The escape hatch is to use the FDroid version rather than the Play Store version.
Get outta here.
As long as Google doesn't remove the ability to sideload apps, Android users are fine.
Not really in the EU? https://support.apple.com/en-us/118110
And distributing apps like that requires paying an annual per-install fee:
https://developer.apple.com/support/core-technology-fee/
So yes, IOS apps in the EU require both Apple review and a recurring per-install fee.
> The DMA requires that app developers should be able to inform customers of alternative purchasing options outside of the App Store, and direct customers to those alternative payment options, free of charge. Apple’s rules currently do not allow for this …
(plus: criminal contempt referrals for "willfully" violating court order to stop doing that in the US too and lying to the judge and trying to cover it up!)
> Separately, the commission has taken a preliminary view that Apple has not complied with its obligation to allow for the distribution of apps outside of the App Store, i.e. its support for third-party app marketplaces in the European Union is not good enough. The commission says developers are disincentivized from doing so due to the required agreement of alternative business terms, which includes the Core Technology Fee. It also says Apple has purposely made the process of using alternative app marketplaces too difficult and burdensome on end users.
https://9to5mac.com/2025/04/23/apple-fined-500-million-euros...
b) Apple is charging a fee for their SDKs similar to Unreal Engine, Square, Mapbox, Microsoft etc. Has been the standard in the industry since forever.
Apple is using all power-plays to keep their market controlled firmly by them, and EU doesn't like it.
Having to pay 99$ per year to develop apps for your own devices that you've already purchased is also outrageous.
I get that Apple is doing a good job keeping app-store safe for it's users, but it doesn't make up being so actively hostile to user freedom.
"sounds outrageous" is a pretty weak justification for regulator action. Paying for a browser probably sounds equally as outrageous, but with the way anti-trust is going with Chrome/Google, that seems like a very real possibility. Moreover, why should the government should be in the basis of regulating business models? If Apple wants to charge for access to its SDKs, and it pays the price through less apps for its users, so be it.
File managers Backup and restore apps Anti-virus apps Document management apps On-device file search Disk and file encryption Device-to-device data migration
This Nextcloud app seems to be an app that mirrors your Nextcloud storage to your device, and I cannot understand why it would need all access to any other data stored on the external device -- with the enormous risk that entails -- much less that can't be selectively picked by the user. It isn't a file manager, it isn't a backup utility, it's a cloud provider with local mirroring. I get why Google told them to do things otherwise.
Another comment mentions this is "bad faith" security and that's just overly cynical. Android and iOS both suffered from basically trusting app developers, and both were burned for it. Hardening down and making apps only request precisely what they actually need seems to be a massive user positive.
[1] - https://developer.android.com/training/data-storage/manage-a... - the exclusions can be found at the bottom.
> what they actually need seems to be a massive user positive
So positive for the user that they filed a bug report about it?
>I suspect people want their entire photo folders mirrored into Nextcloud from the device
That isn't remotely the contention, nor do photos even qualify for this as they use a different API. Further, the reason this company gives for refusing to use the obviously more suitable structured storage API is that they don't want their files -- presumably mirrored from the cloud storage -- visible to other apps. Their complaint is technical nonsense and doesn't pass an ounce of scrutiny.
The argument by this company is nonsensical, and their argument seems to be "we did it this way before and we don't want to change". Firstly they can have their own app storage without granting access to any other app, and they can go through a system UI process to get access to additional folders (for instance "I want to back up my WhatsApp folder to this cloud provider"). They argue against the latter because they seem to think it somehow reveals the former, but that isn't the case whatsoever.
[1] - Well it's a bug in the Nextcloud product where they seem to just ignore that the instance lacks a permission
I think they're trying to keep their story simple, for the sake of clarity. I believe the nextcloud team when they say they need the permission.
Part of the issue is that nextcloud has many use cases, including ones where your files don't get synced to your mobile device until you touch the file, replacing them with a reference to a file. It's cool cause you can access and manage a tb of pictures or documents from a 64gb android.
I don't (and I do use NC). The sentence "SAF cannot be used, as it is for sharing/exposing our files to other apps" is simply wrong and llm_nerd is right that SAF should be able to handle that use case,see
https://developer.android.com/training/data-storage/shared/d...
There are some restrictions regarding which directories you can access, but for most use-cases it should be perfectly fine. It's also not that this should come as a surprise to them. In fact, there's an issue about this from the NC team themselves from August '22:
https://github.com/nextcloud/android/issues/10123
Why they still think SAF cannot be used is a mystery to me.
Even if that interface is insecure and harmful to users ?
As an industry we've learnt a lot about how apps siphon and sell your data. And I appreciate this probably doesn't apply to NextCloud but it can be difficult to build an API that is flexible and secure so you will get casualties.
So a backup app should add support for every Android application that the user is likely to back up?
Exactly. Many people use Nextcloud's auto-upload to backup important data from their phone. In addition to photos, I use it to backup FreeOTP and WhatsApp, for instance. This does not work with the version from Google Play, see
https://github.com/nextcloud/android/issues/14334
EDIT: After some research, I think even that use case should be possible with SAF, you just need to move your backups to external storage that you can access via SAF.
it stopped working well or at all over the last 2 years or so. I think if a simple "allow access to the photo folder" would have fixed it they out have used it. maybe it doesn't get the events when a photo is made?
Then request access to their media folder. You don't need full disk access.
>it makes sense to let the users give it access to all the files on the phone
It doesn't even pretend to be a backup app, and further the permission we're talking about is limited to external storage (though that is a nebulous term on many Android devices where internal storage is split-brained on being internal and partly external).
Further saying "let the user decide" works great in theory and with a considered, rational userbase. In reality it means that everyone just says sure to everything, and soon all of the user's data is exfiltrated and everyone is whining that Google/Apple/et al should have forseen this.
I see your point, but why isn't this the case for document management apps? Also, Nextcloud can be extended with plugins, some of them falling in the document management category.
> Further saying "let the user decide" works great in theory and with a considered, rational userbase.
Nextcloud is mostly used by people that like to self-host their services, so in this case we fall into the rational userbase category.
https://play.google.com/store/apps/details?id=com.simplemobi... or on github.
What they do after opening the files is very different, and irrelevant. FWIW I use both Nextcloud and that gallery app.
https://www.androidauthority.com/simple-mobile-tools-acquisi...
Use the Fossify fork instead:
https://play.google.com/store/apps/details?id=org.fossify.ga...
I'm sure they would happily allow you to select the folders you want to give permissions to, but I think that's not possible anymore.
So if you want to sync a local data folder that stores, for example, the tracks you record with your GPS, you cannot do it without full access unless your GPS app allows you to select a shared folder to store its data.
0: https://developer.android.com/about/versions/11/privacy/storage
1: https://www.theregister.com/2025/05/13/nextcloud_play_store_complaint/
You can select any file you could before on shared external storage. You can't select private app directories which were always off limits from other apps just like on iOS.
---
[0] On Android 11 (API level 30) and higher, you cannot use the ACTION_OPEN_DOCUMENT_TREE intent action to request access to the following directories:
- The root directory of the internal storage volume.
- The root directory of each SD card volume that the device manufacturer considers to be reliable, regardless of whether the card is emulated or removable. A reliable volume is one that an app can successfully access most of the time.
- The Download directory.
Furthermore, on Android 11 (API level 30) and higher, you cannot use the ACTION_OPEN_DOCUMENT_TREE intent action to request that the user select individual files from the following directories:
- The Android/data/ directory and all subdirectories.
- The Android/obb/ directory and all subdirectories.
[1] On Android 11 (API level 30) and higher, you cannot use the ACTION_OPEN_DOCUMENT intent action to request that the user select individual files from the following directories:
- The Android/data/ directory and all subdirectories.
- The Android/obb/ directory and all subdirectories.
0: https://developer.android.com/training/data-storage/shared/documents-files#document-tree-access-restrictions
1: https://developer.android.com/training/data-storage/shared/documents-files#document-access-restrictions
edit: fixed readability and a link
It is correct that you cannot access private app folders, meaning stuff like /data/data, /Android/data, /Android/obb. But this is nothing new and you basically need a rooted device to access them. You can however access anything on external storage, which is typically where apps would store data you would want to sync and which would cover by far most use cases from users. At the moment, users are mostly complaining that only media files are synced, but not documents. SAF would solve this.
> I'm sure they would happily allow you to select the folders you want to give permissions to, but I think that's not possible anymore.
That is absolutely possible:
https://developer.android.com/training/data-storage/shared/d...
So, following a bit the example I was giving, if you want to sync data from another app to backup it (or whatever), and that App stores its data in the default data folder assigned by Android, since Android 11 it's going to be very difficult to do it.
I used to sync some of those folders with Syncthing in Android, and since Android 11 things have gotten complicated (meaning, you need 'all files' access, and even then, some things might not be accessible). [0]
0: https://forum.syncthing.net/t/android-11-and-syncthing-what-can-be-synchronised/17100/2The new API does not work with Linux open(). Some projects (like Syncthing) don't want to put in the work to switch to the new API.
I hope that clears things up.
SAF provides both provider and consumer APIs, and from the language NextCloud uses, I get the feeling they might've missed the consumer API here. Had NextCloud said "we want the user to be able to select the Download folder and certain external media directories" then I would've thought the restrictions are the main problem, but that doesn't seem to be the case here.
I went through the same with Syncthing, and now I install it from out of Google Play, where it doesn't need Google approval to do the All Files Permission API call.
I understand why the API changes and the hardening of the Android system, but it's also true you're locked out from certain folders even when on developer mode and it feels weird.
Meanwhile google drive gets to be installed as a system app
Right, so you don't know the app. What about getting informed first?
I use Nextcloud to backup files to the cloud. I want it to access my files.
Perhaps you should get informed as well.
In the end this is again app developers refusing to do the work to protect privacy and trying to push through the laziest most privacy voilating solution because it's less work.
What did I say that was wrong? The comment I was answering to - that I assume you read - says: "This Nextcloud app seems to be [...] It isn't a file manager, it isn't a backup utility, it's a cloud provider with local mirroring."
Which is wrong, isn't it?
So let me ask you, how does this:
> Hardening down and making apps only request precisely what they actually need
Relate to Google Play Services? It seems to relate only to third party apps, doesn't it?
And perhaps using GrapheneOS while at it.
It could change in future devices, but currently there's not much stopping you from doing whatever you want with your Pixel's software.
File sync tools need to go through scoped storage where you as a user select directories which they sync and then they can read them at will as well.
Almost no apps need this permission, so being skeptical makes a lot of sense. File managers and other such apps are routinely permitted to use this permission, so it's not like Google is locking out utility apps or anything.
The current state of Google Play is the result of years of Google being too permissive by default and trying to patch things later while desperately trying to remain backwards compatible. Give advertisers a finger and they take the whole hand. Your average Android phone's internal storage used to be full of dotfiles, hidden directories, not-so-hidden directories, all full of identifiers and cross-identifiers to break the cross-app tracking boundary enforced by the normal API.
As far as I know, Google has made an API available for picking a directory to sync with. I'm not sure why NextCloud needs to see every file on my SD card when it can ask for folders to sync into and can use a normal file picker to upload new files without going through a file manager, but there's probably a feature somewhere hidden in their app that necessitates this permission.
The policy itself makes a lot of sense and I'd argue is beneficial for Google Play's user base. NextCloud's problem seems to be that Google isn't letting a human with common sense review their upload. Because of Google being Google, outcry is the only way to get attention from an actual human being when it comes to app stores (Apple has had very similar issues, though they claim their reviews are all done by humans).
EDIT: NextCloud states "SAF cannot be used, as it is for sharing/exposing our files to other apps, so the reviewer clearly misunderstood our app workflow." as a reason for not being able to use the better APIs, but I'm not sure if that's true. SAF has a dedicated API for maintaining access to a folder (https://developer.android.com/training/data-storage/shared/d...). I think NextCloud misinterpreted Google here.
https://f-droid.org/en/packages/com.github.catfriend1.syncth...
A lot of us actually want to run apps with full access to our system. The kind of access your own backend has with features like cloud backup.
Syncthing already abandoned their Android app because of this nonsense (as jfim pointed out: https://github.com/syncthing/syncthing-android/issues/2064)
And you can do some things with a phone, e.g. hard reset it if it's really broken. What do you want to be able to do with a phone to fix it that you can't do today?
The problem is casual users aren't interested in learning about this shit so they can make informed choices. They just click through and give apps access to the entire device without thinking or reading, and then bitch at Google when their data is breached. Google doesn't want to deal with that so they lock everything down.
I dunno isn't this why Android users root their phones?
No, because it would be like using dynamite to drill a small hole in the wall - effectively destroying the platform's entire security model as well as locking yourself out of vital apps (finance/banking), and many non-vital apps that pretend they need the same level of security and refuse to work on rooted devices.
edit: s/it/the radio
That's a good point. And for non-casual users there is F-droid. It sucks for app developers who lose a giant audience for sure. But maybe in the long run it's good that power users have a place to go?
If you allow that, the app works like the way the person you're replying to wants. If you deny that, the application works the way you want.
If one company have it, the other can implement it, too. There's no shame in copying a good feature, is it?
Just checked with Dropbox, and yep, that's how it works. Files can access Dropbox transparently, and Dropbox can access any files which can be seen by the Files app.
So an equivalent is present in iOS.
Google made it so painful and unreasonably expensive to get that access, they gave up. Now it's a Windows, Mac and iOS exclusive, no Android app anymore, despite it existing and having for over a decade been fully functional.
Spotify did this all the time where they would complain about Apple not allowing them access to some private API and then when they did didn't even bother to use it.
Do you really think it seems unfair that a file sync app would want to access files?
My exact same experience. We had two very simillar apps for a brief time, the old version that interfaces to the old hardware, for old phones, and the new version which was basically redesigned from scratch but kept the same UI. We wanted at least to have a fallback version in case users had any issue, for whatever reason.
From the top of my head, i can name at least a dozen apps that i use daily that have multiple versions of them on the store, for the same reason we did.
However, we received a complaint from google, which froze both our apps, because apparently you can't make one app that looks too simillar to another one.
First, it's our APP. We are not trying to copy anyone (the chief reason for this rule, you don't want fake malicious clones of apps) Second, it's only the first page that looks the same (a video was provided showing the differences once you connected to a companion device. Also ALL our apps have the same first page) Third, what about all the free/pro app pairs you can find? Not every developer chose to follow the in-app-purchase route for unlocking features.
For at least two weeks i kept receiving copypasted responses. All the same wording, all copypasting pieces of the guidelines which can be interpreted in many different ways. After two weeks, they either escalated to a human being, or to a less useless one and we started chatting. We could convince them to at least unlock one of the Apps while deciding what to do with the other one.
Re: second point, they were immovable. Re: third point, when i was asking why the other developer's apps are still there, and what could i do to make the same, the answer was invariably the same: "I can't comment for the other apps, but if you think they violate the guidelines you can report them", so the exact opposite of what i was asking. Which is proof enough to me: they don't stop anything unless reported, and we had a third party attack us with a swarm of fake reports on behalf of a competitor, which already happened in the past. Human beings - or at least with a functioning brain - are not working at google's developer support.
In the meantime we had to distribute the APK, which is not great the moment you need to update.
Apple gave zero fuss, we have had both versions on the store since day one.
They just didn't put in the work in 10 years despite repeated deprecation warnings.
This seems modus operandi from many OSS developers (syncthing is the other one that had the exact same issue) - ignore warnings, ignore migration guides, ignore API changes and then scream their heads off 6 YEARS later about how evil people are that they don't get unfettered access to users data anymore. And conveniently ignore that the migration path was available for longer than their product exists.
The devs in the comments of that video do have some valid complaints about the added complexity of not being able to use the standard Java filesystem APIs anymore with the new permissions model, but still, it has been 6 years.
As opposed to on the Apple side...
edit: next cloud is available from the app store, soooo, have fun on the otherside. And from the author:
> Apple gave zero fuss, we have had both versions on the store since day one.
Especially since i was a pCloud user but Apple in their infinite wisdom deprecated the extension they were using to offer a 'virtual drive' for syncing. On desktop.
Android supports scoped storage which is fine for Nextcloud and requires NO extra permissions. It gives control to user because user then selects which directories they want to give Nextcloud to.
Nextcloud just needs to put in the work to support it properly instead of just demanding full unfettered disk access to all photos and app data with no user control over it.
> Google allows Android apps to just demand access to all private photos
Your own words betray that you are probably confused about what the problem actually is. From my perspective, I think people generally want the same thing on both platforms: the user be in charge of which files the OS gives access to applications.
mritzmann•5h ago
> Other apps were not allowed to use this permission at all, once it was introduced in 2022. I could convince them back then, that we need this. But nowadays they are more strict on it and thus we needed to remove this permission. Thus is, why it feels now like a regression / problem in UX, while it was only an exception that they allowed it for ~2 years.
https://github.com/nextcloud/android/issues/14135#issuecomme...