Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Google Play Store Bans Android Cryptocurrency Miners

August 1, 2018

Naked Security reported on July 30th that Google has banned apps that mine for cryptocurrency, prohibiting them entirely from its official Google Play Store. Apple made the same move in June.

Google quietly updated its developer policy page with the following statement: "We don't allow apps that mine cryptocurrency on devices. We permit apps that remotely manage the mining of cryptocurrency."

The policy change means that programs using the device's own processing power to mine cryptocurrency will no longer be allowed in the official Google Play Store, but that Google still allows programs that manage cryptocurrency mining services operating elsewhere.

In April, Google banned cryptocurrency mining extensions for its Chrome browser from the Chrome store. This may stop cryptomining, where people voluntarily give up their phone's processing power to generate digital coins. It is less likely to stop cryptojacking, where apps deliver a legitimate service but also do some cryptomining on the side without the user's explicit consent.

Cryptojacking has been a growing problem in Android apps. Last year, cryptomining code was found in several apps that had been approved by the Google Play Store. In April, researchers discovered that users had downloaded various Play Store apps that secretly mined for cryptocurrency more than 100,000 times.

A lot of cryptojacking malware is delivered secretly, because the apps download their malicious code after the user has installed them. Some of them retrieve their cryptojacking code via mobile ads. This makes it harder for Google's automated malware scanning tools to find them. Google has in the past removed apps that it discovered were cryptojacking.

Google also cleaned up its YouTube network after it found the ads delivered via the Google-owned DoubleClick advertising service were turning viewers into cryptocurrency miners without their knowledge or consent. It had to erase the ads, which used JavaScript code, to stop them compromising users' computers and mining using their processing power.

It's worth pointing out that the consequences for badly-managed mining on a phone can be more severe than on a PC. The Loapi malware, which mined for cryptocurrency without the user's consent, ruined a phone in 48 hours by overloading its processor so much that the battery swelled up and burst the phone's case.

I can only imagine the fury of people whose phones were destroyed!

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson