14 DAY TRIAL // Canonical has released a statement to inform the Linux community about the actions it took on the snap package discovered to mine cryptocurrency in the background when it was running.
Last week, users discovered that two of the snap packages uploaded by user Nicolas Tomb in the Snap Store, namely 2048buntu and Hextris, mined cryptocurrency in the background while the applications were running without user's knowledge. Canonical immediately removed the apps from its Snap Store.
Now, the company behind the popular Ubuntu Linux operating system is addressing the issue saying it has no rules against mining cryptocurrencies through snap apps if the developer informs users about this. As Nicolas Tomb didn't inform users that his apps are mining for cryptocurrencies, the apps were removed.
Canonical also said that mining cryptocurrency is not illegal, nor unethical, so the only thing the publisher did wrong is not to inform users about his snap apps mining for cryptocurrency in the background. Nicolas Tomb informed Canonical that his goal was to "monetize software published under licenses that allow it."
"It is misleading if there is no indication of the secondary purpose of the application. [...] There are no rules against mining cryptocurrencies, but misleading users is a problem," said Canonical. "The snaps released by that publisher have since been unpublished and will be re-published with proper content by a trusted party."
Canonical promises to enforce the security of its Snap Store
In the lengthy blog post, Canonical explains that it doesn't have the manpower to review hundreds of thousands of incoming source code lines from snap packages published in its Snap Store every single day. Therefore, it urges users to install apps only from trusted sources and developers.
With that in mind, the company promises to enforce the security of its Snap Store by implementing the ability to flag specific publishers as verified, helping users with their decision to install a certain snap from the Snap Store, which currently contains more than 3,000 packages for open source and closed source apps.
By design, the Snap package format is very secure as it runs the enclosed app in a sandbox, just like Flatpak and AppImage. However, Snaps aren't only running in Ubuntu, but on a wide range of Linux-based operating systems, including Arch Linux, Solus, OpenSuSE, Fedora, Debian GNU/Linux, Gentoo Linux, Linux Mint, OpenWrt, and others.