Calendar 2 App Oversteps Its Bounds<\/h3>\n
What could have caused all of these problems? It turns out that Calendar 2 versions 2.6.0 and 2.6.1 included a new “feature” that gave users an option to enable all of the app’s advanced features without having to pay the usual $17.99 for them.<\/p>\n (To learn more about\u00a0cryptocurrency mining,\u00a0listen to\u00a0episode 5<\/a> of the Intego Mac Podcast<\/a>.)<\/p>\n The app’s description in the App Store said nothing about cryptocurrency. And according to some App Store reviews, the mining mode was allegedly enabled by default, meaning that users were taken by surprise and did not opt into allowing their Mac to exhibit the\u00a0undesirable behaviors.<\/p>\n Even if users had explicitly chosen to enable cryptocurrency mining, the app itself wasn’t particularly clear about what behavior users could expect. The option within the app claimed that “Calendar app unobtrusively generates crypto-currency in the background,” without further explanation about what that means or how it could potentially impact their user experience.<\/p>\n In any case, the app’s behavior was evidently not “unobtrusive,” and users were very displeased.<\/p>\n After a few popular news sites had written about what was happening, and in the midst of much discussion in public forums such as Twitter, Apple evidently removed the offending app from the Mac App Store on March 12.\u00a0On March 13, Qbix released an updated version of Calendar 2 that appears to have removed the mining capabilities.<\/p>\n If you have an affected version of Calendar 2 installed on your Mac, Intego VirusBarrier<\/a> will warn you by flagging the software as OSX\/Miner<\/strong>. Although not necessarily malicious, affected versions of Calendar 2 could best be described as “potentially unwanted apps” (PUAs, also known as a “potentially unwanted programs” or PUPs); they exhibit undesirable and potentially harmful behavior inconsistent with users’ wishes.<\/p>\n If you’d like to\u00a0read\u00a0a highly technical analysis of an affected version of the Calendar 2 app,\u00a0see\u00a0Patrick Wardle’s write-up<\/a>.<\/p>\n For further discussion of this news story<\/strong>, be sure to listen to\u00a0episode 23<\/a> of the Intego Mac Podcast<\/a>, in which Kirk McElhearn and I discuss this and other topics.<\/p>\n![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/Calendar-2-icon-300x300.png\"){kind=icon}
Several users of Qbix, Inc.’s app Calendar 2<\/strong>, available in the Mac App Store, recently began having some unexpected and undesirable experiences after updating the app. According to App Store reviews, users may have experienced the following strange behaviors:<\/p>\n\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/Calendar-2-Mac-App-Store-reviews.png\")
Calendar 2’s reviews have not been positive. Image: Patrick Wardle<\/a><\/p>\n![\"Monero](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/monero-150x150.png\" "\\"Monero")
That “feature” was that the calendar app would use their Mac’s processing power to mine for the Monero cryptocurrency (similar to Bitcoin) on behalf of the developer.<\/p>\n![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/Calendar-2-Enable-all-features-screen.png\")
\u00a0Calendar 2 was not very clear about what it was doing. Image: Wardle<\/a><\/p>\nDid Calendar 2 Violate App Store Policies?<\/h3>\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/App-Store-icon-High-Sierra-150x150.png\"){kind=icon}
There was some debate about whether or not Calendar 2 technically violated Apple’s