This article was published on June 12, 2018

Google should learn from Apple’s cryptocurrency guidelines

Apple's new cryptocurrency guidelines are strict but needed


Google should learn from Apple’s cryptocurrency guidelines

It appears that Apple has learned its lesson when it comes to tackling cryptocurrency scams. The company has amended its app store review guidelines to extend its section on cryptocurrencies.

The new guidelines lay out the dos and don’ts for iOS developers building cryptocurrency and blockchain apps. Among other things, the document includes instructions on mining, wallet and exchange services, initial coin offerings (ICOs), futures and securities trading, and cryptocurrency-based rewards.

On the face of it, the  new guidelines may seem somewhat restrictive for cryptocurrency businesses, and users are already complaining on social media. But, the additional vetting may, in fact, help fight one of the biggest menace in the industry — phishing attacks and malware.

Here are the two clauses related to cryptocurrency mining, for example:

2.4.2 Design your app to use power efficiently. Apps should not rapidly drain battery, generate excessive heat, or put unnecessary strain on device resources. Apps, including any third party advertisements displayed within them, may not run unrelated background processes, such as cryptocurrency mining.

3.1.5 (b) (ii) Mining: Apps may not mine for cryptocurrencies unless the processing is performed off device (e.g. cloud-based mining).

For anyone who has attempted to mine cryptocurrency on their mobile device would know that it is simply not profitable to do so. The cost you will incur in terms of electricity consumption (having to constantly charge your phone’s batteries) and harming your device by subjecting it to excessive heat will far outweigh your revenue from the mining.

The only way to make money with mining on phones is when you are using someone else’s device to mine. That way, you get all the rewards from the mining while someone else is paying the costs — which is exactly what scammers do.

Cryptocurrency mining malware (also known as crypto-jacking) is one of the most rampant running virtual currency scams right now. Scammers have infected the websites of governments, educational institutes, organizations, and even tech companies (such as Lenovo and D-Link) with the Coinhive malware. This allows them to mine cryptocurrency with the processing power of unsuspecting users’ devices. The same is true with mobile apps.

With this in mind, it is vital that apps running cryptocurrency mining in the background are kept in check, which is exactly what Apple is doing with its new guidelines. The fact that apps that run cloud-based mining are allowed is also in favor of the users. The user’s device can’t be exploited in cloud-based mining, and they can choose to participate if they find it profitable.

The other guidelines dictate that only organizations deemed appropriate will be allowed to run apps that offer cryptocurrency related services.

  • Wallets: Apps may facilitate virtual currency storage, provided they are offered by developers enrolled as an organization.
  • Exchanges: Apps may facilitate transactions or transmissions of cryptocurrency on an approved exchange, provided they are offered by the exchange itself.
  • Initial Coin Offerings: Apps facilitating [initial coin offerings (ICOs)], cryptocurrency futures trading, and other crypto-securities or quasi-securities trading must come from established banks, securities firms, futures commission merchants (“FCM”), or other approved financial institutions and must comply with all applicable law.

Now, if you don’t know what happens when you let anyone create such apps, look to Google Play Store.

The software distribution platform for Android devices is full of cryptocurrency malware.  Indeed, Google Play has hosted fake apps disguised as popular cryptocurrency services such as MetaMask, MyEtherWallet, and Poloniex on a number of occasions. Although Google purges such malicious instances regularly, it is often after hundreds of users have already downloaded them.

This is precisely what Apple’s new guidelines aim to tackle: not allowing such mishaps in the first place.

As far as ICOs are concerned, I don’t think anyone needs a reminder how frequently they turn out to be scams or phoney. Authorities and cryptocurrency businesses across the globe are working together to offer regulations-compliant ICOs, and it makes sense for the App Store to make an exception for such apps.

Cryptocurrency is money, and while tech savvy users know not to risk their investments by installing software from shifty developers, many crypto-newbies don’t. Forbidding such apps on the App Store could go a long way in eliminating this possibility altogether.

As a cryptocurrency nerd and an iPhone user, I am quite content with the guidelines. It is agreeable that Apple puts the security of its users ahead. I hope Google follows suit with its Play Store as well.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with