Naked Security reported on July 30th that Google has banned apps that mine for cryptocurrency, prohibiting them entirely from its official Google Play Store. Apple made the same move in June.
Google quietly updated its developer policy page with the following statement: "We don't allow apps that mine cryptocurrency on devices. We permit apps that remotely manage the mining of cryptocurrency."
The policy change means that programs using the device's own processing power to mine cryptocurrency will no longer be allowed in the official Google Play Store, but that Google still allows programs that manage cryptocurrency mining services operating elsewhere.
In April, Google banned cryptocurrency mining extensions for its Chrome browser from the Chrome store. This may stop cryptomining, where people voluntarily give up their phone's processing power to generate digital coins. It is less likely to stop cryptojacking, where apps deliver a legitimate service but also do some cryptomining on the side without the user's explicit consent.
Cryptojacking has been a growing problem in Android apps. Last year, cryptomining code was found in several apps that had been approved by the Google Play Store. In April, researchers discovered that users had downloaded various Play Store apps that secretly mined for cryptocurrency more than 100,000 times.
A lot of cryptojacking malware is delivered secretly, because the apps download their malicious code after the user has installed them. Some of them retrieve their cryptojacking code via mobile ads. This makes it harder for Google's automated malware scanning tools to find them. Google has in the past removed apps that it discovered were cryptojacking.
It's worth pointing out that the consequences for badly-managed mining on a phone can be more severe than on a PC. The Loapi malware, which mined for cryptocurrency without the user's consent, ruined a phone in 48 hours by overloading its processor so much that the battery swelled up and burst the phone's case.
I can only imagine the fury of people whose phones were destroyed!
E-mail: firstname.lastname@example.org Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology