[dgregd]

I run a small company and offer an app to monitor sales reps work. Managers use it also to see how much time employees spend in the field. To count how much time is spend in some specific location my app uses background location updates.

10 years ago I was distributing just the apk file. Then I moved to Play store. It turned out that most people on their company owned Android devices don't configure Play Store. App updates are disabled until you log in. So I had to educate my customer employees how to log in to Play Store and install my app. The additional benefit was that people had security updates of Chrome and other apps.

Two months ago my app was suspended after I made all necessary changes to support Android 10. The Gbot claims that background location updates aren't essential for my app. As you may guess I wrote appeal without success. My customers pay mainly for that time report feature but Gbot knows better what my paying customers want.

And I just do not care about securing my customer devices and Play Store any longer. Now I distribute apk files again and train people how to install apk files from unknown sources.

[horsawlarway]

Good - There's a clear theme in the motivations of both major mobile OS companies here:

You, a 3rd party developer making custom software products for a mobile platform, are no longer allowed to have customers yourself.

Instead you must grovel and beg and pray that our lords Apple/Google consent to allow you to rent their customers.

This consent can be revoked at any time, you will pay through the nose for it (20%+ of total mobile revenue), and for basically all but the largest of customers - this consent is machine based and you will never be able to get a living person to so much as glance at any content you put into the process.

---

Fuck em both.

[elihu]

What's currently stopping some third party from creating a fork of Android with a better store? Are there closed-source parts of Android that can't be easily replicated? Is it the difficulty of getting any major phone manufacturers to agree to install it? Or something else or all of the above?

[Bjartr]

> What's currently stopping some third party from creating a fork of Android with a better store?

A huge piece of it is the network effect of starting with a store that lacks a significant number of apps available on the Play store. Sure, a competitor could, over time, grow their store to be competitive, or they could fail to tread water and go the way of Windows phones.

[resfirestar]

A competitor would have to get most/all of the phone manufacturers to all at once drop Google Play and use their ecosystem instead, otherwise no one would bother publishing apps for it. There's no way to ramp up a competitor because users won't tolerate a subpar app selection. See Amazon's Fire Phone launch for what happens when one manufacturer tries to start their own ecosystem.

[fakedang]

It's actually very easily possible. Apart from Samsung, the largest phone manufacturers are all Chinese, and currently under sanction by the US government, with more soon on the way. Out of the Chinese bunch, the majority are Huawei. Huawei has been forced to move into a non-Playstore Android OS.

I use a burner Huawei for non-essential Android stuff. Every time I click the "Rate App" button on apps, it redirects me to Huawei store instead of Play Store. Every time I click the "Download" or "Install" button on the browser, it sends me to Huawei store. I think we can expect to see more changes in the coming two years as Android keeps updating. Huawei phones up until 2018 are allowed to use the Google SDKs but none are allowed from 2019.

The only one left behind is Samsung, which has the wherewithal to create its own (Apple clone) app store. If they go ahead with that, Google Play will be a fucking joke at that point.

[saargrin]

i cant see how using a chinese based app store is any better than google/apple

if anything,you're more open to potential exposure of your data ,bad verification practices and CCP intelligence gathering

[fakedang]

I didn't say that Huawei is the gold standard. Just that Huawei has already begun its own app store, and if Samsung does it too (and pushes it aggressively like Huawei does), Google Play will be done in no time.

The new Huawei phones don't have Play store or any Google services.

[perryizgr8]

Galaxy store is alive and well on Samsung phones.

[fakedang]

But they aren't taking a hard stance like Huawei. Like redirecting to their store.

[ViViDboarder]

On Android there are 3rd party stores. F-Droid being a popular one with FOSS apps.

Major difference is that only the Play Store can install apps in the background. That is, unless you root your phone.

[smaryjerry]

Amazon tried and even with giving away hundreds of dollars in free apps every year they still failed. People just don’t want to use an alternative that has warnings of security holes.

[quarantine]

The Google play framework is closed source and used by most apps.

[rgrs]

Yep, these content aggregators have become consumer aggregators. They make money by controlling our attention in the webverse

[sa1]

Me, a customer, is very happy that they play a regulatory role and are taking steps to prevent surveillance of the form GP is proposing.

I’m glad that I don’t have a direct relationship with shady 3rd party developers.

[horsawlarway]

They aren't preventing surveillance at all, they're monopolizing it.

Google is LITERALLY a fucking ad company.

Apple is tracking the exact time and location you use any piece of software on their systems (Don't worry guys, it's just for security purposes! /s)

----

I'm no longer sympathetic to the "They're securing my device from the boogeyman!" argument.

It has the same overtures as "Won't anyone think of the children!!!!" in policy debates - It's rhetoric designed to obfuscate the true intentions of the parties involved, and short-circuit real discussion with an immediate emotional response.

[privacyking]

> Apple is tracking the exact time and location...

Source?

[SilasX]

A few months ago it came out that MacOS was constantly making unencrypted calls over the internet to check signatures of non-Apple software; such calls were thus feeding back to Apple (and anyone sniffing the connection) the time and IP address of each application's being opened. (Technically, only the company, but each company usually only has a few apps.)

https://news.ycombinator.com/item?id=25074959

[saurik]

This "came out" at least 8 months ago.

https://news.ycombinator.com/item?id=23273247 https://news.ycombinator.com/item?id=23281564

[GeekyBear]

Apple is using an industry standard protocol to check and see if an application's developer certificate has been revoked.

>To make sure the certificate hasn’t been revoked, macOS uses OCSP—short for the industry standard Online Certificate Status Protocol—to check its validity.

https://arstechnica.com/gadgets/2020/11/mac-certificate-chec...

There is no information tracking the application that is sent.

The protocol is only used to check and see if the developer's certificate is still valid, if the app hasn't been run in some time.

https://blog.jacopo.io/en/post/apple-ocsp/

[ttt0]

https://sneak.berlin/20201112/your-computer-isnt-yours/

[dgregd]

> I’m glad that I don’t have a direct relationship with shady 3rd party developers.

To enable background locations update, a sales rep has to open a check-in screen, wait 10 seconds to see their location on the map and then press the big check-in button. Because people were often forgetting to check-out, my customers requested auto check-out feature which requires background location updates. Once a sales rep leaves the check-in area, background location updates are stopped. Managers and employees see exactly the same time reports. And if some sales rep is suspicious then it is always possible to disable that GPS icon in the quick menu settings after work hours. It is almost like using your batch card to open doors in a workplace.

A popular alternative solution to my app is to use GSP devices which are installed in all corporate cars. And there managers see their employees background location updates 24/7.

[LunaSea]

When it's an explicit feature your argument is a difficult one to hold.

It amounts to not being able to use features that are available in the API.

[yholio]

Android already has a very fine grained permission system that allows blocking such behavior, you simply revoke an apps right to access location data.

So the argument then becomes an appeal to protect less knowledgeable users that would be tricked to enable advanced features for some eye candy. It has some merit; but there has to be some compromise there for advanced users, short of relegating then to APK install with no security updates, like in the Windows days.

[koheripbal]

I run a small company, and offer local business financial services.

A few years ago, I setup my Google My Business listing for my retail location.

Late last year I was trying to do a GSUITE account data export. It requires you to setup 2FA and I couldn't get it to work - so I asked our MSP to help since they help with other stuff. They had better luck, but multiple switching of the 2FA options and recovery emails/phone numbers caused an automatic suspension on the admin account.

I was able to quickly unlock the account with another admin account, but the suspension cascaded to Google My Business, which remains suspended because GSUITE support only support their core apps.

As you can imagine, my appeal went unresponded, and here we are, months later, with no business listing, and literally no ability to contact anyone that can help.

I wonder how many other businesses have stories like this.

[1vuio0pswjnm7]

Way to go. Someone gave me an old unlocked Android phone that had almost no apps installed. Playing around with it, I removed all the installed apps and somehow I managed to also disable (break) PlayStore so that it does not work, refuses to update. If there is way to fix it, I surmise it is well beyond the capabilities of the average Android user. AFAICT PlayStore cannot communicate with the mothership to heal itself nor send user data; anyway there are no PlayStore apps installed.

I installed a few useful F-Droid apks. Installing from "untrusted" sources seems far more reliable than any "app store". Besides the F-Droid apps I use it like a dumb phone with maps on a different cellular network. I wish there were more reliable sources for apks, like F-Droid, including apks for older Android versions.

[sebastien_b]

Please sign up as a witness at the next congressional hearings.

[jonprobably]

Someone needs to make a website for Google suspensions. Let people post these stories. I have mine.