> And even if you don’t want to update the app, Google will eventually start hiding apps from users if the app doesn’t target some minimum API version. This means you can’t just publish an app and leave it at that; it’s several days of work per app per year to keep up with the latest rug-pulls from Google.
That's something I just can't understand. If the old API is insecure or whatever, then surely the OS can put some sort of a secure emulator sandbox around old apps. You can run 35 years old NES games but not a 5 years old app? This doesn't make sense.
I never particularly liked Microsoft but userspace compatibility is something they got right and Google got wrong.
Take for example an old gallery app that request complete file access.
Now the new API adds fine-grained access and removes complete access.
What are they gonna do? Give the old gallery app fake file access, making it completely useless?
This would make for a very bad user experience. It works for emulators, because noone expects emulators to be well integrated with the system. But it doesn't work for native apps.
Many features cannot be preserved. They could preserve some features, but doing so would result in some weird 50% support for old APIs, which wouldn't be great either.
In my view, dropping old APIs entirely makes sense.
> I never particularly liked Microsoft but userspace compatibility is something they got right
With the result of having absolutely zero sandboxing.
> Give the old gallery app fake file access, making it completely useless?
Yes. When any API is used for the first time, pop up a toast saying "this legacy app is trying to use File Access permissions. [Allow access to whole device] / [ Restrict to apps own files ]".
If the user hits 'allow', grant the legacy API. If the user hits 'restrict', give a fake filesystem.
The dialogue box should be provided by the OS, and if the threading model doesn't allow pausing the app to wait for user interaction, simply kill the app to ask the question, and restart it with the permission.
Except that legacy app owners regularly get offered money by bad actors, to purchase the apps and take over. Which means that anyone who "Allow access to whole device" suddenly gets a malicious update that cryptolocks them or steals their files.
Real scenario, real problem, semi-common attack vector. Enough that it's a serious problem for Google.
You don't have to give access to whole device. Ask the user what he wants to share, then present the app with a skeleton directory tree where only allowed parts are visible. App can as well think that is has a "full access" whatever that means, it's a matter of terminology.
You've got an old app that uses an API that assumes full access to the device. A new API that restricts that access _cannot_ just guess what the app actually needs / uses - the only sane thing to do is to ask the user what the app actually needs.
The problem there is that the user is not incentivised to precisely curate the permissions boundary of the app, they're incentivised to _make the damn popup go away_.
> You've got an old app that uses an API that assumes full access to the device. A new API that restricts that access _cannot_ just guess what the app actually needs / uses - the only sane thing to do is to ask the user what the app actually needs.
No. It knows which actual paths the app tries to access. They can be grouped into exactly the same permission bundles (access to camera images, access to downloads etc) which are used for newer apps. Then presented to the user for approval, like they are with newer apps.
The only difference is, you may not get all permission popups at once -- but that's already the case with many newer apps. They only ask for permissions to e.g use camera when you actually need it. And I like it so much better than the old approach when the apps would refuse to run without camera even though I don't need this particular feature.
> The problem there is that the user is not incentivised to precisely curate the permissions boundary of the app, they're incentivised to _make the damn popup go away_.
Right, and exactly the same problem applies to new apps natively built against the new API. The app can request unreasonably wide permissions and the user will make the damn popup go away. It's not relevant to the problem of maintenance of old apps.
>> I never particularly liked Microsoft but userspace compatibility is something they got right
> With the result of having absolutely zero sandboxing.
With the result of having useful machines that do useful work, instead of toys that "protect" users and prevent them from ever doing anything interesting.
Doesn't the operating system show you a prompt to show which files you want to give the app access to? From the app's perspective, nothing has changed. It gets a handle to a directory and can list files in it. Whether that directory contains 1 or 10000 items makes no difference.
Just to be clear: I don't disagree with you. I think it's completely normal to have APIs be deprecated, and this means eventually your app will break and be removed from the store. I just don't think this specific example was entirely justified.
For the file system, the OS could do something similar to what iOS is doing when you want to share a picture - giving the user control over which pictures the app has access to. Yeah, for a gallery app it could render the app quite useless because of the UX, but it would solve the issue itself IMO.
> Now the new API adds fine-grained access and removes complete access.
> What are they gonna do? Give the old gallery app fake file access, making it completely useless?
Can you elaborate on your example here? Couldn't they just do something like replace oldGalleryAppOpensOrWritesToAnyPlace() to askPermissionsForWhichFilesAndFoldersCanBeWrittenTo() or ifSensitiveDirIsNoLongerAccessibleAskPermissionOnWhichFolderToUseForCompat() ?
They could intercept file access to common folders, showing you a pop up with the files you would like for the app to see and show only those files to the app.
> Take for example an old gallery app that request complete file access.
This applies even to apps that don't request any permissions. I have some plain OpenGL games there and they still require this useless maintenance for them, which I'm probably won't be bothering with anymore.
Sure, but why is the API still changing now, after nearly two decades? It should be more or less locked down whether you do "file system is a free-for-all" or "every app is sandboxed".
I don't think people are complaining about API deprecation being a thing, either. They complain about it being a thing that happens too often.
>I never particularly liked Microsoft but userspace compatibility is something they got right and Google got wrong.
they both have their ups and downs. Windows 11 still has parts of the base OS that feel like they never updated from XP. and I'm sure there's a lot of legacy cruft that ultimately slows down the boot process or many low level OS management. you add a .lot of cruft to make sure you can support 30+ years of legacy software.
> You can run 35 years old NES games but not a 5 years old app? This doesn't make sense
If you are willing to fill your phone with emulators of every single version of Android, then yes, you can run any old app. This is how we run 35 years old NES games.
Would you need every single version of Android? or just a much thinner compatibility layer for deprecated APIs? Newer apps wouldn't be able to use the deprecated API but older apps don't just disappear either
It's all related. Emulation, compatibility and compatibility-through-emulation are very old and well-studied topics. The reason why it's not present on Android is because Google doesn't want to, not because they can't.
>The reason why it's not present on Android is because Google doesn't want to, not because they can't.
Sad as it may be, I imagine that lack of desire also comes from consumer demand. Most people don't care about running those 15 year old games, so what's the motivation?
For archival's sake, you should be able to seek old APKs and run older ROMS through an android emulator. So the minority of those who care have options.
It seems perhaps more relevant to point out that WINE can run 30 year old win32 apps. I suppose that does include code that could be described as emulators for every single version of Windows, but it's less work because Microsoft, for their many other faults, preserves backwards compatibility so old APIs tend to just keep working.
according to the post you reply to it's anyway not about being able to run an app. it's about not having it listed in the play store. and that won't change even with an older android version.
If apps get removed from the store as a consequence, that's going to be many more users left behind.
It's been mentioned time and time again, but it's worth mentioning again — Windows maintaining backwards compatibility is what maintained its hegemony, as compared to it, Linux and macOS look like hobby projects. For the young as well, because games still run on it, without worrying that Apple will invalidate their library due to not being in the mood to maintain 32-bits APIs.
The US Navy was paying $9M to keep Windows XP updated and patched just for them.[0]
I bet if you pay Apple similar amounts of money per year, they'll keep specific APIs available just for you.
And it's not like updating the app to a new iOS version is a massive undertaking, in most cases it's just a matter of opening the project in XCode, adjusting the OS version, compiling and publishing it again.
I can't speak about iOS, but when I open Steam on macOS, I see more than 2/3 of my library unavailable since macOS Catalina, which entirely ruined macOS for gaming for me. Clearly, updating those wasn't so simple.
And also, it's unreasonable to expect all software projects to need updates, forever. My hammer doesn't need updates.
All the smartphone vendors do that. I have lost several iOS apps I once bought, because the developer chased to regularily update his app, which eventually killed it.
I always assumed that's their algorithm mostly and not related to the API levels. Apps that stand out most when you open the play store now are often these with heavily inflated user numbers through scummy ads or practice.
This happens so quickly:
1. you are not allowed to root your phone or your bank apps will stop working
2. you are not allowed to take the screenshot of a move/cartoon (for meme purposes) because of policy
3. you are no longer allowed to use MHL to send video to your HDMI screen (use some smart-sh* itv)
etc.
if someone has his new kingdom filled, they will quickly build walls, introduce taxes and start oppression — same with Spotify artists, youtube ads etc etc.
I spent days trying to get my numbers verified. I tried using 3 different internet providers (init7, Swisscom, Yallo/Sunrise) and still received the 429 (Too many requests). It took me a 4th connection (cyberlink) and using my private cell phone which is now publicly visible on my Google play company profile. I still have an open case at Google Support which is over a week old with no reply. When I try to edit my number now to set my business phone number I still get 429.
On a second note. DO NOT PAY for your DUNS number. DnB does not charge for this number, only 3rd parties do. Contact DnB directly and they will issue you the number or send you your current number. I am in Switzerland and I can not lookup my number online but I can fill out a form at DUNS at which point a few days later you get your number via email. I used this link: https://www.dnb.com/en-ch/duns-request.html
As for official company document. Google accepted a PDF copy my Swiss Companies registration entry in the official register which you can just download online at no cost.
And as a final note. Google will re-review your apps. One of mine has now been removed from the app store and I am waiting for the appeal..: https://news.ycombinator.com/item?id=41667488
Once I had to register my company there and they wanted to "verify" the information. They did it by randomly calling me 2 weeks later and asked if it is real and asked me to give a phone to someone next to me to confirm I am not lying.
How would responding to a phone number, one given by the initiator himself, verify that he represents a company? Couldn't a fraudster just give them his or her a own phone number?
I would have expected that the money they siphon thanks to the likes of Apple and google would be sufficient for them to verify the numbers with a reputable third-party broker.
IMO nothing can ever be as bad as having to deal with Broadcom's Support Portal (after finding out that this is the place you 're supposed to get VMware software). An hour fighting the account registration process because it refuses to play ball with your password manager, followed by the site insisting that you "build your profile" in order to receive the proper entitlements to download the software. Building your profile then sticks you in a loop where you have to provide a "Site ID" which is totally unneccessary and indeed not available to non-corporate users who just want to get their free for personal use copy of VMware Workstation Pro.
They’re basically a data broker for businesses, like Experian/Equifax/Transunion except more self-reporting based. The amount of spam I received after registering with them was so annoying.
The digital economy is supposed to benefit from the "long tail" effect, where countless niche operators provide all sorts of diverse products that serve potentially only very small audiences.
The long tail concept was conceived before the development of central gatekeepers. As this post demonstrates, frictions introduced at these choke points (for valid or invalid reasons) can demolish that long tail in an instant.
I am personally very happy that developers need to add a phone number and contact email. Most of the apps I use on a daily basis are Google apps looking forward to start calling them for support, thanks Google!
> While [paid company ID] may be just some paperwork and a small expense, the next requirement is more insidious: “a phone number and email address for Google Play users to contact you”. I’m fine showing an email address, but I absolutely do not want my phone number to be available to anyone on the internet.
It's exactly the same, only cheaper and faster - some dumb extra cost/paperwork: get an extra phone number for this form and never use it/forward everything to voicemail, keeping your main phone private. The same goes for email, although that one would be free
Of course there is a phone number, it's even available on the first page of results if you, wait for it, google it. They also have an email. You'll be ignored, of course, but that'd be no different from what I'm suggesting the dev could do
Same - I never need to give my personal number to anyone. It's not even listed, so I avoid 99.9% of scam/phishing calls (unlike my work phone). Only family and friends use this number[1].
I have another number which I only use for the local pay-with-phone system. Second sim in a cheap dual-sim phone. And then there's a phone number which I only use for handing over to those services requiring a phone number ([1]the only exception to this whole thing is that my local bank actually has my personal number, but that's a voluntary exception).
There's no rule that "phone number" should equal "my personal phone number".
Except for the phone number thing though, I completely sympathize with the author.
I use charge card plans for those phones - I pay only for the usage. I push what amounts to about ten euros into the plan and that lasts a long time. To avoid non-activity I send a text message a couple of times a year.
I have numbers there that have been ported from local providers. There is no way for Google or anyone to determine if a number is a voip number. All google knows is which numbers they provided and this list may also be available to others.
Or there is a simple database lookup way to determine that the number doesn't belong to the local provider:
"Superfast Response Times
As we access the entire mobile number portability (MNP) database in every country where number porting is in operation, Velocity can truly live up to its name, providing answers at lightening speed (typically less than 5ms)"
That's not accurate - when a telephone company registers a block of numbers (at least in the US), you specify if it's landline, pager, VoIP, cellular, etc.
This is quite sad, but thankfully it is still fairly easy to just download an APK and install it. This is the primary driver keeping me away from Apple devices. I'll be very sad if Android stops supporting not-from-the-app-store APK files.
Well chances are that Apple will start accepting out of AppStore installs as well. At least in the EU so you don’t have to worry much about Google stopping apps being installed outside of google playstore
Few days ago I bought a modern ceiling lamp with bluetooth control. Connected it to my iphone and that was it.
My relative had an android though.
No playstore option. Downloaded the apk from their site, launched it. Access to your location? Photos? File system? Wifi networks? Etc? ETC? E.T.C.?
The thing is, it asks it every time you tap “connect” or “on” despite everything being disabled in settings. And of course it doesn’t work without permissions (bluetooth was on). Idk which are critical because none of them are acceptable.
That’s basically my average experience with apks. When you guys celebrate wins over apple, I wonder what future will look like and something tells me I’ve already seen it.
either the iphone app already asked for perms and you granted it all, or they didn't try to invade your privacy in iphone land at all (since an app review might scrutinize it).
But an apk might want to extract from you maximally, and there's nothing stopping them. That's why the android version is the way it is.
The problem isn't android itself, but that an open system is more vulnerable to being abused. However, i still prefer that over the closed garden.
they didn't try to invade your privacy in iphone land at all (since an app review might scrutinize it).
Exactly.
I prefer my lights to not know my location and photos, and to not even ask for it. With the fall of apple scrutiny, almost everything will work as described above. Cause it demonstrably does when allowed.
The problem isn't android itself
Android could (1) disallow repeating permissions popups, (2) feed empty or arbitrary data to apks because of the nature of their “habitat”.
F-droid and other non-standard firmware is incompatible with banks, other apps and hardware, so this is out of question.
an open system is more vulnerable to being abused. However, i still prefer that over the closed garden.
I respect your preference. In my case I should explain the situation to my relative and suggest to choose between the two approaches.
But I don’t see mutual respect when reading happy celebrations about destroying the protective garden. Not a thing in our conversation, but I hear it often and dread the results, where there will be nothing to choose from.
>I prefer my lights to not know my location and photos, and to not even ask for it.
deny it then. They want location to help with voice commands. Photos are to label your light profile. If you did either on IOS, you already gave permission. If not, you miss those features. I prefer the explicit choice.
better yet, Andoid can let you grant the permission for a short time then disable it on demand.
>F-droid and other non-standard firmware is incompatible with banks, other apps and hardware
Then make those exceptions or don't use them on your phone. This isn't rocket science. Just because there's choice doesn't mean some apps won't choose to stay stuck on google.
> I don’t see mutual respect when reading happy celebrations about destroying the protective garden.
because that perspecive isn't respectful in and of itself. Your garden isn't damaged, other peple are tilling new land. No one's making you go out of your garden, and if suddenly some killer app isn't in there you have a choice. You're not forever tainted from downloading another store and downloading one more app while 99% are from the App store.
Put it another way: jailbreaking has been a thing since IOS was a thing, there are already homebrew and unofficial apps (e.g. emulators) that you cannot access on IOS because you are in the garden. Nothing will change from then to later except Fortnite will not be in the App store. But if you were fine without Fortnite on IOS for 7 years, you aren't suffering now.
I wouldn't even post this if denying it once was a solution that makes it work. There was no real choice here. The choice of surrendering privacy vs getting tfo-ed is not practical.
Nothing will change from then to later
Jailbreaking is a process an average consumer won't do, so it disincentivizes app makers from making jailbreak-only ios apps. Forced regulation will make sideloading a regular thing which will shift incentives to what happened to my relative (please note: not to me). This directly affects the garden. The logic you're using here is naive at best.
F-Droid isn't "non-standard firmware", it's just an app store like the Play Store is and can in fact exist alongside the Play Store just fine. You don't need to do any fancy trickery to get it working (download APK from their site, install and that's it) and rather notably, due to (good!) changes by Google to comply with EU law, is basically an indistinguishable installation experience from the Play Store when it comes to updates.
As for faking empty/arbitrary data: this is a thing in Android, and has been a thing for several versions now. The unfortunate problem is that for reasons that I'm sure aren't tied to the big G's economic interests, the UI around "granted but not really" is complete dogwater (it's basically only functional for the gallery permission these days).
You can use something like appops[0] to forcibly override these permissions options, but it really should be made more user friendly.
I think the main problem with the closed garden is that it expects Apple to be a fair and unbiased steward of their ecosystem, when it's been proven over and over again that they absolutely aren't. They allowed the app store to be flooded with ad-riddled junk, allow for paid search results that make it harder for people to install government apps[1], press smaller app devs into adding more payment schemes and even on the most basic level demand a continuous resource drain with their licensing schemes that ensures that "just make a good app and sell it once" is eventually an unsustainable business model. And that's just the stuff that ends up hurting the customer; the dev experience from what I've been told is even more miserable.
This isn't to defend Android as being superior (the Play Store also has many of these issues), but at least with Android I can substitute the Play Store for F-Droid when it comes to non-government and non-banking apps. F-Droid at least ensures that I don't wake up one morning to realize that I have to plan a full week of support for relatives because an app decided to start milking it's userbase for money and ruin the experience; when Simple Mobile Tools went to shit, I was able to just spread that stuff out over a couple weeks at my own pace since F-Droid never shipped that version. (And it helped the fork get off the ground too.)
[1]: Probably one of the most frequent requests I got when I did tech stuff for the elderly was just "help me set up the government app to see [some service they were using]"; invariably the App Store would push some healthcare insurance nonsense or other vaguely related thing as the first result, which confused the hell out of them. It's unacceptable and I don't get where the "my low-tech relatives like it" idea comes from.
Oh, I confused f-droid with some firmware I’ve read about then.
Yes, I understand development issues for apple, but at the same time the end result is my lamp
- works on iphone
- sort of does work on android iff I accept the unacceptable
This is probably not a very “tech” case, but in my view it is pretty consumer-average, and it’s not the first app which does that (I had an android for a while). As a developer, I understand and share your concerns. As a consumer, my vote goes to the status quo. I think that developers interesrs shouldn’t go ahead of consumers.
I'm not trying to comment on the average quality of apps available for Android or iPhone. I'll even agree that Apple products tend to be better than their competition for average use. It's more just a personal thing where I feel uncomfortable when I buy a general purpose computer that limits my ability to install and distribute software.
Remote control: While climbing into bed, I notice through the window that the lights in the garage are still on. Not a problem: I can turn them off from where I am.
Automation: I get up, get around, and leave for work. Did I remember to turn the coffee machine off? The light in the kitchen? Did I remember to dial the thermostat back? I don't have to go back home and check because it doesn't matter: Those things were done for me, automatically, by virtue of leaving.
Later, I get home from wherever I went for work today. It's been a long drive, and it's dark outside, and it's dark inside, and my bladder senses the proximity of a familiar toilet and starts screaming at me before I even start to open the door. By the time I set foot inside of my home, the pathway from the back door to the bathroom has become illuminated so I can get there in a hurry without tripping over a cat.
that remote conrol will be like all others. disappear until I need it least.
I just needed to link a google account and permissions are minimal. nearby devices for the bluetooth/NFCand nothing else. other 5 permissions disabled. worth the convinience since I have control over what it can/'t do.
I'm also a solo dev and while I understand the nuisance the changes are often slow and spread out.
It's annoying if you have 1 app but if you have many, it's still the same amount of work.
I built a little offline, no frills app for mushroom picking for my dad's birthday and every 2/3 years I need to rebuild it with a new target API. No big deal and it keeps making me think whether it's worth it being there or not: until my dad or I go to mushroom picking then the answer will be yes.
This depends on your user base: their age, their country, etc.
If someone with a cheap Xiaomi with a weird default browser comes and tells me that they have an issue with my app/game, I can't get back to them and tell them to fck off because they are not respecting the stats. Or rather, I definitely could but I don't want to.
Yep, they are mostly similar but not exactly the same.
I developed a small web-based game and even that one required quite a bit of testing and debugging from players' reports as it seems every manufacturer uses a different default browser.
I have a check specifically for UC Browser (had no idea of its existence) as it has a bug regarding dates. Go figure.
And then people downvote me because they think all is Chrome and Firefox, while that's not the whole picture at all.
I imagine that is what Google wants. They don't want solo developers. They just want a company making apps. And dealing with companies is easier than with a solo developer. One could argue that a single employee company and a solo developer is the same, but again, the intention is to burden a solo developer single company, so that only small companies are the ones creating apps.
If they have not gone to the route of directly banning solo developers is just to avoid the pushback.
The problem is how much founding a company varies by countries. For example, I live in Portugal. Setting up a one-person company (Unipessoal LDA) is fairly cheap and easy here, but you're still required to have a certified accountant with certified accounting software. This increases the costs to around 100 €/mo minimally, just for running the company even if it has zero income. That's quite some bullshit if you just want to publish an app. But I guess Google doesn't care.
Yes, but they don't want unipersonal companies either. They want companies with certain size, and legal department, so if any issue arises, it will be between the legal teams to resolves, rather than support.
> the next requirement is more insidious: “a phone number and email address for Google Play users to contact you”.
It's even worse: if you are an individual with paid apps, Google will publish the physical address from your merchant account to your Storefront page. You will not be able to use a PO box / UPS Store box etc.
The problem is, legally in some jurisdictions as soon as you're earning money, and even if it's just ko-fi or small scale ads, directly via a Thing, you're now running a commercial enterprise with that Thing, and you better comply with all the regulations.
More than almost any other company in the world. I trust Google to protect my data well from external and internal snooping. I don't have that faith in many companies.
Yeah to me this is something people don't get about Google. Google was built around the notion that data is valuable so they do their best to keep it to themselves and not share with anyone. They do know who is who by tracking you but it is in their interest to allow their customers to utilise the data but not access it directly.
Funnily enough all the actions against Google advertising business monopoly if work out would probably make privacy on the web worse in my opinion.
I never said anything about privacy but rather about profits its in google interests to let and help you target high earning 26-36 year old using it ad tech rather than telling you who those 26-36 year high earners are. So your data not privacy is more important to them to keep from everyone else directly but through their ad tech.
Last I checked I don't use Google for any travel so I have no reason to give it to them.
If they wanted to verify my identity then I would give my national identity card. I'd definitely trust them with my ID card more than most other companies
>Again this is no problem for a company for whom the app is their core business, but bad news for indie and hobbyist developers who just want to make something cool, put it out there, and move on to the next project.
Is it not obvious that Google does not want "indie developers who make something cool, out it out there, and move onto the next project"?
I suspect this is another symptom of a universal slow "Myspace" death of native applications. Apple's compliance rules become more and more strict, Windows flags basically every executable as virus unless you pay for the most expensive types of signatures, and now Google is requiring all kinds of documentation including phone numbers and home addresses. Are those companies not aware that they're slowly destroying their own infrastructure?
I'm planning to build a small software company but so far everyone I've asked has strongly suggested to create web applications instead. Can a solo developer publish an app for all major platforms in 2025, or is this a completely crazy idea?
Of course there are alternative methods like starting a wifi access point and having users connect to that but this makes it a lot more complicated for the end user. That results in un-happy customers and a lot of extra support costs.
I totally agree. My software is essentially a digital asset manager, though with a bit of extra functionality and project management built-in. I don't see how a web app could efficiently index millions of files on the local file system.
However, based on all the horror stories I've heard, I'm seriously thinking about re-considering my approach and settling for a different, simpler web-only product. It's frustrating to think that the majority of development time is not going to be spent on the app & cool technology but rather on bureaucracy, platform distribution,integration into app stores, and setting up cross-platform CI.
This. I built a cross platform app. You pay the yearly dev fee to apple and you can sign your apps for macos in and out of the store. MS do let you do signing for their store, but for outside distribution you need EV certs that are very expensive and a pain to manage. For a small business it's probably fine but for a solo dev it's really shit. And yeah, it flagged one version of my installer as a virus leaving me scrambling and anxious thinking my build could have been compromised and then oh no it's just based on predictive ml and it's actually fine.
DUNS numbers are free, anyone charging for lookup is not DnB but a 3rd party trying to bank from it.
> If your organization does not yet have a DUNS number, or no one knows it, visit the Dun & Bradstreet (D&B)
website or call 1-866-705-5711 to register or search for a DUNS number. Registering for a DUNS number is free
of charge, so if you encounter any organizations or websites soliciting a fee to acquire a DUNS number it is likely
a scam or fraudulent.
Yes, I signed up for DUNS as I was creating a developer account for Apple. If I remember correctly, a year ago it did not cost anything when going through apple systems. And I think it was before the step where you have to pay the Apple developer fee.
Last I looked into publishing on App/Play Stores, the thing scarring me away most was some verbose declaration on exporting encryption from US etc. Couldn't wrap my head around it.
Mine as well. Sucks that I just went through the required updating of the build (minimum sdk) of my only app on there, a 2016 Java string art app below 2MB with no data collection, advertising or monetization whatsoever.
Now they want to publish my full address too, because they believe I make money off of it, and I can't contest this in any way. Fine. I'll let them delete my account and I'll open source that app and put it on F-Droid then.
The requirement to publish phone/email suck but can be worked around with something like Google Voice and any free or very cheap email provider.
The more galling aspect is the home address. I just went through this as well and I don’t at all like my home address being available on the Play Store for my apps. Especially since my apps are local (specific to events in my city).
Very much a tangent, but is it still impossible to build apps for android using 100% open source tools?
I haven't jumped on the android bandwagon, but I've been thinking about developing an android app and host it on f-droid provided that I am not forced to use proprietary/NDA crap.
I mean, nothing in particular is stopping you. the IDE is the obvious bottleneck but someone this adamant can make VS code work.
Everything else is trivial. Fork AOSP for an environment to test in, find a non-Oracle Java to build the app for (if that fails, the NDK in c++ will work, but complicate matters), figure out the buildchain to produce your APK, and upload to a store like F-Droid.
Your limitations will come based on potential phone features you require. I imagine camera access or permissions may hit a few pitfalls, and I'm unsure in 2025 how easy those are to overcome (they were nearly impossible the last time I professionally developed in 2013). But Google open sources more than you'd think, so you have a lot of tools at your disposal.
-------
Now, is it practical? No, not really. You're playing on hard mode and will probably fall into a lot of non/underdocumented behavior. You're gonna be a trailblazer for all sorts of issues only the largest, most ambitious companies run into (and probably fix inhouse, so good luck researching others' solutions). Monetization opportunities will be shot, and any attempts to expand platforms will have you hit brick walls as Windows/Apple OS's require non-FOSS apis.
You would only be doing this either for a hell of an impressive portfolio piece, or for ideaological reasons. Otherwise you're shooting yourself in the foot.
Removing apps pegged to an old API version as opposed to only apps that use a no-longer-supported API call needlessly removes useful apps that don't need regular maintenance and updates.
It's a feature, not a bug. Of course Google would rather partner with five companies bringing a billion dollars than a billion indie developers bringing five dollars. From business perspective, there's no need to host all these indie apps when 99% of your users only download TikTok and Facebook. Sure, the 1% of users will get mad, but these people actually cost Google more money than they bring in, so having them mad and potentially leave the platform is a good thing.
wasn't there also something about very strict requirement with regard to having an app (that is applying for being listed in gps) being tested by a dozen or so people over something like 3 weeks?
I am the creator of a photo editor www.photopea.com, used by around 1 million people every day (of which 300,000 use Android, 150,000 use iOS). After reading this article, I am so happy that I never spent a single hour trying to publish my tool at the "mobile stores" :D
Amazing tool, use it every week! Buuuut reading the main article it just sounds like the autor didn't want to take responsibility for their games. Like it's even required by law to provide your address, email and so on in Germany if you only own a website. Continuing, it's to me very obvious to target the latest Android releases. I don't see the issue this person has.
many obvious reasons (I'm in the US and the last thing I want to provide to the world is my phone number for MORE stupid spam. My address is absolutely out of the question, not in these times. It sounds alarmist until you get physical death threats from people that may or may not have to even do with your app).
But for reference, this author is in the Neverlands and things that seem trivial for US businesses are apparently more involved over there. These small 30 euro costs aren't worth it to update some 10 year old app you'd only update if you just needed some trivial migration updates.
Can't thank you enough for photopea. Very good (and impressive) job that you've done with it! It's very useful as a frontend developer that wants to quickly edit an image!
Just a quick thank you for making and running photopea. Back when ChromeOS didn't run anything but web apps, Photopea was a godsend. I haven't used or thought about it since but I'll check it out again if the need ever arises.
TLDR: I nag a lot, the rules change so I don't want to play any more. Why does bureaucracy happen?
I don't know where the writer writes from (don't care to look it up). From experience, in the UK there are companies were you can outsource (at little cost) most of your admin stuff, and/or you can also mark them as the 'HQ' of your company, using their address instead of yours. I will go ahead and assume that everywhere in the civilized world similar companies exist. Also "is only right morally, but not legally" is very BS. These are the rules, take them or leave them. You can escalate, but not break them, otherwise if YOU pick which rules YOU want to break, then I will pick the rules that I want to break, and then it goes only downhill.
DUNS: I remember when I created an app for Apple Store, they were requesting the same. I did it. It took me 10mins, nothing to see here, move on.
For reference, I had my own Ltd in the UK, I was contracting and was using the same Ltd for my app, so I've actually done this.
Doing business has costs. If the writer doesn't want the costs of doing business, perhaps he/she is in the wrong business (?). But "screw the rules" is not cool.
> I don't know where the writer writes from (don't care to look it up).
didn't care to read the article either but provided a dismissive TLDR. The article mentions they are from the Netherlands.
>in the UK there are companies were you can outsource (at little cost) most of your admin stuff, and/or you can also mark them as the 'HQ' of your company, using their address instead of yours.
for a minimimal update on an app you finished 11 years ago that probbably isn't making money? No thanks. I think it's important to remember that this isn't some active business, but a hobbyist that made something at a completely different phase of life.
>DUNS: I remember when I created an app for Apple Store, they were requesting the same. I did it. It took me 10mins, nothing to see here, move on.
Also in the article. Feel free to correct me since you're closer, but apparerntly the Netherlands needs to pay to find the DUNS number that was already registered to the CoC.
>Doing business has costs.\
They aren't a business past adding migration updates to an old app. Yes, it is a big deal to give a private middleman your passport and let them post your address/phone number to the world. It's absurd to get on a high horse to a single dev, especially in a community that I thought valued privacy.
I have a larger question. I know there is no answer now but i'll leave it here for posterity.
Everyone seems to have a love/hate relationship with app/play stores and these stores have a stranglehold on developers. "This is our new policy. Accept it or we'll kick you out."
The TOS we enter into with app/play store is fully in their favor with no rights to the developers.
For android, worstcase, i can have people download the apk from my website. For iphone there's no way around.
That's something I just can't understand. If the old API is insecure or whatever, then surely the OS can put some sort of a secure emulator sandbox around old apps. You can run 35 years old NES games but not a 5 years old app? This doesn't make sense.
I never particularly liked Microsoft but userspace compatibility is something they got right and Google got wrong.