I only read the first part of the article, but having dealt with Drive API scopes and their issues previously, I feel there is just a major misunderstanding here.
The "fully open" Drive API read/write scopes should be highly restricted by default (because they essentially give you access to a user's entire drive), and these are the ones that Google added much more stringent security requirements a couple years ago, e.g. requiring a security audit.
However, there is also a much less sensitive Drive API scope, 'drive.file', which is non-sensitive. It lets an app read and write only files the app owns (or read files a user picks through the file picker control).
Thus, I don't understand why the ia.net app would require more than the drive.file scope. I have no doubt that Google's messaging wasn't clear on the transition process when they first created drive.file scope (and I personally wasted a ton of time with bugs in Google's own file picker when using that scope), but it is a much better solution.
This is exactly right.
I just finished the process to get drive.readonly for my app. It was a huge pain in the ass, and Google was not very helpful. Google recommends you pay $720 for a CASA lab assessment, which consists of some random dude in an apartment in SF running an open source script against a .zip of your codebase, then that guy emails Google saying you "passed".
However, the goal is noble, to prevent malware and scam apps from accessing people's drives. It doesn't sound like the app from the article needs these more restricted scopes.
Being a huge pain in the ass probably does filter out a lot of trivial malware that doesn’t have the resources to jump though these hoops, especially when it might only last a week or so before they get shut down and have to start again.
Perhaps Google should have pointed this out in its review instead of just recommending read-only access.
Doesn't that mean that the app wouldn't be able to edit a document created elsewhere.
Including documents created by their own web or desktop client.
And it's odd that Google thinks that writing to files is significantly worse than reading. What benefit does a hacker have to update your private photos or bank details versus reading them.
The user can use a file picker to select individual files as well.
So then the app can't have Recent Files functionality.
Or open the last file the user was editing as it may have been edited elsewhere.
Seems pretty unworkable for a text editor.
Only if you absolutely insist on creating your own special snowflake file picker UI instead of using the OS file picker
Those seem pretty minor, and are you sure Google doesn't allow a way for permission on the file to persist?
Even if it doesn't, you can access recent files from the Drive file picker.
I don't think that's true, doesn't the file picker have recent files in it?
> Or open the last file the user was editing as it may have been edited elsewhere.
When is this a particular use case? Auto open a file I opened elsewhere?
> Create new Drive files, or modify existing files, that you open with an app or that the user shares with an app while using the Google Picker API or the app’s file picker.
Yeah, this should do the trick. From the cursory look seems like there’s no Google Picker UI for Android though?
Google actions are somewhat ridiculous here (they should audit iA’s app, not their cloud), but the reason is pretty solid IMO. If you choose an overly broad scope, be prepared for scrutiny.
it's a text editor. Users expect to edit files in any random directory they'll make on drive, not in the containment scope that doesn't work with users' writing habits.
I wouldn't want any text editor app to have full rights to my Google Drive. I literally recently implemented a similar feature (not for a text editor but for an app that needed to pull files from many different sources), and it's not that hard, i.e. giving easy access to local files and then using the picker control for "Drive imports".
The problem here is the original app developer had full, willy-nilly Drive access, and when Google rightfully locked down this level of access (and, mind you, didn't prohibit - I've gone through the Drive restricted scope verification process and it's not as hard as this blog post is making it out to be), the developer didn't take the time to see what was necessary to comply.
Again, I have no doubt Google could have given better instructions on how to migrate to the drive.file scope or how to use the restricted scopes. But Google has been warning about this for many years now, so seems like this dev just scrambled at the last minute.
> I wouldn't want any text editor app to have full rights to my Google Drive.
What text editor do you use on your laptop/desktop/pc?
Primarily vim or VSCode, why?
From the description, the app launches an OS controlled file picker. Once the human picks a file, the app is given a file handle with read/write permissions. Any file is fair game to be used within the app, but the application does not get to know anything about the file system.
This sounds like the user has to navigate to the file from the app’s file picker each time they want to open the file, instead of being able to open the file from the Files app. This would also mean that the app can’t maintain a “recent files” list (or bookmarks) for the user to be able to quickly reopen a previously opened file, because that wouldn’t be going through the file picker.
To be blunt: how do you know it's not an exfiltration app that will suck down your entire Drive and upload it to their sponsor's ML training engine?
Text editors are great, but hand-installed editors[1] running on the local filesystem of a developer-maintained personal device are a very different threat model than an app available to everyone in the Play Store.
[1] And even then they tend strongly to be boosted by a large community of (usually) open source developers attesting to it, usually by inclusion in something like a "Linux Distro" which carries a strong promise of well-audited software. Emacs and VSCode and whatnot skate on reputation, basically, but the community tends to frown on "here: download my new binary tool for all your editting needs!".
yeah I think android's policy is pretty reasonable here. if you're gonna have read/write access to everything in my google drive, you should be scrutinized pretty heavily.
Strong disagree.
Part of my disagreement comes from the fact that the process is inconsistent and time-consuming from Google's end. If you read more of the article, you can get a glimpse of how poorly it's run. And iA have been lucky here. Some apps submit to Google for OAuth approval and get stuck waiting for approval for years.
But another part comes from the fact that drive.file access is not enough for some apps, and iA Writer falls into that category. Some apps really do need full access. (But Google told them they only need read-only access, lol.)
Additionally, having been though the CASA process, it has been pure security theater. No offense to the people working on it, because I'm sure they have good intentions, but letting developers run a python script on their app to self-report vulnerabilities really doesn't solve anything. I suspect this is why Google took away the free option and are requiring a review by a security lab.
The problems with this is that Google only guarantees a minimum cost, not a maximum cost, and that not every company is in a position to let the lab Google has partnered with see their code. And finally, I'm skeptical at how much a security lab is going to find with a quick check on a small payment.
And frankly, Google Drive access is not worth the cost. Even if it's $500/year in fees, + time working with the lab (which, as iA pointed out, can be a huge opportunity cost), in most cases, the kinds of apps that need full access won't suffer $500/year in damages by removing Google Drive support.
And Google Drive doesn't exist in a vacuum. There are other cloud storage solutions out there. Amazon doesn't make developers jump through their ridiculous hoops to access the S3 API.
> But another part comes from the fact that drive.file access is not enough for some apps, and iA Writer falls into that category.
How so? (I agree that the readonly category doesn’t work for iA, but drive.file should be fine IMO.)
> Amazon doesn't make developers jump through their ridiculous hoops to access the S3 API.
With S3, you only get access to your app’s data, not everything user has. If that’s what you want drive.file or drive.appfolder permissions are what you need: https://developers.google.com/drive/api/guides/api-specific-...
FWIW they don't allow developers to self verify any more (as of this year).
Recently, there have been scam Android apps in India that request access to users’ contact lists. These apps then blackmail users by threatening to send deepfake videos to their contacts, falsely accusing them of heinous acts like rape.
Tragically, some individuals have even committed suicide due to this blackmail(1). So dozens of people have actually killed themselves because they mistakenly gave a permission on their phone.. just let that sink in.
Google is in a difficult position. On one hand, they need to protect user data with strict security measures. On the other hand, these measures can be seen as overly restrictive. It’s a delicate balance, and unfortunately, there’s no easy solution.
(1) https://www.thequint.com/news/india/bbc-chinese-loan-app-doc...
The world would benefit of a better solution that is for the Indian Justice system deal with the issue.
We've had to go through this process for the app I have, and it definitely was cumbersome and makes the process a huge pain. Fortunately, after a while Google often lets you switch to a Tier 1 assessment, which involves using various tools to analyze your code and make improvements without shelling out a ton of money.
At the same time, Google is in a tough spot here. The files and documents in your Google Drive (or Gmail) are incredibly sensitive. One possible solution is using the https://www.googleapis.com/auth/drive.file OAuth scope, which only lets you access files a user has explicitly shared with the app. I'm curious if iA Writer has limitations that makes this a bad user experience, but from a user security point of view, I can see why I want the apps that get to see my whole Google Drive audited too.
[1] https://developers.google.com/drive/api/guides/api-specific-...
As a user of Google drive, I’m so glad it works like this. I have a ton of random apps that store stuff in my drive that I don’t fully trust, and it’s very reassuring that they only have permission to read the files that they created.
I’m certain that if the full drive access was easy to get, they would all use that as the path of least resistance. And some of those apps would be sucking all of my data out to some random server.
Yup. And it needs to be something that has to be done regularly, either every time the app updates or on a fixed schedule. Otherwise you would get a similar ecosystem that happened with some browser extensions, where a benign developer goes, writes an useful app, gets the permissions for that and a user base, then some shady company comes and acquires the app and updates it to use the permission to suck up all data.
Sure it's an annoying process for developers, but Google has to think of the user privacy when creating the policies around these kind of permissions.
The bureaucracy involved in getting anything into any of the app stores basically make them untenable for side-project/one-man-band developers. At first it felt like a democratization of distribution, but now it's completely turned around, and is worse than before app stores, as the app store is effectively a monopoly on that particular platform (yes, I know you can get around that on Android, but most people won't/don't). And desktop OS are trying to move that way as well. I guess web-apps are probably the only real solution.
I respect the "fine we'll take our ball and go home then" approach to put some actual pressure on Google.
I do wonder if they could have just chosen to stop offering Google Drive support on Android and instead pivot to storing content on their own servers with a simple data export option, or using something like Dropbox instead.
It really seems like this latest cloud compliance battle was just the straw that broke the camel's back, and the real problem is that the Android app wasn't earning that much money as it was, so this was a convenient time and reason to kill it.
Why do all android app roads always lead to Google's app store? Why not move everything to another app store, such as Amazon's? All the code, work, time, and other sacrifices aren't worth giving them a shot?
You get a lot of organic installs from Google Play Store, and almost none from alternative stores like Huawei or Amazon Store.
This is because it is where there is the traffic.
Not all stores are created equal.
If you use non Play Store stores on a device with the Play Store you will get a lot more prompts constantly reminding you of how unsafe it is and how comfy and warm it was back on the Play Store.
Google are damned if they do and damned if they don’t on that, but it is deserved, they have burned so much goodwill in the Android space.
> If you use non Play Store stores on a device with the Play Store you will get a lot more prompts constantly reminding you of how unsafe it is and how comfy and warm it was back on the Play Store.
I am an F-Droid user, and I have only ever seen this a single time, when I first enabled sideloading in a pop-up. Maybe it's only a Samsung thing, but I have never gotten a Play Store nag related to third-party software stores in my life.
Do those fdroid installed apps auto update?
Ask Epic Games. The short answer is that you will not make very much money from your Android app if it isn't in Google's store.
That's because everyone is using the google store. If a critical mass of software moved to an <alternative store>, maybe even become cheaper (because that store only takes 20% instead of 30%), people would switch.
It's like chat applications... if most of your friends are using MSN messenger, you'll be using it too... if most of them also use icq, and it's cheaper than MSN, and it also has two more friends that don't use MSN, you'll switch to icq.
Users have basically no reason to move over because they have no problems with the play store. Apps only move over for their own business reasons like saving on fees or avoiding privacy restrictions.
...or avoiding google fees for in app purchases.
...or avoiding freedom of speech limitations (telegram).
etc.
The problem is, that you now have to go to that services' site, download the apk there and then get promptet "an update is available", download, install, etc., with the benefits of a package management system. You have alternative stores like f-droid, but there are almost no apps there, that would make "normal users" install it... for now. Same for others.
The fees can be avoided by making the subscription on the web ui and then continuing to use the main app.
The speech restrictions maybe have some merit, but right now Telegram basically only restricts extreme hate speech / borderline terrorist content to mobile users. The majority of users don’t care to access this anyway.
Telegram restricts a lot of stuff on the play store version, be it piracy related or just basic news from eg. russian sources or any other country that the EU/US/google doesn't like. App downloaded directly from telegram.org doesn't have such limitations. Considering the pressures from EU, I guess they'll have to censor that too relatively soon... maybe even everything pro-trump. Sometimes you want other news sources than the bbc/cnn.
you need a store where the cost to use it in parallel is so low that companies are willing to take the chance.
One of those costs imposters and bad players using the alternative store.
I would settle for apps proving the files for sideloading on their website, and the vast majority wont even do that.
In short, Google bureacratized them almost to death over Google Drive access, and then offered up a solution where they pay KPMG for an annual audit.
But the audit would cost them two months of revenue, every year.
So:
> So, as of today, we’re not just accepting our frozen-in-carbonite fate. We’re embracing it. We’re going to take the app offline.
By making a native app, you're donating free developer time to the platform owner. If they're not making it worth it for you, screw them.
To some extent, if you can’t afford a yearly audit, you can’t afford unlimited access to users sensitive documents. It’s much like handling credit card data or toxic waste. Most people and small orgs should avoid it at all costs.
Thankfully Google offers a lot of less risky permission scopes that don’t require audits.
Yeah that seems totally fair. How many users really intend to give full access to an app made by someone that can't afford $500/year? Most non-devs would be sketched out
Some comments are asking, “Why not just ditch Google Drive support?” Well, how would a cloud-enabled writing app do on Android without Google Drive support? About as well as the same app on iOS without iCloud support — roadkill, I expect.
I’ve used iA Writer on many platforms for years and I love it. It’s a simple Markdown editor that stores stuff in your cloud of choice. There are a million of these apps, but iA Writer has been high quality and regularly updated for a long time.
It seems like the entire fight is over Google Drive, which is not a hard requirement for pretty much any Android app. While Google's behavior here strikes me as ridiculous, dropping Drive support seems much more rational than dropping Android support entirely.
This was just the author's current issue on Android. In another month or two it would have been something else. I fought similar battles for the better part of a decade before finally giving up when Google's policies made it so that even keeping apps running (at least in my case) was an economic non-starter. The sheer amount of bureaucratic B.S.[1] they constantly fling at you while simultaneously bit-rotting existing applications is insane.
[1] Sometimes it's related to their store listing policies which are constantly changing, sometimes it's related to taxation in a specific country, sometimes it's related to laws in a specific country, sometimes it's actually related to software (on-device or web services!) they are forcing you to update/change etc. etc.
What would that workflow look like - users copy their files from Drive to their device, edit them, and then put them back on Drive?
It’s less manual than that, the app opens the OS file picker which has unlimited access, the user selects the file, the file is then made available for the app to access, the app can then save it to Google drive.
What it can’t do is grab your entire drive file list and contents the moment you sign in.
Bring-your-own-sync!
Apps can be local-first, reading and writing to files on the device. Then each user can choose their own syncing service like Syncthing or Resilio Sync, which runs in the background and automatically syncs those files to your other devices.
That sounds miserable. This is why apps end up enshittified with forced cloud services.
Why do the apps even need direct access to Google drive? Android should give a generic API to access a folder with files and whether this folder lives in local storage or Google drive or even another provider should be the user's decision.
This seems ok at first glance, and you can “kind of” get this feeling. And android and iOS you can bring up a generic file picker that will let the user select any file or save a file to a user chosen location, and then the application gets access to an opaque file handle to read/write there. Platforms like Google Drive, Box, DropBox, OneDrive and local files are all options here.
Unfortunately as far as I remember there is no way to gain access to that location persistently. Your copy of the file through this mechanism is just a copy of that file, so I couldn’t say have 50 files in my app that I granted access to being in some file system location that syncs (like google drive) without having constantly be repicking that file location.
On iOS, an app has access to its own folder in at least iCloud Drive that can be accessed via the app or via the Files App.
Google drive also has this functionality where apps can persistently access any files they created.
There are a ton of options here that don’t involve unlimited access to all files.
I don't use the app but my guess the point is to be able to keep a paper you're writing synchronized across multiple devices.
This is all downstream of stuff like the Cambridge Analytica scandal - the public views misuse of these APIs as the fault of the institution so they’re now incredibly cautious about access.
> Cambridge Analytica scandal
Would it be considered a scandal if happened in 2022.
They’re removing API access to Google Photos as well now the only “integration” is for other apps to open the Google Photos app https://news.ycombinator.com/item?id=41604241
I really would have expected an app like iA to not depend on either Google or Apple's sync - because both suck in their own rights. iCloud is just technically inferior by the way - I mean most of the time it's a coin toss on whether and how it works even for their own usage like iCloud Tabs, iCloud Messages and Photos and what not.
As of now I try to avoid any app that is married to either Google (drive or whatever is the latest there) or Apple (iCloud) sync. Because my experience with these has been really inferior. Anyway that means I have to either use a Google a/c which I do not use anymore for personal needs or iCloud which is clearly inferior.
Imho it's better to offer an e2ee custom server wherever you can (preferably on top of some open standard/spec). I am past "but I would rather trust robustness of Google and Apple's backend" after these 3-4 years.
And I can completely relate to the pain of supporting all those Android models and their sub-models and their sub-sub-models. It used to be a real nightmare when I had to deal with that.
----------
Having said - I have felt the might of these big companies in a very small way recently. My Play Store account (which I kept for learning/testing purposes - sharing apps among friends etc) was terminated even though I fulfilled the criteria 2 days before the last date. No refund was provided either because I could not find out how to add a bank account and they didn't share even though I had asked them 3 weeks in advance for that info. I would ask "how to add a bank account" and they would reply with the same text "… please add a bank account for refund…" and I would again immediately reply asking "..but how the hell I can add a bank account - there is no info on this in your docs and whatever I could find doesn't even apply because I can't see those settings in the first place"… and they would respond with the exact same text again and again and again. I checked - I was indeed communicating with humans.
After the last day I received the final response: "…was deleted..requirement... T&C.. and there will be no further response". That was it.
AI alwayd ahd a pretty major apple lean, and from the post's misunderstanding of google drive permissions (global vs file scopes), it's clear that is still true. About not to matter though since they are killing the android app.
Funny Google requires a phone and email for Play Store users to contact, yet most of the major apps contact email addresses are "we dont read this; No Reply. But here is our crappy forum"
> And before anyone says this is the price of an “open” OS—well, we don’t have this problem on Windows.5
Cue drum roll...
I'm (or was) a hobbyist programmer on Android. I have a handful of free apps but Google has made it so onerous to actually get things in the store these days. I've given up; it may be worth the time of a big software studio to handle all the busywork they make you do these days, but it certainly isn't for a hobbyist. Yes, I know Apple is supposed to be even worse, but Android was supposed to be the reasonable platform in regard to this nonsense.
Wow. This is unbelievable. I'm wondering about creating only a PWA or building Android + iOS apps and this article made me decide with going PWA-only, I'm not going to deal with this. The competition in the official app stores is so big that it is not really worth it anyway
There are few things more depressing than having to deal with companies like Accenture, EY, KPMG etc. It's a world of FUD, upsell, more consultants, nothing getting done, lots of slides, new "junior senior Global Consultant for Microservices" type stuff. They are literally a cancer on innovation and just getting things done.
They destroy the ethos of a company through deliberate intransigence.
Sounds like Google has turned into Nokia. History repeats itself.
We have a similar experience developing for android. They ask us to change things constantly, fill out endless paperwork, most of which is irrelevant to us (we have to verify a payments account for our free, ad free, no in app sales app). Every so often it's a random change to requirements around this permission or that, or more information needed for a security or data policy.
Just move everything to your own storage instead of Google Drive. And maybe have your desktop or web app interface with Google drive.