[phsource]

We've had to go through this process for the app I have, and it definitely was cumbersome and makes the process a huge pain. Fortunately, after a while Google often lets you switch to a Tier 1 assessment, which involves using various tools to analyze your code and make improvements without shelling out a ton of money.

At the same time, Google is in a tough spot here. The files and documents in your Google Drive (or Gmail) are incredibly sensitive. One possible solution is using the https://www.googleapis.com/auth/drive.file OAuth scope, which only lets you access files a user has explicitly shared with the app. I'm curious if iA Writer has limitations that makes this a bad user experience, but from a user security point of view, I can see why I want the apps that get to see my whole Google Drive audited too.

[1] https://developers.google.com/drive/api/guides/api-specific-...

[Gigachad]

As a user of Google drive, I’m so glad it works like this. I have a ton of random apps that store stuff in my drive that I don’t fully trust, and it’s very reassuring that they only have permission to read the files that they created.

I’m certain that if the full drive access was easy to get, they would all use that as the path of least resistance. And some of those apps would be sucking all of my data out to some random server.

[kstrauser]

I'm very sympathetic to that approach. But I think it has to be tempered at least a little bit with reputation. iA has been making Writer for 12 years now and it's always been a premium, highly user-respecting app. If they can't get through that bureaucracy, it probably can't be done.

Granted, past performance doesn't mean they'll be perfect forever. It's not a guarantee. It should carry some weight, though. I can't think of many devs I'd trust with my data as much as iA. Omni Group, I guess. Agile Tortoise. There's a set of devs who stake their business on their sterling reputations. It should be possible for that gang to at least contact a human to answer their questions.

[Gigachad]

It's not clear why they even need full access to users drives without the users input. Drive offers plenty of apis that let you store and access files that don't require these hoops. There is no security audit required if you pick the scope that only lets you open files the app created. You can also let the user use the OS file picker to open any file.

I get that it's a pain for them to rewrite the integration to use these new scopes, but it's ultimately a huge win that this free for all access has been locked down.

[Larrikin]

It feels like a situation where we just need laws to make it illegal to do a data grab like this and apps in country's without those laws should get the scrutiny.

I think a random phone app WOULD do that because there are no repercussions for doing so. Facebook, LinkedIn, and then late comers ruined the phone ecosystem by doing all the shady things they did when you wanted to do one simple useful thing. I should be able to grant contact information to an app so that it can connect me with my friends on the service. I should not have to worry about all of my contact information being harvested for spam and sold to anyone the company thinks they can make a buck from.

But I also can't imagine using a program on my computer that was prevented from having full access to my file system if I wanted it to have it. MacOS slowly killing the system is making me considering switching to a different OS for the first time in over a decade

[Gigachad]

It already is illegal to write malware that steals your files. But software is global. Anon individuals in shitty countries don't care about your countries privacy laws.

So we get both privacy laws, and technical restrictions that put the user in control of their files.

[greiskul]

Yup. And it needs to be something that has to be done regularly, either every time the app updates or on a fixed schedule. Otherwise you would get a similar ecosystem that happened with some browser extensions, where a benign developer goes, writes an useful app, gets the permissions for that and a user base, then some shady company comes and acquires the app and updates it to use the permission to suck up all data.

Sure it's an annoying process for developers, but Google has to think of the user privacy when creating the policies around these kind of permissions.