[izacus]

Punishing Google for preventing apps from reading all your private data at a whim is quite a take to involve EU for.

Without this enforcement, malware games and apps like Facebook were just uploading your photos and scanning their EXIF locations under the guise of "needing all access".

And as we found out in existing topic, the better privacy preserving APIs exist, Nextcloud just doesn't want to use them.

[DrillShopper]

Maybe there's a middle ground between "apps can't do this" and "uploading all your data to the developers without a permissions dialog or a popup"? Could we maybe design a system where this permission requires opt in consent like every other feature on Android? Third party apps access to the feature is the issue here.

[nolist_policy]

The old API works this way. Random games requested the "access all files" permission. This was bad and the rest is history.

The better middle ground is the new (9 years old) SAF API. The SAF API simply presents a directory picker to the user. The user can give the app access to any directories he likes.

[apitman]

SAF doesn't work with native code

[izacus]

Native code talk to Android APIs as well.

[apitman]

Not directly

[jasonjayr]

But, I want that. With all the responsibilities that come with that.

Why can't I grant an app that permission? If Google discovers that an app with that permission is abusing what they are doing with that permission, then revoke their developer account! Delete the app from existing phones and inform the users that the developers could not be trusted! App store death penalty!

It's difficult to understand why there is any other reason other than maintaining their privleged position on the device to deny users this ability. Put a persistent notification in the status tray: "These apps have full access:", etc.

[izacus]

Because you'd scream your head off like other HNers when a news article "100 million users private photos uploaded to Facebook and Genshin Impact!!!!" appears and would demand Google policing.

You can keep all your functionality, Nextcloud just needs to migrate to an API that gives YOU AS A USER control over what it can read instead of demanding blanket permission for everything.

[jasonjayr]

I promise you I would not. I do not want my technology baby-sat by a third party, I want my technology to do exactly what I want.

I also promise I wouldn't run a game or anything that demanded full access to everything that made no sense to have that permission, because what the heck? Outlook wanted "Device administrator" permission on my personal phone when I wanted to connect my office email to it. I politely declined, and stopped using it. (I mean, I understand WHY Outlook needs that, for secure wipe of data, but that's a pretty wide permission for that one reason)

I cringe as I watch one of my kids authorize elevated permissions when they launch Genshin. (For the anti-cheat) And I promise them I will never run it on my machines :-/

But rather than get lost in the details, what I REALLY want, is a piece of software that will backup and restore the entire contents of the phone to a server of my choice, preferably self-hosted. Right now, this "full system access" option gets the job done, but it's a thermonuclear footgun for the unsuspecting.

How could we convince google to create a new a "Full backup of the device" permission? Because then Google could simply deny the permission labeled "full backup" to the latest hot new gacha game, while allowing legit backup apps the power they need?

[freshchilled]

At the moment, you can do that, but not with an app hosted on the Play Store. I use a git client to sync my notes between my computers and my phone. But I had to get the app from FDroid, because it required the read all files permission to track changes.