Sounds like it was a purge of zero value apps. Why was Google allowing these legions of unusable and/or garbage apps in their store in the first place? Someone padding their numbers?
Just like we want people to create trash blogs and trash websites so they can learn or just express themselves.
Having 3rd world devs making more todo apps is not optimal but they should be able to do that and publish them.
Preventing all of that also prevents good small time community apps because suddenly you have to pay money and can’t just do nice app for local communities.
That's a moot point, though, since you don't need Google's app store to publish apps. You can just send whatever random APK you throw together to your friend, post them on your web site, etc. There's no reason to turn the Play Store into a dumpster.
If anything the fact that you can sideload on Android and install alternative stores means the Play Store should be at least as selective as Apple's store, if not more so, since failure to meet that store's standards doesn't mean the app can't be distributed elsewhere.
Especially when you consider the hassle for the average user of going into Chrome, downloading your APK, accepting the big scary messages that "the application comes from an untrusted source" and "sideloading applications can be dangerous" and then installing it. People barely even like going into Google Play to download stuff.
If your app is so low effort that even the off brand app stores don't want to host it, I'm going to guess that you're probably also not overly concerned about sending your users automatic updates anyway.
> People barely even like going into Google Play to download stuff.
This might have something to do with the lack of curation, though. Hence, losing a bunch of apps is actually beneficial to the ecosystem. As that snippet was pointing out, lots of these apps were just basic wrappers for text/pdf, which is is what the web and/or built-in media viewer apps are for.
“On August 31, we’ll start rolling out these requirements for anyone creating new Play Console developer accounts. In October, we’ll share more information with existing developers about how to update and verify existing accounts.”
Source: happened to me and all of my apps despite them being Free Software and offline-only. Here's one of the emails they sent me about it: https://i.imgur.com/dVzQj2p.jpeg
Notice how they open with “Hi Developers at [my first and last name]” – developers, plural, and “at” like they only expect me to be a company and not a single person.
For both Apple and Google it's one of those processes where the support doesn't even really seem to understand how it works (they probably don't know what automated emails are being sent, and what the dev side looks like). They would randomly close cases for "no response" immediately after they replied, ask us to upload something despite their being no way to upload it, tell us to ignore the "your account will be closed email" because it actually won't be (wrong again), etc.
DUNS own lookup page doesn't even let you look up by DUNS number (so we could figure out what company some ancient number was associated with). I bet it's because you have to pay for one of their "solutions" to do this.
When I requested what documents they might think a defunct LLC was creating that would prove it was defunct, they didn't have an answer. Same as others we ended up just making a new fucking developer account.
Hell of a first project as a team lead.
They would have gone down quickly if they hadn't "borrowed" Overture's business model of paid ads.
They have no culture of valuing the customers, or (like Amazon) obsessing about what they need.
Apple is at least slightly different: hardware customers and high-value employees are treated okay from what I hear, but devs are left alone.
Indie developers bring both Apple and Google a lot of revenue indirectly, but they don't really have much of a lobby (maybe they should unionize/hire a lobby firm together).
And when companies say they use FTP to exchange data, they don't tend to mean SFTP. They really do mean FTP.
I first encountered Electronic Data Interchange in the early 90's. The small shop I worked for at the time had no idea and just wanted to make the parts they quoted and send them when done.
The EDI request came in a box, with external modem, a paper with phone number and directions and then a smaller box with PROGRESS database software for MSDOS in side and a handful of disks containing the EDI system.
Good lord that was painful! I just plowed through it and all that pain completed a check box at Honeywell, who then sent us jobs electronically!
Yes, via FTP.
The CAD they were sending was Computer Vision and it was a full on solid model representation! At the time we were running CAD from the early enlightenment, CADKEY 3.5 for MSDOS!
Our best micro computer lacked the storage to handle the uncompressed file, which arrived on another handful of floppies that formed a multi part. Zip file, which uncompressed totaled about 40 megabytes and change! Entire systems only had 20!
The CAD system failed to translate the data too. 16bit pointers lacked the range needed. They had me fetch a patch a day or two later and it took a few hours to do.
300 kilobytes of wireframe CAD, and the parts we made were basically 5 percent of that data!
Crazy times!
FTP can be as secure as any other protocol. Enabling encryption on the server side is generally as simple as installing a certificate and turning on an option. And most FTP clients will default to using encryption if it is available; for the clients that don’t do that, it’s just another server option to require clients to use encryption.
> And when companies say they use FTP to exchange data, they don't tend to mean SFTP. They really do mean FTP.
Because SFTP is a different and entirely unrelated protocol. The encrypted version of FTP is sometimes known as FTPS, but it’s really just a variant of FTP. So it would be inaccurate to call it SFTP, but referring to it as simply FTP doesn’t imply a lack of security.
The AUTH command is generally sent before encryption of the connection is made.
Its also vulnerable to a huge swathe of timing and weak hash attacks.
But... When I said FTP, I meant FTP. I meant neither SFTP nor FTPS.
So…? What is the danger of negotiating an encryption protocol over plaintext? No credentials or sensitive information are sent via the AUTH command, and a server that disallows unencrypted connections will simply refuse to go any further with a client that doesn’t support encryption.
> It’s also vulnerable to a huge swathe of timing and weak hash attacks.
Gonna need a source on that. And even if such attacks potentially exist, in the use case you mentioned above I’m still not seeing how encryption combined with, for example, IP whitelisting can’t effectively be as secure as anything else you could use.
I mean, if they’re really not using encryption then yeah, that’s stupid and all bets are off. But there’s nothing inherently insecure about the FTP protocol.
These links tend to be important, and it's not uncommon to see both rented wavelengths and VPNs being used. And out of band key exchanges.
No knowledge about this specific situation however.
You cannot do business on the Internet without paying the Apple and Google toll. They control all the points of ingress and egress, and they tax everything that moves.
It'd be bad enough if they were just charging money, but they also make you jump through hoops to design software their way, do unplanned upgrades to their cadence, prevent you from deploying emergency hot patches, prevent you from updating software dynamically, prevent you from knowing your own customer, etc. etc. etc.
And they're happy to sell your competitors ads to outrank you for your own trademark.
These companies need to lose their control over this. Web distributed apps must become the norm.
You can't tell me that with sandboxing, signature scanning, and some clever heuristics, that we can't make mobile completely safe for free and open distribution.
Article 30 requires capturing and vaguely defined validation of the following information supplied by a trader (includes traders of software):
- the name, address, telephone number and email address of the trader;
- a copy of the identification document of the trader or any other electronic identification as defined by Article 3 of Regulation (EU) No 910/2014 of the European Parliament and of the Council;
- the payment account details of the trader;
- where the trader is registered in a trade register or similar public register, the trade register in which the trader is registered and its registration number or equivalent means of identification in that register;
- a self-certification by the trader committing to only offer products or services that comply with the applicable rules of Union law.
Article 31 requires at least the following trader information to be displayed to potential buyers:
- name;
- address;
- telephone number;
- email address;
- clear and unambiguous identification of the products or the services;
- information concerning the labelling and marking in compliance with rules of applicable Union law on product safety and product compliance.
[1] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...
[2] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...
A bit silly to require for private individuals, and a bit annoying to have to go back and do, but not itself a big deal.
Having to do it at all is the hoop, and more than zero hoops is too many. I got nothing out of having my apps on Google Play except the joy of sharing in what was at the time a new and exciting medium.
See Windows Phone for a great example of how it would have played out if Google hadn't successfully courted small-time devs like me and countless others. Corporate publishers would have never colonized Google Play in the first place if an audience wasn't already there. The way they addressed me makes it very clear that solo devs are no longer needed, so I will never submit to it on principle no matter how easy it's claimed to be.
Having to go through between zero (it you have needed the number before) and one free forms from a standard entity to get a widely recognized identifier used for many things is objectively not an excessive effort.
Sharing apps on app stores is a continuous commitment with various responsibilities like, such as ensuring safety of users through regular maintenance. If the idea if submitting one number is too much of a burden given the joy/finances you get out of it, then the rest of the maintenance responsibilities likely are too and maybe it's better to skip the publishing part.
Not sure what you're on about with corporate colonization. Colonizing implies forcefully taking what was rightfully someone elses. Also, in many places, making a company is just a form and standard practice even if you're just going to sell a single bogus app for 0.99 USD or whatever, so even individuals will be "corporations".
Your license text is only capable of adding supplementary rights, and you're responsible for ensuring that your source license is fully compatible with the contract at time of publishing.
If you just want to dump stuff, leave it on GitHub.
This worked alright in the 90s and to a more limited extent in the 2000s, but from the 2010s onward it’s become more and more untenable except for the most simplistic of software, especially when it comes to anything dealing with the internet or externally sourced files. Regular maintenance and updates are an unavoidable fact of life for devs.
So I’m kind of two minds here. Lower resistance/barrier to entry can be good in terms of encouraging participation, but it also inevitably means a lot more neglected projects sitting around rusting. If there’s no effort to control that, platforms can easily become filled with rusty half-functional apps. The way that Apple/Google are attempting to do this is not great however because it’s too oriented towards companies.
For sure, but it's a KYC for companies. How else would you expect B2B dealings and compliance to go through? They could do tax ids per country, but with DUNS, compared to local tax id, they get global ultimate beneficial owner as well as other insights. Getting a DUNS is free and relatively fast, unless you're in a hurry then there's a faster route that costs some relatively cheap amount. It's a common ID for global companies, especially those with international supply chains to rely on as "the id number" for companies.
I’m not a company
only if they do operate as a business through sole proprietorship, otherwise no.
Google was persistent in making sure I'm "actively" developing apps on Play.
It took over five weeks to get our ADP membership approved, and that was with internal backchannels. We had to launch without MDM, all the laptops on mostly default settings.
These companies are making so much money from ads and rentseeking and IAP cancer that they have zero incentive to do anything else well. They know they have a monopoly position, so just like the public utilities charging you an extra $2 convenience fee to pay your bill, you’ll shut up and take it, because they are the only game in town.
You know it, and they know it, and they know you know it.
At least on Android you can install f-droid. On iOS they are the only game in town. There’s fuck-all that’s “insanely great” about not being able to install the programs you want to use (such as Fortnite).
It’s pure rentseeking.
Other app stores are similar, so probably it's some dumb government regulation.
https://support.google.com/googleplay/android-developer/answ...
After I went through half of the process, they showed a "here's what your users will see on the play store listing under 'About the developer' section!" This included my full legal name, personal email address, and country, which is enough information to find my home address and other information in public registries. This app serves an online community that can be quite crazy and I was absolutely not going to doxx myself to them. I decided I had enough of Google so I gave the app away to a company
- you need a payment profile to pay the account fee + verify your identity, the last part is probably very important for anti-spam
- I can understand that legal name + country can be considered doxxing, but I think it's highly relevant information for users
Of course these requirements could be relaxed for low-risk applications (i.e. no INTERNET permission), but I think it's understandable there is so few of them nowadays that it is not a priority.
The most I’d ever wonder about is maybe their country of origin.
Yeah, they need to show your address and phone number to comply with the EU's Digital Services Act.
There's more info here (from Apple's docs, but the same applies to Google):
https://developer.apple.com/help/app-store-connect/manage-co...
Huge hurdle if you just want to build an app.
Luckily I was able to hit that number (the app is a stat tracking app for the game Destiny 2, so I was able to get beta testers via posting on a subreddit filled with Destiny 2 PvP players). But it took way longer and was way more of a burden compared to getting the same app listed on both the Apple App Store and the Microsoft Windows Store (the app is written in Kotlin/Compose Multiplatform and was relatively easy to make multiplatform).
If I didn't happen to be an Android "main" myself (creating a vested interest in wanting to make the Android version easily available) I might not have bothered with the Play Store hoops give how much of a pain in the ass it was compared to the other listings.
Even if I were OK with jumping through the current set of hurdles, the promise of a never-stopping hurdle-jumping exercise with new requirements being thrown at me every quarter is not exactly encouraging for anyone who actually has a life outside of developing their apps.
I mean, it's Android. You can publish an app yourself or through an alternative app store. Given that you have options on the platform I don't have a big problem with Google enforcing pretty stringent requirements on their own store. In fact I prefer a pretty clear dividing line between trusted apps in the Play Store and 3rd party apps at your own risk. There was so much crap in the Play Store it was often hard to tell what's a scam and what wasn't.
Uh huh, Google just blatantly requiring every app developer on the planet to register with some specific random company. Absolutely no corruption to see here, none at all.
This is the kind of shit why smartphone vendors can't be trusted with their own walled garden stores, the EU has not yet stomped them into mulch hard enough yet I see.
(“dishonest or illegal behaviour”, “the abuse of power or authority for personal gain or benefit”)
The DUNS number is the European Commission standard for business identification; the choice of D&B isn’t random, it literally came from EU requirements.
And we keep wondering about why there are so few world changing companies coming out of Europe. Maybe they could start with one that handles business identification?
This is literally the result of EU "stomping"
Suddenly there was this weird obligation to declare a company or disclose publicly info about me, so i did nothing and it expired, and they removed the app.
The android store had a whole lot of garbage in it, and a lot of it was the kind that is easy to find and remove.
Source: I pay my yearly Apple tax and I have no DUNS.
https://x.com/stacy_siz/status/1875849200291975339
https://blog.jakelee.co.uk/publishing-on-google-play-without...
> Google also just increased the target API level requirement for apps on the Google Play Store
https://tech.yahoo.com/phones/articles/google-plays-rules-ki...
We also saw established apps like iA Writer decide to get off the treadmill.
> In order to allow our users to access their Google Drive on their phones we had to rewrite privacy statements, update documents, and pass a series of security checks, all while facing a barrage of new, ever-shifting requirements.
https://ia.net/topics/our-android-app-is-frozen-in-carbonite...
Ah no, it's intentionally made for scammers to boost the Google Play users.
So it's worth to kill itself. Your dirty marketing tacticts is cheap, human become more smarter these days.
It's a particularly bad policy to launch with existing developers grandfathered out, because the policy probably looks really successful to start with due to the difference in new developer vs. old developer populations -- the entities who are right now making most of the quality apps aren't affected. What's being affected is the pipeline of new developers, but the effect of killing that pipeline won't become obvious for years.
Is there some commercial service I can just pay to do this?
There are more apps than people care about.
Nowadays I only install games, or apps for services where I can't do otherwise.
The time for "there is an app for that" is long gone, and the push for developers to artificially update their apps for whatever was presented as great Google IO innovation, or be out of the store, can only lead to outcomes like this.
I imagine that the numbers on Appstore aren't much different.
The store has flags indicating whether an app uses in-app purchases or ads, and knows the file size of apps (which is a good proxy of how much data-collecting bloatware is inside).
It doesn't let you easily see the size before installing and doesn't let you search by any of these criteria. So if you wanted to publish a high quality, free, ad-free app, you would immediately be crowded out by the apps that can spend money on ads and SEO because they're full of crap, and your potential users have no chance of finding your app.
Given how easy this would be to implement, it seems obvious that this is an intentional, user-hostile choice because Google doesn't profit off these apps.
Publishing on the Play Store for indie devs or hobby projects just doesn’t make any sense.
You need to jump though so many hoops and doxx yourself in the process, only to make basically no money with the apps, and even if you miraculously do, risk getting kicked out of their platform without any way to contact a competent human.
Even before all this, the general consensus amongst solo app devs was that “don’t waste your time with Android”, now add about a hundred hour of bureaucracy to even get started with your first app, the choice is obvious for many.
I was a long time Android user and switched to iOS because the apps there are just better, I honestly think that Google of running the Android ecosystem into the ground and only the big players will want to go though this mess.
As a Flutter developer, it makes me want to switch to other technologies, because if Android loses its appeal, Flutter, another Google product, offers basically nothing. On web, it scks, on iOS SwiftUI will always have an advantage, Android as discussed is in steady and fast decline, and who the hell needs Flutter desktop apps that have poor integration with the operating system…
Fuck them. I hope they collapse.
And I think everything should be web apps anyway (ideally PWAs), but I like that Flutter lets you produce a desktop app from your mobile app with very little effort. Even without any special "integration" with the OS, it's better than packaging a web app in Electron, right?
Also, Google support refused to tell me what set of documents they would accept. I had to figure it out myself.
The mobile OS wars are over: every company and dev that wants to do anything is locked into having to provide an Android and iOS app no matter how difficult it is, so all the incentives are for Apple / Google to insulate themselves from risk now by raising the bar on devs.
We need to start exercising the minimal rights / capabilities to ship alternative app stores on these platforms. Easier said than done.
Apple side on the other hand, good luck with that. Even in Europe they made the rules so strict the third party app store are basically dead.
I guess I could publish on fdroid but why bother? The android platform clearly doesn't care about me.
source? all I can find by googling around is about the same number of apps with a bias towards playstore.
I don't get the new D-U-N-S number requirement. Actual scammers can easily jump through the hoops. It's the small independent devs that won't bother with the bureaucracy, especially those that do it for free.
The developer experience of PlayStore is SO BAD compared to the AppStore - which isn’t even that good to start with.
It’s like all the software and websites are just made by people who don’t care at all if you use it or not.
I don't think more is necessarily better.
Who requires them to do it isn't the point, what Google decided is the formalism to meet EU requirements is the point.
Here is a european collated list of worldwide business registries. The Australian one is a gov.au. the US one is the SEC not D&B
F-droid apps are simply better these days.
Low-effort spammy apps with ads and in-app purchases are unlikely to be accepted.
Standard Android in-app purchases, efficient notifications, or ads which use Google services, won't be accepted at all, though FLOSS versions of those things are ok in principle.
From https://f-droid.org/docs/Inclusion_Policy/ :
> All applications in the repository must be Free, Libre and Open Source Software (FLOSS) – for example, released under a GPL or Apache license.
> Every effort is made to verify that this is actually the case, both by visual inspection of the source, and by building the application from the published source.
> We cannot build apps using Google’s proprietary “Play Services”.
> We cannot build apps using proprietary tracking/analytic dependencies like Crashlytics and Firebase.
> We cannot build apps using proprietary ad libraries.
> The source code for the application must be maintained in a publicly accessible Version Control System which we have support for
> The original app author has been notified (and does not oppose the inclusion).
Google play has always been totally corrupt. But it is even worse today. The amount of trash spreading through their own programs is massive and then they are banning apps that does not even claim any permissions.
As always with Google, money talks. If you are a small corp you are pretty much screwed. If you are a big client Google will call you and tell you how they fixed your issues before you even knew about them. I really hate working with Google and hope they get split up and destroyed in the anti-trust case. (Yeah, I know the corp is named Alphabet)
I haven't "browsed" the app store for a long time, I only go to find an app if I already know it exists.
No App Store is going to be 100% free of scams.
In my experience of having downloaded several hundred iOS apps over the years, it’s pretty difficult for most people to download a scam app unless a user is specifically trying to download free, fringe apps from developers you’ve never heard of.
But if you’re interested in mainstream apps that address real issues by developers who are attempting to make excellent apps that take advantage of Apple’s technology and ecosystem, the quality of iOS apps has never been better.
I just checked—the revenue of the App Store was over $100 billion dollars in FY 2024. That says to me customers are finding useful apps they’ll willing to subscribe to.
I have an autogate that can't be opened manually. It came with a remote, but only one, so we use an app to open the gate. My door has a fingerprint sensor that malfunctions when it's humid. So I need to open my front door with an app and because it's a free app, I have to watch an ad to open my front door.
It's not the same company as the one that made the door. To be fair, the door is a one time purchase and they shouldn't have to maintain it, so it's all done with a third party app. The hardware is solid, it's just the software that's a bit dodgy.
The lock can be opened with fingerprint or NFC tag, but it freezes after 3 tries. The master key is a physical key or the app. I didn't get a fingerprint door to use keys, and the keyhole is also at a weird angle from beneath the door. So the app it is.
It sounds ridiculous but I need apps for everything anyway, thanks to 2FA. I can't even log in to work without an app.
I had useful free apps deleted. They worked, now the alternatives are all ad infested slop.
I CBF jumping through their hoops, might just move them to alternative stores
1. It's disabled by default. You have to dig around in your phone's settings to enable APK installations, and APK installations through the specific app you prompted the installer from. And if the developer hasn't updated the app for recent versions of Android, Google will throw up a antivirus-esque "warning this app is unsafe blah blah" prompt.
2. You can't automatically update an app if you manually installed it through an APK. There are apps that can kind of do this (automatically download APK from source website on new release, notify user). But that's clunky and not suitable unless your audience is FOSS-land. Oh, and the user still has to manually click the install button for each app they update this way. No silent updates unless you're rooted.
This makes the distribution of apks through your own processes wholly unviable unless your app is mandatory for your users (I. E for work/school), or your user base is Android FOSS enthusiasts - who probably prefer that you use F-Droid (3rd party FOSS appstore) anyways
I work at a company that created some whitelabel apps for some popular brands and recently the apps have been taken down for "impersonation" despite the fact that we presented all the necessary paperwork mutliple times before (documents signed by the legal owners of the trademarks).
This supposed "cleanup" operation of the Play Store is just a very sloppy attempt by Google, a company that should be able to do better given the its size and resources.
fidotron•8h ago
Yep, it was probably that.
Aerroon•8h ago
It's kind of incredible how the EU makes changes like this and then politicians scratch their heads about the weakness of European tech. You would think that the politicians would give some thought to that and make it easier/cheaper to fulfill these requirements, but nope. Either pay up for a company (hundreds of euros) and an office (hundreds of euros) or just have your information publicly available.
And when that information becomes publicly available you will be inundated with spam.
On top of that some services will then take Google street view pictures of your home and link all of that information together in an easily searchable database.
leonidasv•8h ago
[0] https://developer.apple.com/help/app-store-connect/manage-co...
[1] https://www.reddit.com/r/FlutterDev/comments/1f4nmny/comment...
makeitdouble•5h ago
The actual change is not by the EU, but by Google who interprets a EU directive and decides how to apply it to its platform.
This is a big difference, in that the EU requires a verified _contact_ address for _traders_ operating on a marketplace.
From there Google deciding to blanket require onerous verification on anyone publishing any app is Google's call and they should get the blame for it.
For comparison you get a different application of the same rules on the AppStore, and none of that for F-Droid.
sib•3h ago
Before the rule was put in place by the EU, Google didn't require it; after they did. I'm sure Google didn't go through the design, development, testing, compliance and legal analysis of deploying this requirement for the fun of it.
makeitdouble•2h ago
At this point it's not that far from anthropomorphising the lawnmower.
sschueller•8h ago
cyral•8h ago
dusted•8h ago
trunch•8h ago
Would like to keep my identity separate to whatever projects I have usually, especially if they're ones that don't 100% align with the your own developer brand that employers might screen for
ragnese•8h ago
The real issue, IMO, is that it's still too hard to distribute and install applications on my general-purpose computing devices! You can't be on Google's app store if you aren't a "real business" with a physical address and everything? Fine. Let's just distribute our apps on F-Droid, or by just releasing APKs in our GitHub pages, etc.
At least that's still possible with Android. But who knows how much longer they'll even allow that?
LPisGood•7h ago
braiamp•7h ago
whimsicalism•7h ago
iAMkenough•6h ago
o11c•5h ago
makeitdouble•5h ago
Google Play (and the App store) assume by default commercial intent, and I'm sympathetic to stricter verification rules when there's money changing hands.
colechristensen•5h ago
As a customer I really want the ability to sue someone who does me wrong, call them out publicly, or at least avoid their products. In no way is it reasonable that someone should want to stay anonymous while selling me something (or profiting off of it in one way or another). I really don't see a reason to make an exception for people who have free+offline+etc apps.
You're publishing software, you need to be identifiable.
xdfgh1112•5h ago
umbra07•3h ago
"Because I want to be able to sue you" is not a particularly compelling line of reasoning for legislating incredibly invasive laws.
o11c•5h ago
tslocum•8h ago
https://rocket9labs.com/post/on-the-importance-of-f-droid/
stringtoint•8h ago
LVB•4h ago