$400 isn't gonna get you any more than running an automated scanner. Someone who does pentesting gets paid more than $500 a day, and that's before accounting for all the other costs of employment beyond what people get paid
@@trappedcat3615 I reported an issue with custom functions reloading needlessly costing my clients money on too many API requests, and they were like "Well, try caching", I explained that caching doesn't solve the problem since 1. the custom function like the one I made are not supposed to be deterministic but should generate a new value every time they are called and 2. you (Google) doesn't even allow caching (I think) for more than 6 hours, which is a joke. On top of that it's an obvious bug since the functions recalculate simply because you move the column from one place to another (and even when that doesn't result in cell references being changed in it), but guess what? they were like... "yeah don't care we downgrade this from S2 -> S3" which I learnt it's basically "something that doesn't affect a lot of users, so the priority is low". In my opinion Google Sheets and Apps Script are the only "apps" that make Google worthy it. I can't think of any other Google productivity tools that is worth the time. The only reason I reported that bug is because I thought they were serious, but off course not, to me they came across as arrogant and cocky and seeing what they do with people here on UA-cam with censorship, it all makes sense: they are all the same. Google is the new Microsoft, and I hope it will die.
@@deleted-u5g Haha... I doubt you even know what Im talking about. My last job is still running admin scripts I wrote using cronjobs on forms, calendars, and sheets.
Dropbox randomly disabled my account with no explanation. If not for a mirror image on an external spiny hard drive, I would've lost everything. Eff Dropbox
I watched a whole convention center full of people, pivot towards the help desk areas, on (one of) the day(s) when Google locked out anyone who hadn't used a desktop browser interface to accept their new Drive & Docs terms of use.
Google, one of the largest, most influential, most highly opinionated about your apps and sites, companies has the absolute worst UI, usability, DX etc. Absolutely astonishing and ridiculous this is still allowed
Google used to have great UI design (outside of websites). Something happened. They kill my fav platforms, so I no longer use new Google products. Even Google search has been terrible for a long time.
@@Lucas_Simoni Apple follow is rules up-close Why - Kodi if you try to find it your only find is remote control which is less legal than is self But Google your find not legal apps acting like the real ones which google allows
@@Action2me Yeah. You can use other things! Just know they aren't part of the google monopoly. Because that's what it is, a monopoly. And it's fucking horrific for competition... as this video might've told you, if it could get through your skull.
@@leandro6234 this is an ignorant statement - just because spooks CAN go thru courts to get a judge to approve an evidence-based warrant does not mean it is the same thing as straight-up having access to every person's data in Dropbox. To get a warrant you already need to have evidence, whereas if you sift thru every person's dropbox you can target individuals who were never on the gov's radar to begin with. This applies to every medium, including wiretaps, traffic sniffers, text messages, emails, etc.
Apple App Store definitely changes their requirements often. I was fighting them on an IAP change, and in that process, they changed the requirement again.
They're also enforced inconsistently. I once had Apple block a critical bug fix update because they said I violated a UI guideline of allowing more than one popover to be open at a time, even though that UI had existed and been approved since the very first version of the app.
Came here to say this. The idea that Apple doesn't pull the rugs on devs is laughable. Their requirements are opaque, change constantly, and aren't consistently applied from review to review. I remember every time we had to submit an update for review the whole team would just cross their fingers, and often be disappointed, only to have basically the same app approved the next time. This was the scenario at multiple companies in wildly different industries.
After weeks of back and forth with Apple, in the most random dumb little things they wanted changed. They suddenly out of no where, wanted me to remove the user login from my app. Considering Google nor Apple give you a proper device id to work with ,all this does is cause massive regression my code base in order to try support dogshit no login concepts that are pushed onto me, by people who dont even give you the tooling you need to do such things correct. I dont want to generate a uuid. I dont want my dbs filled with tons of 'devices' or 'accounts' for these uuids that will change every time the user wipes the app. Its insanity. While you sit there, and both stores are filled with apps that need a login to function securely and well.
Have to be honest. This is tame in comparison what happend just yesterday from Google Play reviewers; We submitted a newly app in Closed Testing-and we had previous releases with no issues, mind you-and not only did they not use the correct password for the review account, they used the Production of the legacy app. They rejected the submission with "Violates our policies; no disclosure for use of Bluetooth Location permissions." - of which this update was exactly made to address. I fault both Apple and Google for these terrible processes, but this took the cake for me. It shows how broken they really are. Mistakes can happen, but getting the wrong APK of an app that is a completely different version number, and look and feel and then reject it for entirely different reason is insane. And it's not something you can dispute either; you're forced to either resubmit (and rebuild) or contact their "policy support" which can take multiple days to get a response from. So far we have not had this ridiculous treatment from Apple, but we're also just about to release our new app in a closed beta test to the public. Time will tell. What's funny is that Apple didn't seem to care that we asked the user for Bluetooth permission during the splash screen without context. We later addressed this ourselves, because Google was more strict on this.
@@draken5379 I had the same problem with apple. I, by now, removed the login and the functionalities that requires an account. I plan to return them eventually, but I gave up dealing with apple crazyness. My experience with apple is way worse than with google.
"Big corporations are, by definition, malicious." might be the dumbest take ever to exist. Big doesn't mean evil. That said, I don't have anything against preventing corporations from becoming too big, because big corporations do cause problems such as monopolies, but literally never is this done. Like for example, why was Microsoft allowed to buy Activision Blizzard? Why was Google allowed to buy UA-cam?
@@Spoco In the case of publicly traded companies? yes big means evil, because if you are not evil you don't get big or you crash down. It is only possible for privately traded companies to be "not evil" and big at the same time.
@@diablo.the.cheater "if you are not evil you don't get big or you crash down" And why is that? You are saying that all of the biggest companies in the world are evil, yet you and all the people you know buy and use their services every day, but apparently they just cannot simply be successful by doing exactly that?
The only reason I can think of as to why they'd ever say that a "writer" app only "needs" read-only access to Drive, is if they want to force people to use Google Docs.
I've been building hybrid apps for 10 years now. Saying developing for Android is a nightmare is saying you've never developed for iOS. Apple constantly changes their contracts. You get your update rejected for no reason after changing a color just because your former version got accepted by a random guy that had no issues with it and the next random guy does. They don't even follow your provided notes to test some new in app purchase and mostly reject you with copy/pasted random messages that have nothing to do with the issue. You can even receive app deletion warns because of bad reviews that have to do with their own iOS users not understanding what an autorenewal so you're now treated as a scammer. The truth is I have never used the Google Drive api but saying that developing for Android is a hellish experience because of that reason when deploying an update to Google Play is usually tap a button and you're done... mhhh yeah...
Having deployed dozens of apps to both iOS and Android I can confidently say they both suck, but Android definitely sucks the most. Dev console is hell to navigate, SDK deprecates on a 2 year cycle, random arbitrary/subjective rejections. All of this happens on iOS too, but I've definitely had worse experiences with the Play Store. It's also easier to take an app down from the App Store and bring it back up later than it is on Android because it has to be approved again. Not to say that Apple doesn't occasionally change terms in a way that majorly screws us over every now and then, but Google is almost as bad and the day to day experience is horrible. They monopolize these systems so they don't really have any reason to improve though. Also quick edit to throw a fuck xcode in there
As another mobile app developer I would rather have a new sdk every 2 years than a new machine every 4 because xcode isn't updated for your device anymore. Not too mention all the random bs disapprovals only to submit the same app 5 minutes later and it will get approved.
I've done both. Definitely hate android more. Working in android studio is a miserable experience compared to xcode. Yes, the iOS app store can be a pain, but my day to day life is easier developing for iOS.
I've always hated Google Drive. I just want a tree view for folders, and it feels like this is a google drive anti-pattern. "Just search for it".. Maybe I don't want to just search for everything all the time.
Thank you for posting this.... I thought I was missing something in the API when I was trying to do a simple depth-fist descent through my drive directory structure.
Also its GUI sucks, has to load everything from the beginning every time you get out of a directory. I just wanted to download a bunch of NotITG charts, they're all on Google Drive. The way it works is there are like 100-150 directories with the names of charters or events it comes from, and inside are directories for charts themselves. When you exit a directory, it loads everything from the beginning, putting you in the beginning of the list. So you have to scroll all the way back to where you were, about 100-150 times. And also pretty often it'd just refuse to download a file, says "Download Failed", so you'd need to try it again. Double-clicking a directory also often results in it just selecting the directory or file above. Or, clicking the download button often does nothing at all. Google Drive sucks
The killer is that there's practically no recourse. There's no human to reason with, unless you have "friends of friends of friends" to go to. And even that doesn't work.
Even that doesn't work.. Google workers are kept separate from each other.. So if you work in one division and you need to contact another becsue of a problem then no go.. Its just the Indian Support that give you feel good lies but no real fixes..
Anti-Trust. Regulate. Legislate. If necessary, incarcerate. We cannot allow Technocrat or Mega Corporations to operate as Supernational states across the international market as they have been the last 20 years.
Yeah good luck with that, government doesn't care. When is the last time you heard of any person in any company being held accountable for literally anything? Enron???
The US government supports any company with international reach. They would only antitrust it if domestic public alone was prey. In case of global societal and environmental damages they enjoy siding with bullies
@@highdrated369 not necessarily, I am only pointing out the unrealistic nature of hoping that the governments of Earth would ever do anything about it or be reasoned with when money is involved. Perhaps the only thing that would actually scare them is a corporation encroaching upon their power or collecting arms or doing something that would basically put them within the realm of organized crime or a non-nation private military worth going to war with. But pragmatically, by waiting for politicians to do something about it, it will already be too late or will never happen. Beyond that any one person's only real hope is to either accept the rules and play the game to fight battles that can be won, or refuse to play and take their business elsewhere. Aside from that, we are left hoping for an act of God, basically. I am open to any better ideas, but massive political shakeups only usually happen during revolts and that is not ideal or even necessarily worthwhile, so finding solutions within the scope of the restraints of the rules would be ideal. Something less than flipping over the board, but more than hoping for the rules to change or corrupt people to change their minds. Cause it's not like anyone arguing in good faith needs to be convinced that corporations have too much power, not enough accountability, and need to be regulated... The only people arguing against that are the ones that personally benefit, or believe lies and propaganda and ignore reality and live in denial, so they literally can't be reasoned with. So I didn't mean to sound derisive, I do genuinely wish good luck for anyone trying to achieve that, I was simply pointing out the potential impossibility of the task.
6:24 NO APP NEEDS ACCESS TO THE /auth/drive scope - THEY ONLY NEED /auth/drive.file there is a huge difference in these - the first lets apps access EVERY SINGLE FILE on your drive, whereas the second only lets apps access the files THE APP CREATES. This is a really bad look for iA Writer devs scoping things badly. Absolutely no app should use the whole drive scope, and that is why google seems to be "shadow-"deprecating it.
I know that drive.read allows to gain access to individual files through picker, but is there an ability to get access to entire folder? I'm not a mobile dev, and it's not immediately clear from the docs. If there isn't, I can certainly see some use cases where /auth/drive.file won't work. E.g. when you have to deal with tons of files in individual folders, that are imported through other app or Google Drive UI. And such use cases are pretty likely for document editing apps
@@Rikonardo folders are just metadata files in the drive ecosystem with the specific mime type `application/vnd.google-apps.folder`, so it's the same for files and folders. Think of drive as just a flat Key-Value store of drive IDs and file contents.
Even if you are right, the fact you, a random internet denizen, can recognize this from just a few screenshots, and GOOGLE didn't durring all their contact and instead suggested read only, only makes them look dumber than they already did.
These security theatre audits and compliance attestations are becoming increasingly "normal" pretty much every where in the corporate space. We have to prove to new clients which ones we've passed/already have, why we don't do their own preferred one, have increasingly severe deep internal audits to the point where any device that can no longer receive BIOS updates is a no no as it's a security risk. It's becoming a total XKCD 15 standards issue and is only going to get worse as no one accepts anyone else's as good enough, regardless of industry bodies or government backing. I get to waste about a month of my year on this shit, and I'm over it! So yeah, google are crap here, but it's becoming 'the standard', so it ain't going anywhere.
The nice thing about Android is that you don't really need to deal with Google. You don't have to deal with google drive, etc, to be able to make an Android app. You don't need to publish your app on the Play Store. For example, you could let people download an APK, or use alternative app stores instead. It isn't perfect, but at least you have the freedom to completely circumvent having to deal with Google if you want.
I'm an F-Droid user, but even I am self aware enough to admit I'm the percent of a percent. I will say, the experience being less smooth is absolutely Google's doing. Background app installs and updates requiring root is absolutely an anti-competitive move, no good reason for it
This. The app I made like 8 years ago for my school requires nothing but internet to fetch data from our API. And now they ask me to submit my documents otherwise I can kiss my dev account goodbye, even though I paid own damn money for it.
In fairness, the DUNS/passport verification was mandatory for all Google Play accounts registered as a business, and everybody had an appointment during the current year. It also involved filling out tax status forms for a number of countries. We went through the same thing with Apple. It seems driven by EU laws. The US has a deadline for similar "beneficial owner" laws at end 2024. It's just a 2024 reality about fighting tax evasion, and not personal.
To be clear: FinCen's BOI has nothing to do with tax evasion or money laundering. Huge companies are exempt. This is a small business kill list. Wait and see...
I ain't a registered business, and I only have a simple app for my school that displays articles retrieved from our APIs. No extra permissions, but internet access. Now I have to submit my document scans and hope it works before the Nov 8th deadline otherwise I lose my dev account I paid own money for. Nothing fair here chief
It's *not* just for businesses. My personal dev account has been locked too. Not that I can't sign in, mind you; they're confident enough in my identity for that... but I can't use their APIs, etc.
@@Nekroidosue them then, if you paid for a Dev account it is yours to do with as you please presumably. Or you could just not host it on the app store
yeah, ive heard about a couple such stories before. I pretty much expect drive to be gone at any moment, so use redundant storage, but I dont know what to do about dozens and dozens of other apps and servises and accounts that are authorized through google/gmail.
Ive also heard that if they ban your account, they may use tracking technologies to find any of your alternate accounts and ban them too. All of that is automated, ofcourse, they literally dont have real humans for revewing any of that, just like with youtube, and havent had for a decade. Any appeal just goes to a slightly more sophisticated bot.
Correction: Every few years Google does a cleanup of their Play Store by requiring the developers to give out again their identity (which I just did not that long ago,) update their apps (using the latest Android API target for example, which I also had to do). Then I understand Google's recommendations for the writer app were idiotic but I think you can kinda easily not use any of those scopes, the file picker/file saver activities enable you to access external storage (like Google Drive and others) which is now the recommended way to save/read from cloud storage because it asks the user using Android's UI what to do and where which is 100% transparent. The Google Drive writing permission is now considered to be a less needed one and useful in a very few cases (for Android apps anyway), asking heavy verification for its sensitive use is more understandable (even if I think the security audits are way too much). You could also say this forms anticompetitive behavior by only enabling your product (Google Docs in this case) to use the APIs required for Google Drive by stomping the little players with security audits. Also those checks are for many different scopes (just go to the Google Cloud Console and list the Google Workspace APIs with kinda relevant scopes). Finally, when they talked about limiting the app to 100 users they meant unverifying the Google Cloud project which limits the OAuth to 100 users (most of the time those are test users). TL;DR: This is kinda stupid from Google but there are workarounds which are the new recommended ways to do and some of the points Theo made were just regular Play Store policies. And as a bonus don't ask them to fight more against piracy because they just enabled developers to prevent sideloading of app IDs if they are present in the Play Store (see all the Play Store Integrity stuff) edits: typo/clarifications
Thanks for your clarification. As a dev adapting to changes is tiring but as a user these uniform checks and updates are welcome, maybe some the pickforks would drop helpful if reasons why were concise, reasonable and human readable
"they just enabled developers to prevent sideloading of app IDs if they are present in the Play Store" Well, _that_ will teach me not to use an Android tablet! Seems like every third app lacks tablet validation, despite running absolutely fine on them.
Yeah they are trying to protect their reputation and the reputation of the app store, but that makes things more difficult for small devs because they have to do more work to keep up
I understand google not wanting to give apps full write perms over someone's entire google drive. However, the better option would be allow users to designate a folder for apps to access, and not allow that folder to be the top level one (aka full access). That way it's down to the user to decide what folder an app has access. But that requires WAY more work on Google's side.
As a user, I thought that already existed. I have some apps that have used directories for storing their stuff, or backing up settings and I had assumed that they were restricted to their own directory. For example screencastify, which lets me record screencasts. It only saves to my Google Drive, they use it as their storage, in exchange for not charging a stupid amount per year. Maybe I granted full access without realising it.
That actually exists already. You can ask for many different API Scope levels, including drive appfolder, and drive appdata But they only allow you as a dev to access that apps specific folder. If you want a user to pick a file to open/edit you should use drive file which opens a Google provided UI to pick a file and then sends it to the application. The full drive api scope grants access to all files and folders on the google drive and is therefore restricted. Though Google specifically lists productivity and note taking apps as apps that can apply for full drive scope access so why they had to be such a pain in these cases is beyond me.
I wonder if Google realize how their continuous reputation for making useful stuff go away drives anyone with a long term requirement away - not just now, but in the future too. It erodes trust. Including corporations with devs who have been bitten once too often. It is sad to see.
If there were a concerted shift away from investor-driven services, I might be thankful for their bad example. As it stands, I see bad practices proliferating, while we collectively vacillate between abusers.
This is why we need laws to protect side-loading and 3rd party app stores. At least they could host their own APK, or offer users cloud storage for a subscription instead of google drive. Heck, maybe even let pirates use a rate-limited free tier and convert them into paying users if they want to use it for work.
And shenanigans like that always confirm my decision avoiding the ongoing enshittification of the world by moving my stuff. From windows to linux (hello, lovely nixos), from onedrive and googledrive to synology drive (hosted on my own local synology), from gmail/outlook to my self-hosted mailcow. The list is growing, and every new thing either needs to be open-source or self-hosted. Play stupid games, win stupid prizes.
@@redstone0234 You're right, and I wouldn't recommend that for everyone. Luckily I know most of the pitfalls after 20 years in tech. And if I end up on a blacklist... c'est la vie.
Not even in a spam-filter: Gmail servers just _ignore_ messages that aren't from a whitelisted mailserver. It's anti-competitive & against the protocol's specification, but no one has made them stop doing it yet.
@@prophetzarquon1922 I couldn't care less about google refusing my mails. Receiving messages is the important part. Also never send out mails from your server directly. Always use relays. If one ends up in a blacklist, replace it.
If I'm remembering it right: Redigit *couldn't* publish Terraria on Stadia because there were too many company things on his personal Gmail, it was maybe even the account they were going to publish from. I could be exaggerating in my memory though.
2:53 I hate Google Play with a passion. Every time you go to update an app, there are at least 15 new forms you have to fill out before you can upload your APK/App Bundle. It's stupid.
@@Lucas_Simoni oh they are still on github and I have obtainium setup to pull updates for family members that I have set to use the apps so that they stay up to date.
@@Lucas_Simoni Self distributed apks have barely any more permissions than PWAs. At that point it really makes more sense to abandon having a native app at all.
Google drive was always shitty, I hope apps stop using it and then we can have a little fight over the best features, but I know people aren't interested in pushing their data around to make their voice heard. So we are stuck with shitty half solutions.
Maybe because everyone has a google drive, and the alternative is every app requiring you to have an account with a different cloud storage that you have never heard of? And how many are gonna even give API access?
I really dislike google drive APIs, they have been stopping me for months. I built a VR file viewer, and they won't allow it to browse a user's own files, just keep giving me the run around. But this is also iOS and Android, both versions are hurt. Think i'm just going to drop the feature, dropbox still works.
They meant "open" as in not a walled garden and/or not restricted to their hardware. It can be a minefield developing for Windows if you need to do anything really low level because you never know what kind of hardware or 3rd-party software and drivers you might be dealing with. Still, for most desktop and store apps these days, you rarely have to worry about it. Game devs probably run into issues more than anyone. Apple's big advantage over other operating systems is they only ever have to run on their own hardware and drivers.
I work for a large software company and the temptation for us (even as a 9 figure per year in revenue org) to drop our Android app is hugely tempting. It's so much more effort than it is worth. And believe me when I say, it hurts me to say it because I used to *love* Android. But even ignoring the issues you mention in this video, the fragmentation and absolutely WILDLY variable device performance differences is just absolutely insane.
"don't attribute top malice" ignores the 3rd option - you don't know what certain large companies stand to gain from locking out competition within the Google garden; this option is equally likely which would imply Google IS getting a lot of money and or getting lobbied behind the scenes. Venture scale money motives are not immediately clear so don't ignore them outright.
Not to defend Google, but does Manifest v3 break "most", or only "a few of the most popular"? For the general public, there may be little difference, but I've only noted a _few_ ad-blockers that aren't Manifest v3 compatible? My Android phone, Windows desktop browser, & Linux chromium-based browser, are all using a free ad-blocker that's been Manifest v3 compatible for quite a while now. It's not _the_ most common, but it's one of the most commonly cited ad-blockers, & each of the others I looked up just now, already work fine with Manifest v3?
This move makes some sense from Google's perspective. They aren't being dumb or incompetent. They get to say they've increased security while offloading all of the cost, verification, and liability of those claims onto app developers and the auditors they have to hire. They've also reduced their own maintenance, compliance, and security costs by reducing the number of apps hitting the drive API. It is gross though and ultimately bad for consumers as it shrinks their options only to devs/partners who can pay the tolls, locking out most new entrants that don't have large VC backing. These walled gardens are always going to make choices like this that protect themselves no matter the cost to others. Seems like they've already captured so much of modern computing that it's hard to see a way free of them. Users and devs should try as best they can though. Would be great if free sync tools like syncthing had integrations available for android app devs. Until then, maybe devs just need to write local and push users towards these sync tools that are further outside the garden. PS: Dropbox wishes they could bully users and devs like Apple/Google. The only thing making them less evil is a lack of scale. Spend the dropbox fees on an offsite server running syncthing. Don't let someone else control your files.
It's weird that Android doesn't provide sane and consistent file APIs… iOS has done this for years. Like, the OS that had a file browser well before iPhone *doesn't* have sane file access APIs and the ability to write to a sandboxed folder in the OS' native cloud provider? *What?!* And it requires *the developers to use a separate service API for cloud access?* *Huh?!* How did Google ship this??? On iOS its native file APIs means you can just sorta… write to iCloud. It goes into a sandboxed area that shows as a folder with the app's icon in their iCloud. If you want to write or read from somewhere else? You just request a file, and the native file browser lets the user select a file from *wherever* and provides the app with access to that file and that file alone. What is Google dooooiiiing?!?
That's the kind of stuff that made me stop developing Android apps. Google deprecated Google Drive apps and forced everyone to use their api, unless you're a huge company. It also rewrites it's own android sdks all the time for no good reason, and then forces you to update to the latest version. You have to learn a completely different library on their horrible docs site to do the same thing you were doing before. Ain't nobody got time for that. These required documents are also a pain in the ass, they keep requiring more and more stuff almost every month. It's just ridiculous.
@@laujimmy9282 Yeah, I know it sucks, but quitting depends on what you want for you career. There will always be demand for Android devs, so you would be in a safe spot I assume. If you quit, you would have to choose another tech stack, like web front end, iOS dev, backend, etc. If I were you, would do what I like the most but that also pays my bills
Thanks for raising awareness on this, although I haven't released any Android apps, I was writing one. I'll just forget about designing anything that uses Google Drive now. If you have to use someone like KPMG I'll forget it, they are probably the worst people to work with. One of the things I was asked was why our website didn't have a control panel to prove that required payment. We had to show that we had an option to take payment was switched on because payment for products in mandatory. We argued that if payment was mandatory for products, why would we even have an option to switch it off, but they just wouldn't listen. I no longer work in the same company, and I am relieved I don't have to work with KPMG any more. Just avoid them like the plague.
Google flagged my app as fishing, which it had none of. It requested user input so they could update their data, but that's it. I repeatedly received rejections from what looked like AI, until one day I received approval after 5 failed requests, despite changing nothing on the frontend nor the backend.
I wonder if this violates the EU's competition rules forcing large companies to maintain APIs for third party integrations. The US will never regulate mega corps for their anti competitive practices
Absolutely the right approach by iA. Been loving their products for years. If the platform doesn't want you, move away from it. Especially if you are a product with a name.
I lost my Android Developer account because my business legal name changed and the form to inform that change at google does not work. After 6 months trying to contact from many other ways I simply lost everything.
It was always bad with the api verification process, some of things they require you to submit are things that don't even apply to your app sometimes and it can get stuck in limbo for a long time
I enjoyed Google’s advert for Google Drive while on Google’s UA-cam platform while watching this video. That’s my daily irony amount achieved and I’ve not even had breakfast yet…
5:07 The passport scan is required for all Google developer accounts. What was frustrating is that you needed to verify your phone number however phone numbers from my country weren’t supported… I had to get a new number from the US to do that
I'm a solo dev building an Android app with an accessibility requirement, I haven't even gotten to the approval stage yet... this sort of shit is scary af for me. I've been trying to build Google Sign in for the app + a Chrome extension I'm building alongside it and even that has been rough with Google's policies. I'm not sure if I should keep trying here
We just ate the cost of doing two security audits just to be able to use the Gmail API, which isn't even remotely the most used feature of our two applications. We're afraid they'll do it for something else. The worst part is that they use tools that are free and when you get a report, it contains dead links to those tools' websites to tell you what to fix.
"This is an *unintentional* power shrinkage to the most powerful people who can afford to do all those things" It is definitely intentional, big corps HATE small and opensource projects
Happy Synology customer here. Most of my video consumption is done with grayjay. One of my phone doesn't even run google play services. The other must because of some banking apps.
6:20 do you know what I believe? That that is Google Gemini making the response, and just nobody caring to actually do some quite sensitive work on that. There's no way a team makes an actual analysis and says that, or then they have to be publicly pointed at and shamed for being exceptionally incompetent and maliciously damaging for colleagues and customers.
I’ve watched _at least_ three of your videos now, and I _still_ can’t get over your face being that of someone non-Australian. Every time I forget, and I click on one of your videos expecting “crikey mate, struth!”, and then you speak and I’m surprised all over again.
I’m old enough to remember when Theo was reading us Google wasn’t changing Chrome to manifest v3 to get rid of ad blockers. (That was a few days ago for the uninitiated).
Since theo makes further comments about Google not caring about “chump change”. I promise they do. Companies are constantly looking to cut waste and offload their own burdens. They don’t always do this in the most logical or efficient ways, but once a clear and obvious way to make money/cut losses comes along (like killing adblockers or making devs responsible for their own security scans) they will start doing it.
Apple's App Store policies might be consistent in the sense that they don't get changed often, but Apple is far from consistent in enforcing them. Equally as bad if not worse if you'd ask me. If stuff gets changed a lot, but you know that what is written is followed, you at least have something to follow.
This is a vertical integration issue. Access to google drive should have nothing to do with permissions in an app just because they're owned by the same company. Imagine if they restricted SMB or S3 access the same way (or maybe they do?)
Random question, and I may be out of line since I don't use IA Writer, but doesn't the updated storage spaces feature on Android let you read and write to Google drive right in the file manager, regardless of whether that app natively supports GDrive itself? I use this feature all the time with various apps and my Nextcloud server.
They're doing this to prevent startups from launching competing cross-platform storage and search products like Glean, DropBox Dash etc. Makes sense to be honest.
Google Drive has always been a monumental pain for developers. Now, it's been made even worse? 100% saw it coming. Based video by the way, keep it comin'!
I kind of understand where Google are coming from, from a security perspective. You don't want people giving access to their Google Drive account to an application that turns out to be compromised or contain malicious code that exfiltrates all their private data. But they have to make the process less onerous for smaller developers, it sounds like such a pain to deal with.
I have a feeling that this is the start of something bigger then we can wrap our heads around at this point in time. Data has become even more precious and it seems that due to more regulations and pressure random applications can't simply get the keys to data kingdom that easily. Also lets not beat around the bush, Apple Application submission process is in the same state as Google, you just need to check the developer forums and very quickly find out all sorts of weird and random issues.
In this case, the solution would be to remove support to google drive. Maybe just save data locally and allow users to manage it with an import/export feature. But I generally agree with the vibe of the video
Accompany that has been outed by multiple governments as a tech monopoly, is being forced to break up in several jurisdictions, and has been fined octillions of dollars is going to strike out at the easiest target as it knows it is in trouble.
I totally understand why unrestricted drive access is scary to hand out, but these rules are ridiculous. What's the point of annual scans in the first place? For a scan to have any meaning it has to be done for every single new version of the app, and that simply cannot be done manually. Either your company is too small to afford manual reviews, or the application is so big that it can't be manually reviewed, there is almost never an in-between. The sensible approach would be to make users aware of the risk of running these apps before they approve the drive access, and the ability to lessen those warnings by going through the security audit process.
You know what's crazy? Until this video, I had no idea Panic was primarily known as a game developer. I knew of the Playdate, but didn't connect that it was done by them. To me, they were always the "Transmit" people.
I personally don't have much sympathy for iA Writer devs - while their app has some nice features the price is huge for just a writing app. There are many other apps that are almost as good for writing but their price range is like 0(free)-10% of iA Writer. Still I go not support Google in using their effective monopoly position(on Android market) to force stupid rules on devs in general.
I just paid $400 to Google for my "security audit". They found 0 issues. Thanks.
@@
$400?
I was expecting at least another 0 on there, if not two, considering how they were talking?
Come on antitrust
well if there actually werent any issues thats great
$400 isn't gonna get you any more than running an automated scanner. Someone who does pentesting gets paid more than $500 a day, and that's before accounting for all the other costs of employment beyond what people get paid
Every google product hates developers. It's ridiculous what you do to get an API key properly work
Apps Script is where it's at
@@trappedcat3615 I reported an issue with custom functions reloading needlessly costing my clients money on too many API requests, and they were like "Well, try caching", I explained that caching doesn't solve the problem since 1. the custom function like the one I made are not supposed to be deterministic but should generate a new value every time they are called and 2. you (Google) doesn't even allow caching (I think) for more than 6 hours, which is a joke. On top of that it's an obvious bug since the functions recalculate simply because you move the column from one place to another (and even when that doesn't result in cell references being changed in it), but guess what? they were like... "yeah don't care we downgrade this from S2 -> S3" which I learnt it's basically "something that doesn't affect a lot of users, so the priority is low". In my opinion Google Sheets and Apps Script are the only "apps" that make Google worthy it. I can't think of any other Google productivity tools that is worth the time.
The only reason I reported that bug is because I thought they were serious, but off course not, to me they came across as arrogant and cocky and seeing what they do with people here on UA-cam with censorship, it all makes sense: they are all the same.
Google is the new Microsoft, and I hope it will die.
@@trappedcat3615 long story short, they themselves don't even take Apps Script seriously!
@@deleted-u5g Haha... I doubt you even know what Im talking about. My last job is still running admin scripts I wrote using cronjobs on forms, calendars, and sheets.
@@deleted-u5g what's the long story 😂
"dropbox is fine" is a great overstatement considering how many data loss stories there are with it (including my own).
Dropbox randomly disabled my account with no explanation. If not for a mirror image on an external spiny hard drive, I would've lost everything. Eff Dropbox
I watched a whole convention center full of people, pivot towards the help desk areas, on (one of) the day(s) when Google locked out anyone who hadn't used a desktop browser interface to accept their new Drive & Docs terms of use.
My point being: They don't care what happens to users; like "Ma Bell" of old, they can tank any hate they garner, & just keep rolling.
Really? I had no idea.
@@TheRaggiesoftprob lost your data and don't want you to know lol
Google, one of the largest, most influential, most highly opinionated about your apps and sites, companies has the absolute worst UI, usability, DX etc. Absolutely astonishing and ridiculous this is still allowed
Google used to have great UI design (outside of websites). Something happened. They kill my fav platforms, so I no longer use new Google products. Even Google search has been terrible for a long time.
What do you mean "allowed"? Most of their products are free to use. It's not like you don't have a choice to use other products.
"Google has the absolute worst UI!"
*Microsoft enters the room*
@@Lucas_Simoni
Apple follow is rules up-close
Why - Kodi if you try to find it your only find is remote control which is less legal than is self
But Google your find not legal apps acting like the real ones which google allows
@@Action2me Yeah. You can use other things! Just know they aren't part of the google monopoly. Because that's what it is, a monopoly. And it's fucking horrific for competition... as this video might've told you, if it could get through your skull.
Don’t use Dropbox. They have long history of branches, employees going though people’s personal files and gov agencies accessing people’s drives.
branches? did you mean breaches?
All goverments can demand information afaik so it is the same.
Just encrypt your stuff.
Booooo the government booooo scaryyy booo
@@leandro6234 this is an ignorant statement - just because spooks CAN go thru courts to get a judge to approve an evidence-based warrant does not mean it is the same thing as straight-up having access to every person's data in Dropbox.
To get a warrant you already need to have evidence, whereas if you sift thru every person's dropbox you can target individuals who were never on the gov's radar to begin with. This applies to every medium, including wiretaps, traffic sniffers, text messages, emails, etc.
Apple App Store definitely changes their requirements often. I was fighting them on an IAP change, and in that process, they changed the requirement again.
They're also enforced inconsistently. I once had Apple block a critical bug fix update because they said I violated a UI guideline of allowing more than one popover to be open at a time, even though that UI had existed and been approved since the very first version of the app.
Came here to say this. The idea that Apple doesn't pull the rugs on devs is laughable. Their requirements are opaque, change constantly, and aren't consistently applied from review to review. I remember every time we had to submit an update for review the whole team would just cross their fingers, and often be disappointed, only to have basically the same app approved the next time. This was the scenario at multiple companies in wildly different industries.
After weeks of back and forth with Apple, in the most random dumb little things they wanted changed. They suddenly out of no where, wanted me to remove the user login from my app. Considering Google nor Apple give you a proper device id to work with ,all this does is cause massive regression my code base in order to try support dogshit no login concepts that are pushed onto me, by people who dont even give you the tooling you need to do such things correct.
I dont want to generate a uuid. I dont want my dbs filled with tons of 'devices' or 'accounts' for these uuids that will change every time the user wipes the app. Its insanity.
While you sit there, and both stores are filled with apps that need a login to function securely and well.
Have to be honest. This is tame in comparison what happend just yesterday from Google Play reviewers;
We submitted a newly app in Closed Testing-and we had previous releases with no issues, mind you-and not only did they not use the correct password for the review account, they used the Production of the legacy app. They rejected the submission with "Violates our policies; no disclosure for use of Bluetooth Location permissions." - of which this update was exactly made to address.
I fault both Apple and Google for these terrible processes, but this took the cake for me. It shows how broken they really are. Mistakes can happen, but getting the wrong APK of an app that is a completely different version number, and look and feel and then reject it for entirely different reason is insane. And it's not something you can dispute either; you're forced to either resubmit (and rebuild) or contact their "policy support" which can take multiple days to get a response from.
So far we have not had this ridiculous treatment from Apple, but we're also just about to release our new app in a closed beta test to the public. Time will tell. What's funny is that Apple didn't seem to care that we asked the user for Bluetooth permission during the splash screen without context. We later addressed this ourselves, because Google was more strict on this.
@@draken5379 I had the same problem with apple. I, by now, removed the login and the functionalities that requires an account. I plan to return them eventually, but I gave up dealing with apple crazyness. My experience with apple is way worse than with google.
"Never attribute to malice what can adequately be explained by stupidity... *_unless it's a big corporation._* They are, by definition, malicious."
They are also naively optimistic and "people are stupid in large groups" prone.
"Big corporations are, by definition, malicious." might be the dumbest take ever to exist. Big doesn't mean evil. That said, I don't have anything against preventing corporations from becoming too big, because big corporations do cause problems such as monopolies, but literally never is this done. Like for example, why was Microsoft allowed to buy Activision Blizzard? Why was Google allowed to buy UA-cam?
@@Spoco In the case of publicly traded companies? yes big means evil, because if you are not evil you don't get big or you crash down. It is only possible for privately traded companies to be "not evil" and big at the same time.
@@diablo.the.cheater "if you are not evil you don't get big or you crash down" And why is that? You are saying that all of the biggest companies in the world are evil, yet you and all the people you know buy and use their services every day, but apparently they just cannot simply be successful by doing exactly that?
Stupidity and malice are not mutually exclusive.
The only reason I can think of as to why they'd ever say that a "writer" app only "needs" read-only access to Drive, is if they want to force people to use Google Docs.
Ah yah. That garbage.
it's time for "drivething"
picthing
uploadthing
and...
downloadthing
now someone is going to buy that domain and sell it for 4000$ to Theo.
I cant wait for Datething
@@Dhalucario Yes, let people submit their coding projects, and whoever's coding style matches, put them up together.
Ooo yaa
I've been building hybrid apps for 10 years now. Saying developing for Android is a nightmare is saying you've never developed for iOS. Apple constantly changes their contracts. You get your update rejected for no reason after changing a color just because your former version got accepted by a random guy that had no issues with it and the next random guy does. They don't even follow your provided notes to test some new in app purchase and mostly reject you with copy/pasted random messages that have nothing to do with the issue. You can even receive app deletion warns because of bad reviews that have to do with their own iOS users not understanding what an autorenewal so you're now treated as a scammer. The truth is I have never used the Google Drive api but saying that developing for Android is a hellish experience because of that reason when deploying an update to Google Play is usually tap a button and you're done... mhhh yeah...
Having deployed dozens of apps to both iOS and Android I can confidently say they both suck, but Android definitely sucks the most. Dev console is hell to navigate, SDK deprecates on a 2 year cycle, random arbitrary/subjective rejections. All of this happens on iOS too, but I've definitely had worse experiences with the Play Store. It's also easier to take an app down from the App Store and bring it back up later than it is on Android because it has to be approved again. Not to say that Apple doesn't occasionally change terms in a way that majorly screws us over every now and then, but Google is almost as bad and the day to day experience is horrible. They monopolize these systems so they don't really have any reason to improve though.
Also quick edit to throw a fuck xcode in there
As another mobile app developer I would rather have a new sdk every 2 years than a new machine every 4 because xcode isn't updated for your device anymore. Not too mention all the random bs disapprovals only to submit the same app 5 minutes later and it will get approved.
Guys, there’s no need to fight, _all_ operating systems suck.
Except BeOS.
I've done both. Definitely hate android more. Working in android studio is a miserable experience compared to xcode. Yes, the iOS app store can be a pain, but my day to day life is easier developing for iOS.
@@willswonderland m1 air 8gb for 600$ after 5 years still holds latest xcode as day one. No major frizes/lags at all.
I've always hated Google Drive. I just want a tree view for folders, and it feels like this is a google drive anti-pattern. "Just search for it".. Maybe I don't want to just search for everything all the time.
Thank you for posting this.... I thought I was missing something in the API when I was trying to do a simple depth-fist descent through my drive directory structure.
Also its GUI sucks, has to load everything from the beginning every time you get out of a directory. I just wanted to download a bunch of NotITG charts, they're all on Google Drive. The way it works is there are like 100-150 directories with the names of charters or events it comes from, and inside are directories for charts themselves. When you exit a directory, it loads everything from the beginning, putting you in the beginning of the list. So you have to scroll all the way back to where you were, about 100-150 times. And also pretty often it'd just refuse to download a file, says "Download Failed", so you'd need to try it again. Double-clicking a directory also often results in it just selecting the directory or file above. Or, clicking the download button often does nothing at all. Google Drive sucks
Yeah, really annoying that the default view on the website is now just a collection of recently used file. It's a drive, show me it like a drive.
The ironic part is that if these apps had access to the drive, using it would probably be a lot easier.
The killer is that there's practically no recourse. There's no human to reason with, unless you have "friends of friends of friends" to go to. And even that doesn't work.
Even that doesn't work..
Google workers are kept separate from each other..
So if you work in one division and you need to contact another becsue of a problem then no go..
Its just the Indian Support that give you feel good lies but no real fixes..
Anti-Trust. Regulate. Legislate. If necessary, incarcerate. We cannot allow Technocrat or Mega Corporations to operate as Supernational states across the international market as they have been the last 20 years.
Yeah good luck with that, government doesn't care. When is the last time you heard of any person in any company being held accountable for literally anything? Enron???
The US government supports any company with international reach. They would only antitrust it if domestic public alone was prey.
In case of global societal and environmental damages they enjoy siding with bullies
@AnotherAustin-z7b so we all should just be complacent then?
@@highdrated369 not necessarily, I am only pointing out the unrealistic nature of hoping that the governments of Earth would ever do anything about it or be reasoned with when money is involved. Perhaps the only thing that would actually scare them is a corporation encroaching upon their power or collecting arms or doing something that would basically put them within the realm of organized crime or a non-nation private military worth going to war with.
But pragmatically, by waiting for politicians to do something about it, it will already be too late or will never happen. Beyond that any one person's only real hope is to either accept the rules and play the game to fight battles that can be won, or refuse to play and take their business elsewhere.
Aside from that, we are left hoping for an act of God, basically. I am open to any better ideas, but massive political shakeups only usually happen during revolts and that is not ideal or even necessarily worthwhile, so finding solutions within the scope of the restraints of the rules would be ideal. Something less than flipping over the board, but more than hoping for the rules to change or corrupt people to change their minds. Cause it's not like anyone arguing in good faith needs to be convinced that corporations have too much power, not enough accountability, and need to be regulated...
The only people arguing against that are the ones that personally benefit, or believe lies and propaganda and ignore reality and live in denial, so they literally can't be reasoned with.
So I didn't mean to sound derisive, I do genuinely wish good luck for anyone trying to achieve that, I was simply pointing out the potential impossibility of the task.
@@highdrated369when did he say that?
Ask Luke from Float Plane about the App Store rules being consistent 😂
Pretty sure Luke and Theo are friends too lol
Luke needs to leave that slime ball Linus behind
@@mattymattffs what did Linus do?
@@mattymattffsLuke and Linus are an unstoppable team
@@Brixster they dropped off hard. They lost all credibility in the eyes of true tech heads.
6:24 NO APP NEEDS ACCESS TO THE /auth/drive scope - THEY ONLY NEED /auth/drive.file
there is a huge difference in these - the first lets apps access EVERY SINGLE FILE on your drive, whereas the second only lets apps access the files THE APP CREATES.
This is a really bad look for iA Writer devs scoping things badly. Absolutely no app should use the whole drive scope, and that is why google seems to be "shadow-"deprecating it.
I came looking for this comment
What about apps that need to be able to open documents that they didn't create? This seems a perfectly reasonable expectation for a text editor app.
I know that drive.read allows to gain access to individual files through picker, but is there an ability to get access to entire folder? I'm not a mobile dev, and it's not immediately clear from the docs. If there isn't, I can certainly see some use cases where /auth/drive.file won't work. E.g. when you have to deal with tons of files in individual folders, that are imported through other app or Google Drive UI. And such use cases are pretty likely for document editing apps
@@Rikonardo folders are just metadata files in the drive ecosystem with the specific mime type `application/vnd.google-apps.folder`, so it's the same for files and folders. Think of drive as just a flat Key-Value store of drive IDs and file contents.
Even if you are right, the fact you, a random internet denizen, can recognize this from just a few screenshots, and GOOGLE didn't durring all their contact and instead suggested read only, only makes them look dumber than they already did.
These security theatre audits and compliance attestations are becoming increasingly "normal" pretty much every where in the corporate space. We have to prove to new clients which ones we've passed/already have, why we don't do their own preferred one, have increasingly severe deep internal audits to the point where any device that can no longer receive BIOS updates is a no no as it's a security risk.
It's becoming a total XKCD 15 standards issue and is only going to get worse as no one accepts anyone else's as good enough, regardless of industry bodies or government backing.
I get to waste about a month of my year on this shit, and I'm over it!
So yeah, google are crap here, but it's becoming 'the standard', so it ain't going anywhere.
"security theatre" is an apt phrasing!
Trust ≠ security, but whole industries have sprung up to conflate the two.
The end product is having neither.
The nice thing about Android is that you don't really need to deal with Google.
You don't have to deal with google drive, etc, to be able to make an Android app.
You don't need to publish your app on the Play Store. For example, you could let people download an APK, or use alternative app stores instead.
It isn't perfect, but at least you have the freedom to completely circumvent having to deal with Google if you want.
Cool, but who is downloading you app on alternate stores anyway? Other devs?
Android has its problems but is miles better than IOS precisely for this reason.
iOS now has 3rd party stores. Yeah, you can now play Fortnite on an iPhone.
@@Nekroido Europe thing only
I'm an F-Droid user, but even I am self aware enough to admit I'm the percent of a percent.
I will say, the experience being less smooth is absolutely Google's doing.
Background app installs and updates requiring root is absolutely an anti-competitive move, no good reason for it
4:59 No, they aren't requiring passport scans for Google Drive APIs, but for the Play Store.
This. The app I made like 8 years ago for my school requires nothing but internet to fetch data from our API. And now they ask me to submit my documents otherwise I can kiss my dev account goodbye, even though I paid own damn money for it.
This isn't the vid i wanna be recommended when I just got assigned a google API user story
Maybe DHH has a point with the PWAs?
yep yep yep
In fairness, the DUNS/passport verification was mandatory for all Google Play accounts registered as a business, and everybody had an appointment during the current year. It also involved filling out tax status forms for a number of countries. We went through the same thing with Apple. It seems driven by EU laws. The US has a deadline for similar "beneficial owner" laws at end 2024. It's just a 2024 reality about fighting tax evasion, and not personal.
To be clear: FinCen's BOI has nothing to do with tax evasion or money laundering. Huge companies are exempt. This is a small business kill list. Wait and see...
I ain't a registered business, and I only have a simple app for my school that displays articles retrieved from our APIs. No extra permissions, but internet access. Now I have to submit my document scans and hope it works before the Nov 8th deadline otherwise I lose my dev account I paid own money for. Nothing fair here chief
the government demands to spy us again.
I hope Trump will change this trend
It's *not* just for businesses. My personal dev account has been locked too. Not that I can't sign in, mind you; they're confident enough in my identity for that... but I can't use their APIs, etc.
@@Nekroidosue them then, if you paid for a Dev account it is yours to do with as you please presumably. Or you could just not host it on the app store
The last story about losing EVERYTHING from your Google account with no reason stated terrifies me.
yeah, ive heard about a couple such stories before. I pretty much expect drive to be gone at any moment, so use redundant storage, but I dont know what to do about dozens and dozens of other apps and servises and accounts that are authorized through google/gmail.
Ive also heard that if they ban your account, they may use tracking technologies to find any of your alternate accounts and ban them too. All of that is automated, ofcourse, they literally dont have real humans for revewing any of that, just like with youtube, and havent had for a decade. Any appeal just goes to a slightly more sophisticated bot.
Correction: Every few years Google does a cleanup of their Play Store by requiring the developers to give out again their identity (which I just did not that long ago,) update their apps (using the latest Android API target for example, which I also had to do). Then I understand Google's recommendations for the writer app were idiotic but I think you can kinda easily not use any of those scopes, the file picker/file saver activities enable you to access external storage (like Google Drive and others) which is now the recommended way to save/read from cloud storage because it asks the user using Android's UI what to do and where which is 100% transparent. The Google Drive writing permission is now considered to be a less needed one and useful in a very few cases (for Android apps anyway), asking heavy verification for its sensitive use is more understandable (even if I think the security audits are way too much). You could also say this forms anticompetitive behavior by only enabling your product (Google Docs in this case) to use the APIs required for Google Drive by stomping the little players with security audits. Also those checks are for many different scopes (just go to the Google Cloud Console and list the Google Workspace APIs with kinda relevant scopes). Finally, when they talked about limiting the app to 100 users they meant unverifying the Google Cloud project which limits the OAuth to 100 users (most of the time those are test users).
TL;DR: This is kinda stupid from Google but there are workarounds which are the new recommended ways to do and some of the points Theo made were just regular Play Store policies.
And as a bonus don't ask them to fight more against piracy because they just enabled developers to prevent sideloading of app IDs if they are present in the Play Store (see all the Play Store Integrity stuff)
edits: typo/clarifications
Thanks for your clarification. As a dev adapting to changes is tiring but as a user these uniform checks and updates are welcome, maybe some the pickforks would drop helpful if reasons why were concise, reasonable and human readable
"they just enabled developers to prevent sideloading of app IDs if they are present in the Play Store"
Well, _that_ will teach me not to use an Android tablet! Seems like every third app lacks tablet validation, despite running absolutely fine on them.
Yeah they are trying to protect their reputation and the reputation of the app store, but that makes things more difficult for small devs because they have to do more work to keep up
I understand google not wanting to give apps full write perms over someone's entire google drive. However, the better option would be allow users to designate a folder for apps to access, and not allow that folder to be the top level one (aka full access). That way it's down to the user to decide what folder an app has access.
But that requires WAY more work on Google's side.
As a user, I thought that already existed. I have some apps that have used directories for storing their stuff, or backing up settings and I had assumed that they were restricted to their own directory. For example screencastify, which lets me record screencasts. It only saves to my Google Drive, they use it as their storage, in exchange for not charging a stupid amount per year. Maybe I granted full access without realising it.
That actually exists already.
You can ask for many different API Scope levels, including drive appfolder, and drive appdata
But they only allow you as a dev to access that apps specific folder.
If you want a user to pick a file to open/edit you should use drive file which opens a Google provided UI to pick a file and then sends it to the application.
The full drive api scope grants access to all files and folders on the google drive and is therefore restricted.
Though Google specifically lists productivity and note taking apps as apps that can apply for full drive scope access so why they had to be such a pain in these cases is beyond me.
Shit like this is why I have been using Bing out of spite. I hate what Google has become and hope they have plenty of more lawsuits coming their way.
I wonder if Google realize how their continuous reputation for making useful stuff go away drives anyone with a long term requirement away - not just now, but in the future too. It erodes trust. Including corporations with devs who have been bitten once too often. It is sad to see.
If there were a concerted shift away from investor-driven services, I might be thankful for their bad example. As it stands, I see bad practices proliferating, while we collectively vacillate between abusers.
Yeah when they have you by the balls they don't care to make things easier
This is why we need laws to protect side-loading and 3rd party app stores. At least they could host their own APK, or offer users cloud storage for a subscription instead of google drive. Heck, maybe even let pirates use a rate-limited free tier and convert them into paying users if they want to use it for work.
And shenanigans like that always confirm my decision avoiding the ongoing enshittification of the world by moving my stuff. From windows to linux (hello, lovely nixos), from onedrive and googledrive to synology drive (hosted on my own local synology), from gmail/outlook to my self-hosted mailcow. The list is growing, and every new thing either needs to be open-source or self-hosted. Play stupid games, win stupid prizes.
self-hosted Mail is a pain! good luck not finishing up in a spam filter
Just take a smaller mail provider like Proton or Fastmail
@@redstone0234 You're right, and I wouldn't recommend that for everyone. Luckily I know most of the pitfalls after 20 years in tech. And if I end up on a blacklist... c'est la vie.
Not even in a spam-filter: Gmail servers just _ignore_ messages that aren't from a whitelisted mailserver. It's anti-competitive & against the protocol's specification, but no one has made them stop doing it yet.
@@prophetzarquon1922 I couldn't care less about google refusing my mails. Receiving messages is the important part.
Also never send out mails from your server directly. Always use relays. If one ends up in a blacklist, replace it.
@@prophetzarquon1922 I wish I could reply but my comments get deleted all the time.
If I'm remembering it right: Redigit *couldn't* publish Terraria on Stadia because there were too many company things on his personal Gmail, it was maybe even the account they were going to publish from. I could be exaggerating in my memory though.
No, Terraria for Stadia was momentarily canceled because the creator’s Google account was banned for no apparent reason.
Android and Stadia was being done via 505 games
Part of me wonders if this is Google's ham-fisted way of trying to get people to stop using Google Drive as the storage for their Plex library.
Why not use private UA-cam videos, for that? Transcoding degradation?
@@prophetzarquon1922 Private won't block ContentID/DMCA.
2:53 I hate Google Play with a passion. Every time you go to update an app, there are at least 15 new forms you have to fill out before you can upload your APK/App Bundle. It's stupid.
I abandoned hobby apps because of this. The hoops were not worth jumping through anymore.
All these non-free platforms are a massive pain to develop for. I've abandoned them so I can keep building things and enjoying new ideas.
@@Lucas_Simoni oh they are still on github and I have obtainium setup to pull updates for family members that I have set to use the apps so that they stay up to date.
@@Lucas_Simoni Self distributed apks have barely any more permissions than PWAs. At that point it really makes more sense to abandon having a native app at all.
@@HansZimmer-b1r Actually, self distributed APKs don't have limitations once they're signed ;)
Plus, what limitation are you talking about?
@@d3stinYwOw You don't get low power real time push notifications.
build for web, support non-google browsers
So basically Firefox.
Google drive was always shitty, I hope apps stop using it and then we can have a little fight over the best features, but I know people aren't interested in pushing their data around to make their voice heard. So we are stuck with shitty half solutions.
Cuz it's free 15GB of storage
Maybe because everyone has a google drive, and the alternative is every app requiring you to have an account with a different cloud storage that you have never heard of? And how many are gonna even give API access?
I really dislike google drive APIs, they have been stopping me for months. I built a VR file viewer, and they won't allow it to browse a user's own files, just keep giving me the run around. But this is also iOS and Android, both versions are hurt.
Think i'm just going to drop the feature, dropbox still works.
They meant "open" as in not a walled garden and/or not restricted to their hardware. It can be a minefield developing for Windows if you need to do anything really low level because you never know what kind of hardware or 3rd-party software and drivers you might be dealing with. Still, for most desktop and store apps these days, you rarely have to worry about it. Game devs probably run into issues more than anyone. Apple's big advantage over other operating systems is they only ever have to run on their own hardware and drivers.
I wish Apple's app store policies were consistent.
at least that mean i dont have to iphone :) cause iphone = crapple
I work for a large software company and the temptation for us (even as a 9 figure per year in revenue org) to drop our Android app is hugely tempting.
It's so much more effort than it is worth.
And believe me when I say, it hurts me to say it because I used to *love* Android.
But even ignoring the issues you mention in this video, the fragmentation and absolutely WILDLY variable device performance differences is just absolutely insane.
"don't attribute top malice" ignores the 3rd option - you don't know what certain large companies stand to gain from locking out competition within the Google garden; this option is equally likely which would imply Google IS getting a lot of money and or getting lobbied behind the scenes. Venture scale money motives are not immediately clear so don't ignore them outright.
Similar to the "Manifest V3" forced switch -- which coincidentally breaks most ad blockers for UA-cam.
Not to defend Google, but does Manifest v3 break "most", or only "a few of the most popular"? For the general public, there may be little difference, but I've only noted a _few_ ad-blockers that aren't Manifest v3 compatible?
My Android phone, Windows desktop browser, & Linux chromium-based browser, are all using a free ad-blocker that's been Manifest v3 compatible for quite a while now. It's not _the_ most common, but it's one of the most commonly cited ad-blockers, & each of the others I looked up just now, already work fine with Manifest v3?
Enshitification incoming.
This move makes some sense from Google's perspective. They aren't being dumb or incompetent. They get to say they've increased security while offloading all of the cost, verification, and liability of those claims onto app developers and the auditors they have to hire. They've also reduced their own maintenance, compliance, and security costs by reducing the number of apps hitting the drive API.
It is gross though and ultimately bad for consumers as it shrinks their options only to devs/partners who can pay the tolls, locking out most new entrants that don't have large VC backing.
These walled gardens are always going to make choices like this that protect themselves no matter the cost to others. Seems like they've already captured so much of modern computing that it's hard to see a way free of them. Users and devs should try as best they can though. Would be great if free sync tools like syncthing had integrations available for android app devs. Until then, maybe devs just need to write local and push users towards these sync tools that are further outside the garden.
PS: Dropbox wishes they could bully users and devs like Apple/Google. The only thing making them less evil is a lack of scale. Spend the dropbox fees on an offsite server running syncthing. Don't let someone else control your files.
It's weird that Android doesn't provide sane and consistent file APIs… iOS has done this for years. Like, the OS that had a file browser well before iPhone *doesn't* have sane file access APIs and the ability to write to a sandboxed folder in the OS' native cloud provider? *What?!* And it requires *the developers to use a separate service API for cloud access?* *Huh?!* How did Google ship this???
On iOS its native file APIs means you can just sorta… write to iCloud. It goes into a sandboxed area that shows as a folder with the app's icon in their iCloud. If you want to write or read from somewhere else? You just request a file, and the native file browser lets the user select a file from *wherever* and provides the app with access to that file and that file alone.
What is Google dooooiiiing?!?
That's the kind of stuff that made me stop developing Android apps. Google deprecated Google Drive apps and forced everyone to use their api, unless you're a huge company. It also rewrites it's own android sdks all the time for no good reason, and then forces you to update to the latest version. You have to learn a completely different library on their horrible docs site to do the same thing you were doing before. Ain't nobody got time for that. These required documents are also a pain in the ass, they keep requiring more and more stuff almost every month. It's just ridiculous.
I am actually deciding if I should quit as well, after watching this vid
@@laujimmy9282 Yeah, I know it sucks, but quitting depends on what you want for you career. There will always be demand for Android devs, so you would be in a safe spot I assume. If you quit, you would have to choose another tech stack, like web front end, iOS dev, backend, etc. If I were you, would do what I like the most but that also pays my bills
Thanks for raising awareness on this, although I haven't released any Android apps, I was writing one. I'll just forget about designing anything that uses Google Drive now. If you have to use someone like KPMG I'll forget it, they are probably the worst people to work with. One of the things I was asked was why our website didn't have a control panel to prove that required payment. We had to show that we had an option to take payment was switched on because payment for products in mandatory. We argued that if payment was mandatory for products, why would we even have an option to switch it off, but they just wouldn't listen. I no longer work in the same company, and I am relieved I don't have to work with KPMG any more. Just avoid them like the plague.
Google flagged my app as fishing, which it had none of. It requested user input so they could update their data, but that's it. I repeatedly received rejections from what looked like AI, until one day I received approval after 5 failed requests, despite changing nothing on the frontend nor the backend.
I wonder if this violates the EU's competition rules forcing large companies to maintain APIs for third party integrations.
The US will never regulate mega corps for their anti competitive practices
Absolutely the right approach by iA. Been loving their products for years. If the platform doesn't want you, move away from it. Especially if you are a product with a name.
More developers should bring their apps to trusted third-party Android App Stores, along with said stores getting more recognition.
I lost my Android Developer account because my business legal name changed and the form to inform that change at google does not work. After 6 months trying to contact from many other ways I simply lost everything.
It was always bad with the api verification process, some of things they require you to submit are things that don't even apply to your app sometimes and it can get stuck in limbo for a long time
8:19 To be fair, with write access, someone can add a ransomware-like attack on top of the data leak threats
True, but that can also be done by users.
the irony of the docker image not working omg
As someone who works in embedded systems, sending me a docker is already annoying. If it also didn't work, I would start breaking stuff.
I enjoyed Google’s advert for Google Drive while on Google’s UA-cam platform while watching this video. That’s my daily irony amount achieved and I’ve not even had breakfast yet…
Please get some free ad-blocking. Unsecured browsing makes everyone less safe.
5:07 The passport scan is required for all Google developer accounts. What was frustrating is that you needed to verify your phone number however phone numbers from my country weren’t supported… I had to get a new number from the US to do that
they've pretty much had a monopoly for a long, pretty much divorced my tech from it 7 years ago
I really like Proton Drive, all client apps are open-source. Sadly, they don't have first-party API yet
I'm a solo dev building an Android app with an accessibility requirement, I haven't even gotten to the approval stage yet... this sort of shit is scary af for me. I've been trying to build Google Sign in for the app + a Chrome extension I'm building alongside it and even that has been rough with Google's policies. I'm not sure if I should keep trying here
We just ate the cost of doing two security audits just to be able to use the Gmail API, which isn't even remotely the most used feature of our two applications. We're afraid they'll do it for something else.
The worst part is that they use tools that are free and when you get a report, it contains dead links to those tools' websites to tell you what to fix.
Why would someone be a VLC hater? Such a great product
I'm really getting sick of Google, acting like monolithic gods and they don't know what the fuck they're doing ever.
I warned people about app stores way back and no one listened and now here we are!
"This is an *unintentional* power shrinkage to the most powerful people who can afford to do all those things"
It is definitely intentional, big corps HATE small and opensource projects
Guess Google demoted Bard to reply to emails now.
Happy Synology customer here. Most of my video consumption is done with grayjay. One of my phone doesn't even run google play services. The other must because of some banking apps.
Yeah, not only Android. We are going through this with a Workspace app every now and then.
So we're back to Dotcom Bubble II : Cloud Armageddon. When we all need to setup on-premise data warehouses again.
6:20 do you know what I believe? That that is Google Gemini making the response, and just nobody caring to actually do some quite sensitive work on that. There's no way a team makes an actual analysis and says that, or then they have to be publicly pointed at and shamed for being exceptionally incompetent and maliciously damaging for colleagues and customers.
I was wondering whe the title wasnt "developers hates google drive now". But its pretty clear now :)
Google needs to learn that people really don't feel comfortable buying things that change dramatically
Im stuck at 20 testers, I have built my app for 3 months now.
08:15 malicious writing is worse than malicious reading if you use google drive to share executables (overwriting executable with malware)
The very first app I ever built was on top of Drive's API's and Google broke it within a couple years. Never again.
I’ve watched _at least_ three of your videos now, and I _still_ can’t get over your face being that of someone non-Australian. Every time I forget, and I click on one of your videos expecting “crikey mate, struth!”, and then you speak and I’m surprised all over again.
How is piracy a problem on the google store?
I’m old enough to remember when Theo was reading us Google wasn’t changing Chrome to manifest v3 to get rid of ad blockers. (That was a few days ago for the uninitiated).
Since theo makes further comments about Google not caring about “chump change”. I promise they do. Companies are constantly looking to cut waste and offload their own burdens. They don’t always do this in the most logical or efficient ways, but once a clear and obvious way to make money/cut losses comes along (like killing adblockers or making devs responsible for their own security scans) they will start doing it.
Apple's App Store policies might be consistent in the sense that they don't get changed often, but Apple is far from consistent in enforcing them. Equally as bad if not worse if you'd ask me. If stuff gets changed a lot, but you know that what is written is followed, you at least have something to follow.
This is a vertical integration issue. Access to google drive should have nothing to do with permissions in an app just because they're owned by the same company. Imagine if they restricted SMB or S3 access the same way (or maybe they do?)
You were ahead of me with the synology. I was 1 minute in the video and I was like. Time for some NAS
We've reached a new chapter in the "enshittification" saga... well done Google, you're going down.
Random question, and I may be out of line since I don't use IA Writer, but doesn't the updated storage spaces feature on Android let you read and write to Google drive right in the file manager, regardless of whether that app natively supports GDrive itself? I use this feature all the time with various apps and my Nextcloud server.
Just a friendly reminder the department of justice ruled that Google is a monopoly and needs to be broken up
I notice Theo posted 30 minutes ago, I go to bed. I wake up, Theo has posted 1 hour ago. Are you doing alright Theo?
They're doing this to prevent startups from launching competing cross-platform storage and search products like Glean, DropBox Dash etc. Makes sense to be honest.
Google Drive has always been a monumental pain for developers. Now, it's been made even worse? 100% saw it coming.
Based video by the way, keep it comin'!
This is the typical stuff monopolies do to get more of the pie.
I kind of understand where Google are coming from, from a security perspective. You don't want people giving access to their Google Drive account to an application that turns out to be compromised or contain malicious code that exfiltrates all their private data. But they have to make the process less onerous for smaller developers, it sounds like such a pain to deal with.
I have a feeling that this is the start of something bigger then we can wrap our heads around at this point in time. Data has become even more precious and it seems that due to more regulations and pressure random applications can't simply get the keys to data kingdom that easily. Also lets not beat around the bush, Apple Application submission process is in the same state as Google, you just need to check the developer forums and very quickly find out all sorts of weird and random issues.
In this case, the solution would be to remove support to google drive. Maybe just save data locally and allow users to manage it with an import/export feature. But I generally agree with the vibe of the video
Accompany that has been outed by multiple governments as a tech monopoly, is being forced to break up in several jurisdictions, and has been fined octillions of dollars is going to strike out at the easiest target as it knows it is in trouble.
I am in shock! You're telling me the big corporation is being evil? No way!
Google feels like it's managed by HR that knows nothing about devloping
tl;dr
fanboy yaps how
GOOGLE = BAD
APPLE = GOOD
but in reality they are the same
Google is an advertising company, Apple is a hardware company. They aren't the same.
Recently went through similar. Google Play is worse than Apple App Store right now, which is historically surprising.
Google seems to not want us using their products anymore these days
I totally understand why unrestricted drive access is scary to hand out, but these rules are ridiculous.
What's the point of annual scans in the first place? For a scan to have any meaning it has to be done for every single new version of the app, and that simply cannot be done manually. Either your company is too small to afford manual reviews, or the application is so big that it can't be manually reviewed, there is almost never an in-between.
The sensible approach would be to make users aware of the risk of running these apps before they approve the drive access, and the ability to lessen those warnings by going through the security audit process.
Maybe we need an open source audit organization we're auditors can voluntarily help open source projects with stuff like this
just kinda sounds like google is tired of devs taking advantage of google drive space being used as ad-hoc cloud storage for their API usage.
I don't want to defend google, but building your application on a third party API on which you don't have a clear contract is too big a risk.
You know what's crazy? Until this video, I had no idea Panic was primarily known as a game developer. I knew of the Playdate, but didn't connect that it was done by them. To me, they were always the "Transmit" people.
I personally don't have much sympathy for iA Writer devs - while their app has some nice features the price is huge for just a writing app.
There are many other apps that are almost as good for writing but their price range is like 0(free)-10% of iA Writer.
Still I go not support Google in using their effective monopoly position(on Android market) to force stupid rules on devs in general.