or to stay if already in the store.
In banning the apps on devices, Google has joined Apple, which last month banned crypto mining apps completely from operating on the iPhone device itself, allowing them only to continue off device or cloud-based mining.
Neither company has issued detailed explanations for the bans. Google’s Play Store just puts it bluntly under a striking banner labelled “Restricted Content” and decorated with a No Entry sign: “We don’t allow apps that mine cryptocurrency on devices. We permit apps that remotely manage the mining of cryptocurrency.” And even that permission might end up having to be withdrawn.
90% of Extensions Broke the Rules
A statement from James Wagner, Product Manager of Google Chrome’s Extension Platform, at the time of the earlier extension ban said the platform had permitted the mining extensions as long as that was the single purpose of the extension, and the user knew about it.
However, almost 90 percent of those that developers had tried to upload to the store had failed to stick to these restrictions and had been removed or rejected. Wagner said the same capabilities that had enabled developers to build a catalog of extensions to help users, had attracted malicious software which abused the platform to the detriment of users.
Crypto Mining becomes Cryptojacking
Hidden behind these bans is clearly the rise in cryptojacking, which has seen malicious extensions which look useful on the surface secretly embedding crypto mining scripts without consent from the users. These hijack CPU resources and impact on both the device’s performance and the power consumption.
One of these, identified in December last year, advertised itself as improving users Tumblr experience. It had over 100,000 users which were not asked for permission and unaware of inc-browser crypto mining that was going on for some weeks.
And very often goes further than just hijacking CPU resources and power. That’s when even the extension has been hijacked. So not only are users unaware of what’s going on, but so are some of the developers who initially created what they thought were useful extensions.