Last week, users discovered that two of the snap packages uploaded by user Nicolas Tomb in the Snap Store, namely 2048buntu and Hextris, mined cryptocurrency in the background while the applications were running without user’s knowledge. Canonical immediately removed the apps from its Snap Store.
Now, the company behind the popular Ubuntu Linux operating system is addressing the issue saying it has no rules against mining cryptocurrencies through snap apps if the developer informs users about this. As Nicolas Tomb didn’t inform users that his apps are mining for cryptocurrencies, the apps were removed.
Canonical also said that mining cryptocurrency is not illegal, nor unethical, so the only thing the publisher did wrong is not to inform users about his snap apps mining for cryptocurrency in the background. Nicolas Tomb informed Canonical that his goal was to “monetize software published under licenses that allow it.”
In the lengthy blog post, Canonical explains that it doesn’t have the manpower to review hundreds of thousands of incoming source code lines from snap packages published in its Snap Store every single day. Therefore, it urges users to install apps only from trusted sources and developers.
With that in mind, the company promises to enforce the security of its Snap Store by implementing the ability to flag specific publishers as verified, helping users with their decision to install a certain snap from the Snap Store, which currently contains more than 3,000 packages for open source and closed source apps.
Submitted by: Arnfried Walbrecht