[dougk16]

Google does some pretty surprising levels of static analysis of compiled source, particularly surrounding their API usage. There's a few examples I've run into but the first that pops to mind is when they started requiring a yes/no confirmation dialog before allowing a user to access a non-https resource through the WebView. There was no way a human was running into that on the particular app I was working on. We're not talking advanced static analysis but it's not a simple decompile and grep either.

In another case I had accidentally left some dead/debug AWS access credentials in a build and they sniffed those out too. Notable since that's not even Google-related. They had to have been looking for a particular AWS library method signature and how it was fed. I would bet on their static analysis getting more advanced, in which case it could also be used to prove that OP is using APIs/permissions in a safe manner. But of course they're not incentivized to do that.

[chippiewill]

Yeah, it wouldn't surprise me if their static analysis saw the contacts being fed into a native binary (which they would definitely struggle to analyse) and threw up a red flag. From that point everything is futile because no one you can actually talk to at Google is empowered to disable the flag.

[saagarjha]

Google generally would have an incentive to not be up in a negative light on Hacker News if they could avoid it, no?

[dougk16]

Google is a vast, schizophrenic organization. They're big enough that they have different teams and internal politics fighting each other all the time. It's not a unified consciousness with consistent incentives. Even if that's a bad take, Google is constantly seen in a negative light on Hacker News. The Google hive-mind doesn't care too much.

[saagarjha]

Incentives not being present and the company being unable to act on those incentives are very different things. Intel is incentivized to beat Apple, AMD chip performance. That they’re failing to deliver right now doesn’t mean the incentives aren’t present or that they don’t care.

[dougk16]

Well, yea. Living things and organizations have incentives. The implication I gleaned from your original comment was that Google's incentive to avoid bad press on HN for its App Store policies is enough that it should use its static analysis abilities "for good". We're not debating the existence of incentives. We're debating the existence of consistent/unified motivation/ability/will to satisfy those incentives. Or are we debating? After your second comment I'm not even sure the point you are trying to make.

Besides, I repeat that Google is big enough that different factions have contradictory incentives. There are people in Google that want bad Play Store press on HN. I'll leave that as a thought exercise as to how that could be true.

[aasasd]

I'm not sure what kind of importance you ascribe to HN, but from here outside of SF I feel like Google doesn't give a remotest shit about this gathering, and generally has the feelings sensitivity of a triceratops. Moreover, they're actively undermining power-user workflows on Android—so the attitude can in fact be measured as negative, if only by passing chance.

[solardev]

I think Google stopped caring about their reputation long ago. It's all lock-in and advertising increases now.