Google has updated its developer guidelines for the Google Play store. Under the heading Cryptocurrencies is now states: “We don’t allow apps that mine cryptocurrency on devices.” The announcement comes not long after Google cracked down on cryptojacking extensions in its Chrome Web Store.
This is a good news for Android owners. Over the last year there have been a number of cryptomining attacks on Android. Last year the Coin Miner malware drained the batteries of Android phones. This year a malvertising attack reportedly hit over 60 million Android devices installing Monero cryptomining malware. To top it all off, there were reports that some cryptomining malware was so aggressive it melted mobile devices.
Cryptomining is a major malware problem for more than just Android devices. It has held the top slot in the Check Point Software Most Wanted malware list for a number of months now. Although infections in June slowed, there is no sign it is going away anytime soon.
However, this latest move by Google does not mean it is banning cryptomining outright. The updated policy states: “We permit apps that remotely manage the mining of cryptocurrency.” This means that those who want to write cryptomining apps can still do so but they need to do it through cloud services.
Charities and some web sites have turned to opt-in cryptomining through the browser to boost their income. So far, take-up of the opt-in version has been far less than the use of illegal cryptomining. Will this move by Google boost them? It is unlikely but it wouldn’t be a big stretch for Google to create a cryptocurrency mining platform.
What does this mean
Google has been careful to limit its ban on cryptocurrencies. It acted to stop Chrome extensions as they were becoming a major malware issue. It has now moved against cryptomining on Android by warning developers off. How effective that will be and what checks Google will put in place on the Android store remain to be seen.
Hackers have become adept at producing fake games and getting users to install them outside of the Google Play store. There is nothing that Google can do to stop that except warn users about the risk.
Will we see Google begin to take action against developers such as revoking their Google Developer account? It would be a bold move and, initially, send a message that Google was getting serious.
