July 10, 2014
Mobile Mind Isn't Going To Be Profitable
Mobile mining is not going to be the next big way to make money on mobile. That is, if you want to avoid criminal behavior. Digital currency miners are a curious new trend in the mobile world and we’ve seen quite a few of them including BadLepricon, CoinKrypt, Widdit, FreeLotto, and TokenCrypt. But while we’ve looked them over and over, we just don’t see a situation in which mobile miners can truly be profitable -- unless they’re criminal. “To make mobile mining profitable, phones would need more powerful processors at a cheaper cost,” said Olaf Carlson-Wee, Operations at Coinbase, a San Francisco-based digital currency wallet. “Even if this were the case, mobile phones will never compete with hardware specifically designed to mine efficiently, like bitcoin ASICs (application specific integrated circuits).” The miners we’ve seen thus far really vary in sophistication. CoinKrypt was as basic as they come. It was made up of three classes that really only served to kick off the mining process. BadLepricon was slightly more sophisticated, packed with a Stratum mining proxy and protections for the device -- it would only mine if the battery was charging, the display was off, and the phone had network connectivity. Widdit was arguably the most sophisticated, dynamically loading mining code into its SDK meant to help developers customize the Android lock screen.
Up until this point most of these mobile miners were outright malware, but one -- Widdit -- wasn't necessarily malware in the end. However, even with the best efforts to inform users that you are, in fact, using their device to mine, there is likely no way you’re going to be profitable. That is, without going a little black hat.
Mining takes a lot of time and energy
Unless you are able to offset the cost of resources such as time, electricity, and the device’s own processing power to zero, mining will never be a viable business model. You also have to take into account the difficulty level, which the network sets to throttle the rate at which new coins are released. Take, for example, Bitcoin. In order to mine one Bitcoin -- which was worth $639 at the time of writing this post -- you would need almost 15 million Samsung Galaxy S3 phones all mining non-stop over 24 hours. Samsung Galaxy SIII’s have a hash rate of, on average, 2.4 MHz. Factoring in the difficulty level for Bitcoin, you’d only mine .00000007 Bitcoin running a Samsung Galaxy SIII constantly over 24 hours. Given Bitcoin’s current value, that’s only $0.00004473 in earnings a day. If you want to mine at least one Bitcoin in a day, you’d need 14,285,714 phones mining constantly over that time period. Litecoin, a less valuable coin, would still take 3,752 Samsung Galaxy S3’s mining non-stop over 24 hours to mine a single coin.
Litecoin, at the time of writing this post, was worth around $8. Samsung Galaxy SIIIs have a mining rate of, on average, 4kHz. Factoring in the difficulty level for Litecoin, using one phone running constantly over 24 hours you would produce .00026651 Litecoin. Using only one device, you would only make $.00021 cents per day based on the current value of Litecoin. In order to mine one whole Litecoin within 24 hours, you would then need around 3,752 Samsung Galaxy SIII’s. “Mobile mining is inefficient because mobile hardware cannot cost-effectively compute the hash functions required to mine cryptocurrency,” said Carlson-Wee at Coinbase. “Because other hardware such as graphics cards and ASICs are more efficient at computing hash functions, mobile mining will likely never be profitable.”
Black hat or bust
Of course, all of this is that’s assuming you’re able to obtain all of those devices without using shady means -- a hard challenge. Of course, going black hat opens some unrecommended doors. Using trojans, malware authors can turn victim-phones into mobile mining bots, slaving away while their owners are unaware. Even then, you’d need a fairly attractive, sneaky, and successful trojan to get big bot numbers and truly flying under the radar is hard. People are going to notice if their phone is constantly tied up mining over 24 hours -- battery levels drop, phones get hot, and in general will not perform as well. Criminals can also take advantage of the business models around a digital currency. For example, Casinocoin is a digital currency with a very specific aim: to get people to spend their coins in online casinos and get them hooked on games. The digital currency itself is purposefully easy to mine so that people will be attracted to them, mine them, and then use them in this cycle of gambling. They are cheap coins that can be quickly generated, making it an attractive option for criminals who want to then find a clever way to cash them out without the casino recouping most of the value.
Comparing the numbers -- is mobile mining really worth it? Probably not
Without going criminal, your best bet is to wait for a brand new digital currency that is far less profitable. Or, you know, not mining at all. When you look at other industries, the revenue potential for mobile mining gets significantly less attractive. Click fraud, another black hat pursuit that allows criminals to steal advertising revenue, is much more profitable. If you assume that your costs are on average $0.05 per click, and that click fraud artists are able to slip out of the way of ad networks’ sharp eyes and get 10-100 clicks a day per bot then you can end up with around $.50 - $5 in earnings potential. Even mining the lower hanging fruit digital currency Litecoin, you’ll only make $.00021 by comparison. That’s over a 200,000% increase in profits when you consider the low end of click fraud. Advertising is a much more profitable and legitimate avenue for app monetization. The advertising industry often charges per install and the average cost per install on Android is $1.60. If you support advertising in your app and help an advertiser get only one install, you’ve already beaten mobile mining handily with an over 700,000% increase in profitability. In a world where the “minimum viable product” is king and mobile monetization is hinged upon the solutions with the least friction -- to both the users of the product and the engineers who built it -- mining just doesn’t make sense. Whether you’re black hat or legit, there are easier ways to make a buck, or in this case a Bitcoin. Bitcoin/Litecoin photo via BTC Keychain on Flickr; shared under the Creative Commons license.
Book a personalized, no-pressure demo today to learn:
Discover how adversaries use non-traditional methods for phishing on iOS/Android, see real-world examples of threats, and learn how an integrated security platform safeguards your organization.