That requires jailbreaking the device, which may or may not be possible depending on the device and the version of iOS it's running. Recently there was a bootrom exploit called checkm8 that made possible "tethered" jailbreaks to be created for a large range of devices. But even that works only till iPhone X (and not on newer devices), and the jailbreak (if/when available) would have to be done every time the device is restarted.
If you jailbreak you also usually have to run on an older iteration of the OS and have to wait before updating. It's not really a very attractive option.
Signing up as developer, paying the fee and building the app yourself is probably the better option. Even if you have to rebuild it every xx days.
Apple can still shut it down, and you can bet they will if it gets any sort of popularity.
> Testut imagines Apple could disable the ability to sync over Wi-Fi, but that would just mean plugging in your phone once a week to continue using AltStore
How about limit the number of disable WiFi syncs and force you to plug in once every 8 hours?
Actually, F-Droid is not panacea. F-Droid apps do not have access to Push notifications. Coupled with crippled background app performance in recent Android version, it extremely limits certain classes of apps, especially all messengers.
Unsurprising - Google obviously wants you to be within their walled garden. You could probably add an in-app purchase but this has been a known thing for a while now.
I agree with your sentiment in theory. Unfortunately, in practice, Google Play Store rips off my signature after I upload and sticks their own one on instead. Blah.
I'm on an unrooted phone and F-Droid doesn't do auto-updates or even "update all". I have to remember to open F-Droid once in a while to click "Update" and then "Install" for each app, one-by-one.
I understand that it's probably Google's fault for not providing APIs/permissions but it's still terrible UX. I only use F-Droid when an app isn't available on the Play Store.
fdroid periodically automatically checks and notifies of updates to apps. You can also "Update all", using the button of the same name, but you will have to press install for each, due to the way Android works, which is a bit of a pity.
F-Droid isn't a "system app" so it can't even ask for permissions. If it was added as a system app in a custom ROM, then it'd be able to use the undocumented interfaces to install apps.
For anyone else publishing mobile apps:
Neither Apple nor Google allow bypassing the store's purchase system by linking to external donation pages. No matter the app type, it will result in rejection.
I wonder what would happen if you link your your home page and you have a donation link there.
How deep does it have to be before they cut you off?
Can you link to a page that is only linking to another page where the donation happens? How much extra text would you need to "pass inspection". I find these kinds of arbitrary rules very unsettling. It's definitely time to break up the tech giants.
It is odd that they remove this though, I use at least two more open source apps that asks for a donation and will send me to their donation page if I click.
Break up the tech giants? How is that going to result in having 5 Androids and 6 iOSs? The nature of the technology and market is what drives consolidation. It's a testament to the quality of both platforms that we even have two options.
It was a generalised statement of how they now have too much power to decide what can and can not be put on our devices.
And before the "android can sideload" argument, how many normal people are going to do that with all the dark pattern warnings that google displays when you try to enable the feature.
F-Droid has a pretty strong foundation in my opinion. It just needs more resources to be able to publish app updates more quickly. It also needs a redesign, like you said, but I don't think there's a need to start from scratch
So do you mean a store run by a company that has the money and intent to promote such a store enough for everybody knows about it, e.g. Facebook, Amazon, or Microsoft?
Yes, that would be nice, but at this point it would take a few billion to replicate all the functionality - who is going to be willing to pay for that and be still tied to Google? Might as well start a brand new smartphone/OS company...
What else would you expect? Any other commercial app store - especially VC-backed - will eventually follow suit with Google's and Apple's stores in order to maximize profit over everything else. This includes denying any kinds of donation links.
It's unfortunate that the developer resubmitted the app without the donation link, open source projects having a donation link in their apps does not violate Google Play policies.
> Here are some examples of products not currently supported by Google Play In-app Billing:
> One time-payments, including peer-to-peer payments, online auctions, and donations.
It indeed is unfortunate. But what other recourse did we have? The first objective, before we even consider donations or anything, is to make our software available and functional to our users. So we had to resubmit. And it's not like the resubmission process is instantaneous; as of writing, the app still isn't back in the store.
But anyway, now what? Let's say things return to normal, but we still want to put the silly link in the app. Our appeal was rejected. We could send letters, I suppose. Perhaps this article on HN will get the attention of the right people? We could appeal the appeal, maybe. And then appeal the appeal for the appeal. At what point does this become a waste of energy that could be spent coding and improving the app in other ways? It's hard to know where to draw the line and which battles are worth fighting. I'm happy to hear folks' opinions on the matter.
I certainly agree, though, that it is unfortunate.
Donations are not supported by in-app purchases, and I'm sure this doesn't mean open source apps are not allowed to sustain themselves by showing a donation link. Or if that is Google's unwritten policy, people must make their voices heard, this abusive behavior cannot be accepted.
I would resubmit the app with the donation link and continue to document and share what happened. Please do not allow them to set a precedent with a popular project like WireGuard.
It's important to share every detail of the issue, the messages you received, your replies, and the policy links you were given about the alleged policy violations.
I think what you are proposing is to make an ideological fight out of this issue, that is exactly what the author describes as "a huge time-drain that does not make the app better" and exactly the opposite of what he meant with "choose your battles".
Let me say that I think you're morally right, but it is probably not a reasonable choice of actions for the author and the users of the app.
There is no need for an ideological fight, because there is no written Google Play policy against donation links in apps. This is most likely a mistake made by the reviewer or an automated system, and I believe they should follow up on it to sort things out.
> I believe they should follow up on it to sort things out.
reply
I'm sure you believe that.
Do you work at Google in a position to supervise app reviews? Because if you do, then you can help straighten this out.
If you don't, then it is hopeless. Technically, Google has the right to drop any app for any reason whether it is fair or not (so suing them or something isn't an option). OP already followed the ONLY channel that Google provides (an "appeal" handled, I presume, by a bot that generally issues quick, automated rejections. Sure, I wish Google had a better policy, with some sort of genuine appeal policy which included genuine human review, followed a consistent policy, and most likely had a public record of decisions... but they don't.
I wouldn't assume up front that any action is hopeless. There are many Googlers on this forum and issues like that get forwarded and discussed internally. Google has Open Source Programs Office which used to have a lot of clout inside the company, at least at the time when I worked there.
It's amusing - I feel it's almost like causing a media "storm" is part of the whole "AI powered" process they've got going on. Create Reddit/Hackernews/tech blog outrage and maybe a human might step in and reverse the decision.
You can look at r/videos and see how many examples there are, the link in [1] provides quite a few...
So hey, go get people to repost across social media, maybe get a nice trendy hashtag going like #freewireguard and maybe their "AI" (or PR department) might actually do something useful.
Because to me, I've noticed more and more companies only reverse decisions or backpeddle once there's enough shit flying at them (See Blizzard recently, for example).
I can almost guarantee you that a googler who reads hn has submitted this issue to an internal mailing list and you will get special treatment for this problem.
Or in Germany to get an emergency court order ("Einstweilige Verfügung"), dunno if the US has a similar legal venue. At least with an EV you get the immediate attention of their legal department.
The US does, but courts are reluctant to issue them in general. Since google as a fair chance of winning the courts will probably reject the immediate order, and then this drags out in court for a few expensive years before a ruling is issued that could go either way, and either way will drag through the appeals process for many more expensive years.
In England you can sue a company for failing to follow its own policies but I don't know if this is possible as a small claim. If not it's probably eye-wateringly expensive.
My app was also removed a few months ago for this. In the email they say you have to use Google Play In-app Billing, however:
> Donations to 527 designated tax exempt organizations are also permitted.
So if Wireguard becomes a proper tax exempt organisation it would be ok.
If you want donations but aren't tax exempt there is basically no way to do it. However you could easily work around it by offering something trivial like a badge (games can use IAP to purchase trivial things like hats). The downside is that Google take their 30% cut.
I was going to suggest this too. According to the Android dev site "Google Play Billing can be used to sell the following types of in-app products: One-time products: An in-app product requiring a single, non-recurring charge to the user's form of payment. Additional game levels, premium loot boxes, and media files are examples of one-time products."[0] So could you have buttons to buy a "bronze supporter badge", "silver supporter badge" etc. (trying to avoid using the word donation in case it triggers something), perhaps even enabling a "Show my supporter badges" page that shows the ones you've purchased? Kind-of unnecessary extra dev, and as you say Google will take their hefty cut, but might be better than nothing.
google gets a 30 % cut.
I wonder about the exactwording and legalese.
so if someone is financially endowed then could they make a simple game or a loot box bonus, that pays people to play it. then google would owe 30% to that player.
I too made a "fuck Google" donation to the WireGuard project today, after seeing an update and then the app disappearing entirely.
I'd love to use the F-Droid version but it's not up-to-date, and isn't published by Jason, so it's not signed by him either.
Publishing it on the website with a built in update-check might be one solution I'd be happy with, it'd only need a text file hosted on the website and a check, perhaps each time WG is activated to see if there is an update. Modern Android versions can be toggled to allow installing software from external sources, so the app could "install itself".
This is really unfortunate. If Google is ready to arm twist a popular project like Wireguard, smaller indie open source apps stand little to no chance than to bend over.
This App store gatekeeping should be illegal. Selling the hardware/OS and marketplace by the same person is more like online dictatorship at this time.
Honestly. I'm fine as long as sideloading 3rd party shops is not actively sabotaged. I tend to search stuff on fdroid first and Play store later, and that's something I just can't do on iOS.
I know this will be against deeply against HNews but I'm open to discussion.
I don't see anything wrong with this. Charging vs Donations, I don't see what the difference is. It's people paying money for good/services/software. The primary difference is the open ended pricing model.
Google, Apple put up networks and there's value in that network. Whether someone chooses to release their app for free or charge money for it, that app is dictated by the network fees. This network is extremely powerful in terms of its distribution reach. Does it warrant 30%? That's what the market is willing to put up with, but if we're debating 30% - it should be for the whole network not just because someone has an open ended pricing model.
If this app is registered as a non-profit (which it did not look like based on the website?) then I am 100% in the wrong and do believe the app should be able to operate under different pricing schemes.
At a philosophical level - what is the difference between a free-to-use app that has open ended pricing vs a FOSS with donations?
By "open ended pricing" i mean - pay what you want. This is very common in food industry, "house restaurants" if you will. I get a meal and very well can pay $0 or $1000.
Agreed, donations do not necessarily mean I receive anything in return and I purely want to support like clean water efforts in 3rd world countries, but policing the difference seems unrealistic.
But that seems like it should be a special non-profit category. I think I'm beginning to convert to a 'middle' ground that there should be a sole proprietor non-profit, but that seems insanely hard to police.
While it doesn’t touch on donations, for the “value prop” angle I strongly suggest developers read and internalize Apple’s point of view as expressed in “iOS App Store Principles and Practices”:
Also on the value prop front, worth noting a variety of digital app stores at scale have found operation costs 12% to 18% fees before the hands on “40% rejection” level of oversight that Apple is providing to end users.
In most legislations they are taxed (and deducted) very differently and must respect specific characteristics (eg donators must not receive nothing of value in exchange, must not be asked to donate a minimum amount or a repeated amount, etc)
You're stating, essentially, that anyone who wants to publish FOSS software with a donation link should be forced to go through some convoluted procedure and register as a charitable organization. (where? in the US? in their specific region? does it matter? how much time will it take for them to figure out? is this even possible in all regions? does this require ongoing effort e.g. accounting, document submission, general bureaucracy?)
This is simply not how the real world works. If it ever does, you've created a dystopia.
Google are being bureaucratic twats here. There's plainly and obviously a difference between WireGuard and the 10,000,000th iteration of some bullshit F2P casual game, and there's obviously a distinction between donations and purchases - the intent of the user, for one.
That they put prole-tier support on the case and 'accidentally or otherwise' sling the banhammer at pivotal pieces of software is their problem to figure out.
Sure, there is very little distinction. I'd argue that both are donations. Pay-as-much-as-you-want (if $0 is an allowable price) represents a donation with a slightly different funnel.
The for-profit vs non-profit distinction is immaterial to me; the distinction is between actually paying for products (e.g. buying an ingame item or support or a subscription or whatever; some sort of 'contractual' thing), and literally giving money away with no strings attached.
Google's particular funding model for their App Store is a different kettle of fish entirely - they can decide that apps beginning with the letter A pay a 90% fee and that's just how it works.
To purely play devil's advocate, there are a number of 'home restaurants' (operate out of my home) that are pay-what-you-want and operate quite profitably. I believe 100% they should be taxed (i'm totally conflating taxes and apple/google profit share but it's a form of a network fee?).
Through this discussion I do wish there was an exception for FOSS for individuals at a legal level.
I can 100% agree though that the fees which google/apple charge are extortionist.
this exactly is how the world works. if you receive money, wherever it comes from, in more and more countries it must be taxed as income. if you want it tax free, you must prove that you are eligible to do so.
the question is whether or not it is right for google to act as a gatekeeper here. i think not.
Gifts are trivially tax free in the UK excepting cases of Inheritance Tax whereby someone pretends to 'gift' an inheritance before dying instead of having it taxed normally.
It would surprise me if that were not true globally.
A donation is definitionally a gift. If it's not due to some legal wankery, rename it, doesn't matter.
as far as i know, at least in the US only donations to registered non-profits are tax free. any other donation is taxed like any other income.
if it's a one-off, sure, calling that a donation may be trivial, but if you start getting donations on a regular basis, you have to prove that they are in fact donations, and not hidden payments for a service. if it weren't so, we would not need to have entities register as non-profit.
You can't just freely receive donations and not pay any tax.
There is definitely an argument that you are donating to ensure future development of the software, essentially quid pro quo.
Edit: Wireguard literally make that case while soliciting donations
>We're extremely grateful for all donations, which enable us to continue developing WireGuard as free open source software. We are happy to receive donations from interested companies who would like to see WireGuard development continue and thrive, as well as individual donations from folks who would simply like to say "thanks".
Not for profit status is susceptible to abuse so I'm glad the process is strict. But you're proposing that app developers should be able to self-describe as charitable in order to dodge fees? And how well do you think that would work exactly?
Having a donation link in your app that is completely voluntary and confers no benefit other than fuzzy warms (and yes, indirectly, if enough donations are acquired, continued development) should not carry fees.
I don't believe that the app stores would cease to function or even suffer appreciably decreased profit by doing so. In-app purchases result in new features or items or something being unlocked.
Donations do not. They are gifts.
I disagree with the concept of fees for the Google and Apple play stores because they are monopolies within the platform entirely, but if they must exist, attempting to charge fees for donations is just bad form.
I have done open source development for well over a decade, thousands of hours, tens of thousands of lines of code, and I can tell you:
Considering the amount of donations I got, it would have been much more profitable to clean toilets, to just go begging in the streets, collect bottles from public trash cans for the deposit, or just sell my body.
In fact let's have a look how much I got during the past 12 months for 250 hours of work:
$0.
Had I been working as someone who climbs onto roofs and cleans the dirt off of them I would have gotten this much for that in this country:
$16500
And then, as a cherry on top, you now demand that a giant monopoly, which is trying very hard to soak up as much of people's data as possible - without paying them for it! - should get a cut from donations for my work which I genereally give away for free.
Now I can understand that you did not know this when you wrote down your opinion!
But given that you do now, do you understand how insulting this feels? :) It actually itched me so much that I created this account solely for the purpose of telling you, and I would be very happy if you could change your mind :)
Thanks for making an account to comment. I went to sleep (live in Singapore).
100% open source does not pay money for the vast majority of people, and thank you for your contributions to the community.
I also hope you understand that I get that FOSS donations won't make a liveable wage. At the same time, we want to be thanked for our contributions to the community - I get that.
My point is - by throwing up a donation link, we're circumventing their process. What's the difference between throwing up a donation link vs a Apple/Android pay link in app? It's the network fees. We're trying to avoid those because we feel they're unfair (which they 100% are).
If the Apple/Android pay fee was the same as the donation link, the majority of the time, we be using Apple/Android pay. Why not?
We want the benefits of the Apple/Android distribution network without paying their fees because "We belong to FOSS".
A lot of people justify Google and Apple's 30% because they provide an app store and distribution.
But Android is Android because of these apps. Without them it would be like the Windows phone which was nice but didn't get enough apps on it and so it failed.
These companies depend on our apps as much as we depend on their app store for distribution.
Fuck apple for starting this walled garden and creating a parasitic relationship rather than a symbiotic relationship.
TBH Google Maps was the killer app that smartphones needed to get off the ground. Out of 13 apps on my home screen, 7 are Google apps. Both Apple and Google did a little more than building the framework and then sitting back...
So how do you decide what a fair cut is? Over the course of a month, given all your app and system usage, and all the pieces of software you've touched or relied on, what percent of the engineer hours required for that stuff to work came from Google/Apple vs coming from third party app makers? Is that how you decide the split? Because I have a feeling the time it took to build the 15 third party apps I might touch in a month don't come close to the level of effort required to have built the system and first party apps.
> Sorry for the inconvenience. I'm sure many users are just as annoyed as I am. In the interim, luckily F-Droid has our app.[1]
Thank heavens there's an alternate way of distributing apps on Android. Say what you want about Android vs. iOS, but at least there's an alternative if you as a consumer have a beef with Google Play.
Even if the Play Store and F-Droid both disappeared, the replacement could be a community-run open directory of APKs sorted by version. At least we have options on Android.
Something like that already exists. I had to use one of these directories once to install an older release of Signal on a relative's phone (newer releases of Signal don't work on older phones, older releases of Signal aren't compatible with the current Signal server, but there's a single version in the middle which both works on older phones and is compatible with the current Signal server; unfortunately, that phone hadn't yet updated to that release before a newer release went out).
Quote: "They said it was because we're in violation of their "Payments
Policy", presumably because we have a link inside the app that opens
the user's web browser to wireguard.com/donations/"
C'mon people, is Google we talk about, you know, those who bow to might $$$ only. You should've made a donation link INSIDE google, so they can charge their 30% before you get the money, that's how you keep your app in their store </sarcasm>.
I mean you're being sarcastic but this is how basically every other app accepts payments to support the developer. There are plenty of "buy me a coffee" buttons in free apps.
I use WireGuard daily since 2017, and it's one of my most favorite computer programs in the entire world - robust, reliable, state-of-art cryptography, and seamless integration into the system.
I've never donated to WireGuard before, and I didn't think about donation (I installed WireGuard from my package manager and didn't realize a donation link exists), until now.
No one needs them for discovering new software. You go to the app store to get a specific piece of software you already know about and whose reputation you’ve already verified.
No one needs them for code signing. If you want the real firefox.apk you can download it from https://firefox.com/ and notice a lack of SSL alarms going off. What’s the code signing for — to let me know that HTTPS works?!
All I really want is an OS facility that only executes code that has been installed explicitly by me, and always in a sandbox. That’ll stop that dodgy email from executing r00t.sh via an exploit in my mail client.
App stores and code signing popups are proxies for that kind of OS facility, but I’d rather it was just part of the OS explicitly.
App stores leave me with all sorts of unwanted properties, namely Google / Apple throwing their unwanted opinion around. Search for Instagram in the iOS App Store: the top UI element is “InstaMap”, thanks Apple!
The product is built in a very controlled and secure environment at the core of a company's competency ... code-signing here stamps the product as authoritative and representing the company's efforts.
The website from which you, the customer, download the software often is built and managed under less controlled and more vulnerable circumstances, often with third party involvement. Any bad actor in a long chain of internal caretakers and potentially external hackers can replace the to-be-downloaded artifact HTTPS with malicious junk. Code-signing mitigates this.
For example, code signing can protect against an attacker that can swap the application, but not the signing certificate. It can allow retroactive disabling of a certain application by revoking the cert that signed it. In short: HTTPS ensures the integrity of the download at the time the app is downloaded, code signing at the time it runs.
As a matter of fact, APKs are signed anyway using the pubkey of their developers, the signature is embedded in the package, regardless of whether it's in the app store of not. You cannot use a package with a different signature to replace the existing one, the system will warn you about a conflict.
If someone has changed the files on the distribution servers. A Hacker News reader will have no problem recognizing it and stop installing, another one will compare the signature and keep it as evidence.
Of course, the overwhelmingly majority cannot recognize it though.
Semi off-topic, but anyway, I have an supportive argument for you: APKs are signed anyway, the signature is embedded in the package, regardless of whether it's in the app store of not, it the signature has changed, you cannot use a new version to replace the previous version without manual reinstallation, it's an effectively safeguard against phishing.
But only the readers of Hacker News can recognize it. I think it's one of the most powerful argument for a walled garden. Not that I support it, but I acknowledge it's still a powerful argument.
There's also people that don't know that they need "Firefox", they just want a browser. Or a tool to print envelopes or crop an image. So they search in the app store and they know it'll probably be okay.
If you search for this online you'd get a bunch of SEO spam sites, shady tools among other things. At least due to the developer fee and reviews there's at least some barrier of entry (Also if it's not perfect).
> App stores leave me with all sorts of unwanted properties, namely Google / Apple throwing their unwanted opinion around. Search for Instagram in the iOS App Store: the top UI element is “InstaMap”, thanks Apple!
Apple's search is notoriously bad and the perfect case to apply Hanlon's razor.
While there is generally always some small percentage of apps that don't do what they promise and slip through the review I think I can be reasonably sure that if I download something from the macOS / iOS app store it'll do what they say.
I trust it enough to believe it won't start crypto mining in the background or connect to random servers and sending the content of my computer somewhere. For the average user it's probably the better option than downloading the top Google result and just executing it.
> I trust it enough to believe it won't start crypto mining in the background or connect to random servers and sending the content of my computer somewhere.
The current migration towards more sandboxing also helps. For instance, Android has restrictions on how much an application can do in the background without showing up as a persistent notification, and xdg-app's sandboxing can restrict how much of the content of your computer an application can access without using a file open dialog.
As I said, it can happen but I'd assume it's done a lot less than on the "open" internet where there's no repercussions. At least in the App Store the developer would get thrown out, people would post it in the reviews or report to the App Store moderators.
Isn't the whole point of sandboxing and the permission systems exactly preventing phonebook and location data misuse? Especially location tracking prevention was a pretty big part of the iOS 13 announcements.
I don't understand why we keep falling back to uneducated users in this discussions. "Oh we're tech heads; we're not the standard audience..." ... maybe the standard audience should bother to learn something.
I live in a city now and no longer have my own tools/garage, but I know enough about my car to know the shop down the street was trying to screw me when they did a bait in switch, wanting to charge $950 for an alternator repair (and claimed my battery; less than a year old was bad). I called around, towed it to another shop and paid less than half of that...and the battery was perfectly fine.
I should have checked the reviews on the first shop because they were some pretty bad ones. Now I know better, but there are a ton of people who just accept it, maybe because they're car was already towed there and they simply don't know any better.
> I don't understand why we keep falling back to uneducated users in this discussions.
Because that is the majority of the users and because it's hard to find reliable information on the internet even if you're willing to do the research into this sort of thing. I'm certain there are plenty of things that you are probably not knowledgable about and don't put the time to learn about as well.
> So they search in the app store and they know it'll probably be okay.
Bad plan, both on iOS and Android. You should not be installing random apps unless you vet them first.
People keep going back to the "users are stupid" argument, but (particularly on Android) the app store does not protect users. Installing random apps or trusting the first app that shows up is a terrible thing to teach dumb users to do.
If you want to protect users to the point where they don't need to think at all, you need to be way more locked down than iOS/Android currently are -- you need Nintendo Switch levels of moderation, vetting, and sandboxing. The problem is that very few people (dumb users included) want that level of vetting for a smartphone.
> All I really want is an OS facility that only executes code that has been installed explicitly by me, and always in a sandbox.
Androids app sandbox is pretty leaky. It has a massive surface area, and the chances of finding exploits to get out of it to find root are high. Also, even from within the sandbox, there are lots of evil things you can do (for example, start on boot, and go fullscreen and use all the ram so the back and home button SystemUI process gets killed and your app is unkillable.).
The 'badness' of the android app model is a big chunk of the reason Google wants to be gatekeeper - otherwise android apps could just load and unload like webpages do. That and profit.
You say this, but rooting attempts for flagship Android phones have failed at many recent pwn2owns. The grey market price for a root exploit on flagship Android is comparable to iPhone.
The most popular third party rooting services don't seem to support past Android 8.
I wonder if part of that is that a lot of flagships seem to have unlockable boot loafers now, with a force wipe to do so. Does that have a measurable impact on the number of people trying?
It doesn't seem that way. There are still people attempting pwn2owns. The grey market value of a root exploit is still in six figures and likely higher on the black market.
>Ugh, app stores!
>No one needs them for discovering new software
I so badly wish I could agree with you :)
Sadly, observing the non-tech folks around me, some of which don't even know what an app is, and some of which think the only apps they'll ever use on their phone is the ones it came loaded with ... it's not true.
What is needed is an android app. store that is decentralized / distributed, where the "trust" of an app is a consensus-based score and that has the popularity of whatsapp.
I agree with this. What I'd ideally like is to keep the Play and Apple stores, but also make it possible and easy to use 3rd party stores - kind of how you can add alternative package repos in the Linux world. Unlikely to happen without legislation, mind.
The very same thing happened to manyverse (android ssb client) the other day. Got de-listed, resubmitted without donation page, now it's back up.
How google tries to claim any sort of support for open source is beyond me. What open source app doesn't need a donation link? Those approved and funded by google don't, okay. But other than that?
Open source app can be compiled and installed without Google play store. If you are hosting on their platform, you adhere to their rules, you are not paying monthly for your free app download bandwith and storage do you ?
Because you can't use Google's store as a sales funnel without giving them a 30% cut. It doesn't matter if you're a company taking payments or an individual accepting donations.
Not unless your entity is 503(c) tax-exempt which is explicitly allowed by Google.
These “donations” are more like tips, which are treated as taxable income.
I don’t see the problem here. The outrage in this thread seems more about people wanting a different set of rules for OSS and possibly avoiding income tax than anything else. If there are a different set of rules for OSS, then that just makes it easier to abuse the platform. Google’s policy seems fair to me.
Hmm, yeah, I guess that if we want patronage to become a viable economic model, then it will have to be taxed at some point... Since I mostly give to (AFAIK) tax-exempt entities, I didn't think of this...
But neither seems to have Google ! While the global license/patronage debates are already a decade old, and we have seen new companies get started and even established in this sector (Patreon).
For instance this "donations" page only seems to cover non-profits ?
https://www.google.com/nonprofits/offerings/google-donation-...
The strangest fact is, those donation pages only have some links, there is no in-app payment. I don't understand what Google is thinking about when they banned donations...
Wait. I suddenly understand something I've seen previously...
There is a workaround! You simply upload two versions of the app, the free edition and the supporter edition. The support's edition is a paid app. You can ask the users who want to support you to install the paid app in your free app. The program itself is still 100% free and open source, there is no functionality restrictions in the free app, the donation notice can be turned off - just as a way to encourage donations. And it's nothing against the rules of the store.
Yes. This is what I suspect. But knocking out all donations using a big ban hammer is not acceptable here, it should be decided on a case-by-case basis. For example, a standard I can think of, is distinguishing donations and payments that influence the functionality of the application/service, and those that have no effect.
> But knocking out all donations using a big ban hammer is not acceptable here
To be fair they didn't. You can accept donations if you're an actual charity (like Wikipedia is). The line they drew isn't perfectly fair, no, but it's not a full ban hammer, either.
I thought this was a Apple only thing and Google doesn't do this. For example, you cannot buy Audible books frim iOS apuo but can from the Android app.
You can, but I don't think you're supposed to direct your users to put their credit card info in, that all needs to be handled somewhere outside the app (with a message like please sign in on our website). Which seems very blatantly anticompetitive to me.
Now that I think of it, Uber has you put your credit card in. I'm not sure why that's allowed
It's allowed because Play Store in-app billing is only required for digital goods & services fulfilled by the app, not physical goods & services fulfilled outside your device. Uber isn't selling you app functionality, they're selling you the physical service of transportation, so they're exempt.
Quote from policy [1]:
Developers offering products within another category of app downloaded on Google Play must use Google Play In-app Billing as the method of payment, except for the following cases:
- Payment is solely for physical products
- Payment is for digital content that may be consumed outside of the app itself (e.g. songs that can be played on other music players).
Oh, what if the donation link added you to a list of contributors to the website. Seems like that would be "digital content that may be consumed outside of the app itself" which might be a workaround. Google might ban it anyway of course
I am sort of annoyed the other replier didn't see the sarcasm here, so I'm going to point it out, and note that it's funny -- seeing the motivation behind a behavior doesn't automatically invalidate it.
It's arguable since it's "donation" so one may expect to get the full donation instead of 30% cut by google but one may argue what exactly is (or isn't) a donation.
I’m not sure why you’d expect to not pay a fee. Google’s expenses are the same for apps that take a charge as those that take a donation. Credit card processors charge the same fees on donations.
A donation doesn’t magically make everyone else work for free.
> Credit card processors charge the same fees on donations.
Yes, they charge 1/10 of what Google charges. The 30% has nothing to do with how much it cost them to run the service, so let's not pretend that they _have_ to charge them.
(I'm not saying they should offer cheap/free donations, I just don't think it's fair to talk about how much it costs them to run the service given that that's clearly not the driving factor)
Oruxmaps even had a donate version that went through proper Google channels when the free version was forcibly removed either for a donation link in the app that was incompletely removed from the Play store build variant or because of a donation link on the product website. It never came back, now the paid version on Play is effectively a billboard "you could save those dollars by going over to F-Droid where we are payment optional".
I just wish F-Droid had a better design but I guess that's just the nature of OSS. It always looked a bit shady and out-of-date, which probably hurts it's popularity.
Someone started a G-Droid project[1] with the goal of being a better local client for F-Droid. It's not a full replacement yet, but has many additional features and a better UI. Hope it takes off and perhaps gets integrated into the main client some day.
As far as moneitisation is concerned it really feels as though Google want you displaying their ads or have you funnel your users through their checkout process. Anything else seems to result in apps getting flagged for violating policies around payments or deceptive advertising.
A general comment: the need of the hour is to educate the billions of 'ordinary' computer users about the basics of software, privacy, security and trust. We must not fall into the narrative being parroted around off-late that considers end-users as pretty much dumb content consumers who should not be expected to ever know even the minimum about the underlying tech and therefore every decision needs to be made for them by a small minority of corporations, govts, and the tech elite acting as gatekeepers and overseers. This is a dangerous road to go down unwittingly. Too much de facto power is concentrated in the hands of the few while the rest are gradually trained into normalise being helplessly manipulated and told to defer to authority.
> that considers end-users as pretty much dumb content consumers who should not be expected to ever know even the minimum about the underlying tech and therefore every decision needs to be made for them by a small minority of corporations, govts, and the tech elite acting as gatekeepers and overseers.
That's what we do in every other domains, what's the difference here ?
Yes, we, as tech workers. Most people aren't "us".
It's perfectly understandable for places like the android/apple app stores to be heavily moderated.
Same reasoning for forcing people to have their cars serviced by mechanics and not do their own maintenance in their backyards. Otherwise we'd have people driving cars without pipes and DIY break pads. I'd much rather have that enforced by megacorps/govt than by an infinite amount of businesses/individuals trying to game the system.
For most people a smartphone is an entertainment device, a tool at best, they don't give a single fuck about the underlying tech and they should not. Feel free to root your phone and install whatever you want, you can't ask people to become tech literate, it's your hobby/job, not their. Our job is to provide them safe tools, not teach them about tech. Look at your own life, chances are you don't even have surface knowledge of 99% of the things you use daily, and that's perfectly fine, nobody expects you to be a furniture designer, building safety inspector and car mechanic.
How is that? If more 'ordinary' people understood that the only functional encryption is one that is resistant to MitM etc., and the undesirability of implementing backdoors, even for ostensibly legitimate reasons, there would be far more pressure on legislators to not keep advancing these proposals than there is now.
Again, knowing that privacy is good doesn't have anything to do with the "underlying tech" and doesn't require any technological understanding. You can read a book without knowing how it was printed.
Yikes. Really? Where do you live? I can’t imagine living someplace where I’m forbidden from picking up a wrench. Heaven forbid I buy some PVC pipe. Who knows what mischief I might get up to!
For the record, I do my own break pads. And have done the master cylinder (thing that powers the breaks) on my cars a couple of times. Not just without formal training. Without any training except what I could quickly Google.
Europe. When I lived in the US I saw cars with bald tires, clearly damaged frames, spewing insane amount of smoke &c. on the road daily, I'm glad I don't have to deal with that over here.
44 states have minimum tread depth specified in the law. Almost nobody has the tool necessary to replace a tire anyway, so nobody does that themselves. So what’s your point?
Not sure why you would assume that prohibiting people from working on their cars would increase the level of maintenance.
The problem is the authoritarianism. You are advocating for totalitarian control as a solution to the possibility that some individuals might misbehave. If there is one thing we should have learned from history by now, it's that that's about the worst solution to a problem ever.
Nazi Germany was a pretty developed country, and its companies followed the "law" pretty well ? Imagine how useful an app store would have been to identify the "indesirables" and how long / whether the app store owner would have resisted?
So? I don't understand your point. Authoritarian solutions are good as long as they are not "the Final solution" because ... ? And what does having to follow the law have to do with any of this? Even "the Final solution" was law, and in a developed country at that, so ... yeah, could you explain what your point is there?
If any rule/law = "authoritarian regime" to you I think we can't stop the discussion now and save us both some time.
> And what does having to follow the law have to do with any of this
Google is free to handle its playstore as it please as long as it follow the law, I doubt google will pull a genocide anytime soon. Setting boundaries/rules doesn't make you an authoritarian regime. If you want to pull the "this reminds me of the darkest hours of our history" card you better find something more important than an app removal from a mobile phone app store if you want to be taken seriously. But I guess it's fashionable these days to compare everything to nazi germany/fascism/_insert_bad_people_, no matter how convoluted the comparison is.
> If any rule/law = "authoritarian regime" to you I think we can't stop the discussion now and save us both some time.
Can you quote where I said anything about a "regime"?
> Google is free to handle its playstore as it please as long as it follow the law,
Which is true, but completely besides the point? I am free to call you a clueless asshole. But if the discussion is about how to have a constructive dialog, me pointing out that I am free to call you a clueless asshole contributes exactly nothing to the conversation and at best shows that I have no clue what the discussion is about.
> I doubt google will pull a genocide anytime soon.
Your point being? Authoritarianism is good when it's not a genocide, because ... ?
> Setting boundaries/rules doesn't make you an authoritarian regime.
Again: Where did you pull that "regime" from? And also, no, "setting boundaries/rules" does not make for authoritarianism, that is correct. Why did you assume that I wasn't aware of that?
> If you want to pull the "this reminds me of the darkest hours of our history" card you better find something more important than an app removal from a mobile phone app store if you want to be taken seriously.
Why? And no, simply pointing out that one thing is worse than the other is not a relevant argument, that's simply straw manning, because noone claimed that one was as bad as the other.
> Our job is to provide them safe tools, not teach them about tech.
But, you can't really provide them safe tools without fixing some of the behavioral components, can you.
"Don't try to lick the sharp parts, especially when running the machine" is an implicit and important (albeit obscure) part of the safety to operating, let's say, a band saw.
Unfortunately, the intellectual bar seems to be noticeably higher for "When a very urgent and heavily accented Microsoft Support representative calls you out of the blue, don't type into your shiny techno-thingy what they tell you to".
I'm generally all for sane defaults and constructing to make spontaneous use possible too, but a lot of the time there is ultimately no other protection against dangerously wrong use of tools than not using the tools dangerously wrongly.
Too bad that's a tall order for very complicated machines that can do vastly different things depending on configuration.
Right. That means you have to pick which domains those are. Picking some to learn about means not picking others, because there's an infinity of domains. Forcing everyone to become a security expert to survive limits all their other options.
I know people are going to quote Heinlein here, but civilisation exists so that not everybody has to be a specialist in everything.
We need to drop the attitude that technology is a new scary thing it's not. Technology is an extension of our selves we have been using it for thousands of years to expand our ability.
Pen and paper was the old technology if you don't know how to use it you are illiterate, if you don't know how to use the new technology you are still just illiterate.
The baby boomer attitude of "I can't be arsed to improve as a person so every one else has to dumb it down for me" is unacceptable.
With the history of viruses, malware, ransomware, etc of personal computers for the last 3 decades, the average user is better served by a curated environment. I will download any random crap on my iPhone knowing that it can’t do much damage and has a strict permission system. I very careful about what I download on my computer.
> I can't be arsed to improve as a person so every one else has to dumb it down for me
Do you apply that to yourself out of tech ? Are you literate in art, philosophy, astrology, history, chemistry, medicine, &c. (more than surface knowledge) ? Where do you draw the line ? Is using google maps without knowing how the GPS system works in details an issue ? What about cooking ? Do you know which chemical reactions create tastes ? Are you buying food from supermarkets, why don't you hunt and grow your own ?
> The baby boomer attitude
As if millennials+ were better. Using a pc/smartphone daily doesn't mean you're tech literate, it's a prime example of familiarity != knowledge.
What you're asking for is technology literacy, similar to science literacy. Adults generally don't care to learn this stuff. But you can teach the next generation.
Yes, and the tech industry is already several decades old and multiple generations have come and gone, but today's tech consumers seem to be even less confident of poking behind the surface than those of the yesteryears.
And do note that there was a point in history when even basic literacy belonged to a small few who argued in exactly the same manner than tech people do today, i.e., that most people will never be able to understand basic science and maths, and we cannot hope for any better than to be benevolent dictators. Later history proved the hollowness of those claims. Today the majority in most of the developed and some of the developing countries are basically literate and what their grandparents couldn't imagine doing, they do effortlessly today. I don't see a single reason why computer sector should be any different. I'm not talking about a deep understanding of computers, just basic literacy that would obviate the excuse for tight, walled gardens and locked down devices.
> but today's tech consumers seem to be even less confident of poking behind the surface than those of the yesteryears.
To be fair, I'm less confident poking around behind the surface because what used to be relatively straight forward has become --for various reasons, few of which are legitimate in my eyes-- absurdly complicated.
>I'm not talking about a deep understanding of computers, just basic literacy that would obviate the excuse for tight, walled gardens and locked down devices.
I disagree on this. I have a friend who has "basic computer literacy" as in knows how to use MS Excel, KeePass, etc. And yet, she inadvertently got a virus on her laptop. It was puzzling how she could have gotten it. She doesn't visit the usual suspects of porn/gaming/gambling/etc websites. Just normal stuff like CNN, WSJ, etc. The only reason we found out about it was her email account got locked out by the ISP. Apparently, the malware found her MS Outlook email account and used a hidden background service to send a bunch of spam messages using her email profile. Understandably, the ISP monitors SMTP traffic sent from residential addresses and when it hits an unusual threshold, they lock out the account. To clean up the malware, I reformatted her laptop and got the email reset with a new password.
On the other hand, with her Apple iPhone and the locked-down walled garden, I really don't have to worry about malware to the same degree. Yes, the Apple app review process is not infallible and theoretically, she could get infected by downloading a fake bank app that steals all her money. However, the possibilities for that nightmare scenario are drastically reduced in the closed Apple ecosystem.
Even programmers, who we'd classify has uber-computer-literate compared to the general population can unwittingly get bit by malware:
What's the solution for those programmers? Educate them on how to use computers? But they're already educated.
Yes, I get the hacker ethos of not having locked-down devices but we also overestimate the ability for the general population to maintain safe computing devices. Heck, I'm a techie that programs in Xcode and I'm not confident I'm really literate on all the vulnerabilities of the iPhone. Thus, it seems unreasonable I would expect non-programmers to "just be educated" to make the App Store's curation unnecessary.
> basic literacy that would obviate the excuse for tight, walled gardens and locked down devices
You can do whatever you want on a platform like Windows because they make their money off of selling support for their platform, and selling their own products for it.
Google and Apple do not make money selling support for their platform, and only Apple really focuses on selling products for it. But they both make money by tightly controlling their platforms, in order to to squeeze money from developers, [in the case of Google] from manufacturers, from carriers, from users' payments, and from all the data they collect about it all. They don't have to care about the customer at all, and they can just focus on engineering. It's the programmer's dream.
Their business model is a walled garden, and they pick the fruits of that garden. In the case of Google, they run the Android platform so they have a way to still make ad money if Apple denied them access to that platform. In the case of Apple, they run the Apple platform so they can make money from expensive consumer devices, and also use it to control more of the services/products we use.
So, it really doesn't have anything to do with literacy. Even if everyone were a genius, their choice is still A) don't use a smartphone, or B) use a walled-garden smartphone.
I want to do this with my nieces and nephew, if they and their parents are willing. I think I already screwed up, though, when I bought Amazon Fire tablets for three of them for Christmas in 2017. Granted, they were around 3 years old at the time, so maybe they couldn't handle anything more. Still, I'm wondering what I should buy them next time. My sense of nostalgia tells me that I should buy them something at least as hackable as my Apple IIGS was. But that might not be practical. As one of my best friends pointed out to me, if I buy them an all-open-source computer, they're likely to protest, "But Uncle Matt, why can't it play [insert kids' TV show here]?". And they're not likely to accept my anti-DRM stance.
Buying three year old kids tablets for Christmas is already a fuckup imo. They're not even able to have logical thoughts, don't feed them digital heroin already!
> who should not be expected to ever know even the minimum about the underlying tech
I have worked in this industry for long enough to know that even assuming a minimum of knowledge at all is a bad idea. You can fight this fight as you want, but this comment has nothing in it to convince be otherwise.
Not the original person but: In one company I had built a reporting system. An end user generated a report and contacted support. The report contained a column that they didn't understand the meaning of..... The column was "Date" and it was the date that had occurred. They suggested that we explained that in the generated report because it was confusing. This was a medical professional.
(12 years of corporate IT support experience and 40 years working with tech in general)
Because it's human nature to only care about details that you believe you need to know in order to manage some part of your life.
If you don't see a clear and immediate value in learning something, you won't. No matter what anyone else says or does to try and convince you, you won't.
Then you get burned by something you didn't know, and there's a 50/50 chance you'll learn about it then, and only if you're convinced that it's something YOU have to do, that can't be managed for you.
And most people resent having to learn that much.
I no longer try to convince anyone of anything tech related. And rarely answer much when I am asked, unless I can see that the person is truly interested, not just curious about some buzzword.
In my opinion it's not the problem of software but the problem of hardware. You can more easily write software then produce phone hardware. From consumer perspective it's quite easy to make custom computer and use custom os on it cause most of drivers are open and you can see there are plenty of computer operating systems in the world, on the other hand most of phones hardware and os is proprietary what was not an issue when we were using it for calling not using it as alternative to traditional computer. So first we need to define what is broken, from my perspective broken is phone hardware.
I've tried to educate many people on a personal level and failed miserably almost every time, being perceived and dismissed as an evangelist for some weird ideology they don't care about (and I took it very slow and tried really, really hard not to sound as one). Maybe they are right, after all? Who am I to dictate or even influence what they should care about, especially if they don't experience that clearly. People never become tech literate until it bites them in the ass. They have to face the consequences, that's how it works.
Meanwhile in 2019, most people still find "nothing to hide" attitude perfectly reasonable.
But it is actually an ideology... It's the same as why people don't care about climate change or other far removed things from everyday life.
For the normal, everyday non-tech user, they see that all their friends use these apps and nothing has ever happened to them. The FBI didn't come knocking, they weren't fired from their jobs or anything like that.
From their point of view, why should they care about repositories, digital signatures etc., when they just want to use Instagram, Snapchat, Whatsapp and so on for some after-work (or during-work) fun / brain-swithoff. They just post some silly pictures or watch some Youtuber videos.
All these concerns about privacy just don't reach the everyday reality and real-life concerns of people and is in effect an ideological thing, similar to rejecting proprietary software on the desktop due to moral and political beliefs.
> They have to face the consequences, that's how it works
The consequences (app creators changing their practices and policies) will be spread over everyone, not on individual users. As long as their friends and society keeps using it, most people will as well. If it slowly dies out, people will use whatever is new. Most people are not that much attached to using these apps, just use them out of boredom or to interact with others. They'd easily move on if that's how things evolve.
Funny that the same could have been said about actual literacy several hundred years ago. Who ever needs to be able to read and write in their everyday life? Why should I care? It's a thing far removed from everyday life, unless you're a trader or a priest or a scholar or some other expert. Today you can't imagine an adult person being unable to read, in most of the world.
Except the tech is already there, and you use it with or without understanding. You use a credit card, electricity, Internet and other communications, some kind of computing device, your entire life depends on it. And IT shapes your life way more than any other tech, so it probably makes sense to get a grasp on the general concepts at least. No need to become an IT expert, similarly to how there's no need to become a Shakespeare to be literate. And yes, being tech illiterate can fuck you up very visibly and personally, for example by losing money from a stolen credit card.
I think a better metaphor is driving. In many countries, like the US, driving is extremely widespread and most adults cannot function in the job market without being able to drive.
However only a minority of them knows how cars work under the hood. Most people understand the pedals and the steering wheel and that's it.
Same in tech. People understand there are screens, there are buttons you can click, text input fields you can type things in with the keyboard, on/off switch, sleep/standby, etc. All the things needed to operate it.
> for example by losing money from a stolen credit card.
I'm in Europe and I don't know anybody who had this happen to them, nor is identity theft a thing here. And this is mostly about phishing and social engineering anyway, not about understanding the tech background of package managers and digital signatures.
I know plenty about software, privacy, security, and trust.
And I'm happy with these stores and couldn't care less about your cyberpunk libertarianism.
This isn't 1984. The moment they seriously misbehave, the law will come at them, and customers will leave. Therefore they don't.
You're indulging in fantasies because you would like to believe that what interests you is all-important. That's normal: all epidemiologists belief we should talk about the flu a lot more.
But it's just a tiny slice of what matters. So don't disparage people as stupid just because they spend their energy and time with more important things than recompiling kernels.
And yet games with hundred dollar microtransactions stay up fine. It's almost as if Google turn a blind eye to that which makes them richer. oh wait, that's exactly what it's like. The bastards.
The problem of donation links from Google's perspective is that they are not getting their 30% cut. You might think that this is unfair, but the app is using their distribution platform.
It's possible to make open source applications and still ask for payment on Google Play, either as the asking price, subscription or by adding in-app payments for donations. This is the right way to do it, and will probably also have a much better return since the payment workflow is much easier.
Donations through the Play store's payment platform are prohibited, since all purchases need to give an additional value in return.
The only reliable way to get donations in a compliant way is by linking to a website from the app and have a donation button there.
I can even go along your last point. But it's a different argument to say "going through google is more efficient" or to say "you can't not go through google".
Frankly, they're using their market dominant position to force free developers into a distribution model that serves them as the payment processor. I'd not go so far as to argue those are separate businesses, but it's really a blatant abuse of their power.
Arguing that this is somehow related to software quality, safety or whatever is pure BS> There is simply no other explanation for this than "it will make us money and we can get away with it."
Why is it an abuse of their power? Google and Apple are essentially saying that if you use their store as a sales funnel then they take a 30% cut, and they enforce that by being the sole payment processor on the store.
Basically Google and Apple both know that people will make more money by listing in their stores and taking a 30% cut than not listing at all.
Not exactly. Being a monopoly is fine. Google is a monopoly in search for example. It's not fine when you use that monopoly power to either stifle competition (like what MS did), or to demonstrably harm the consumer (very hard to prove).
Just because Google Play is a monopoly, it doesn't mean that it's illegal or should be fined. Especially since there are other options, like amazon's app store, or manual installation of apps.
Especially compared to iOS, Android is a paradise of freedom.
A monopoly is not defined as a 100% market share though. I'd argue the playstore is the way to distribute apps on android, and realistically a monopoly.
Wether or not the "software distribution" and "payments processing" aspects of the playstore are separate markets/products is (in my mind) up for debate. If they were then google would be using it's distribution market penetration to push its payment processing business.
Then there's the argument that the way they selectively seem to cut off smalltime donation-based software does harm users overall, although it is a systemic harm, not individual, or at least that would be (as you said) very hard to prove.
1. most open source software is not even close to breaking even via donations. so "making more money" really is a misleading way to portrait the situation.
2. I hope we can agree that "if you use their store as a sales funnel then they take a 30% cut" is at least a use of their power. The fact that there's no recourse, no (practical) competition for the distribution, and that they're not acting in agreement with their "official" stance on free-as-in-beer or free-as-in-speech software makes it an abuse in my book. The thing is, they don't officially say "we only host apps that make us money, not at all. They say they're just platforms, facilitating exchange, blabla. Also, see point 1: "sales funnel" for projects that maybe (!) manage to break even on their hosting costs is not the right term to use here.
This is an old claim by now, but these platforms matter a lot today, and since we only have two of them, and they are not in direct competition (users cannot switch at will) they really should be treated as the monopoly infrastructure that they are. What that means concretely is subject to negotiation within society.
In my opinion blackmailing the devs of an application that is essentially written and maintained as a service to the public, for free, by volunteers, is a shit move to say the least.
Correct, the more precise term here is extortion, and I can speak to that having had to face that exact criminal charge before. It follows pretty much every required element of the crime.
Except, in case of iOS AppStore, you don't have the choice of a third party store or even side-loading ability.
And they are in the process in doing so (partly by closing the platform through read-only system partition and expecting the app developer to sign the app through Apple means) with MacOS.
The platform is not yet closed, as the system partition can still be mounted in read-write mode and notarization can be bypassed for now. But their are clearly in the process to make these changes permanent in near future. Reason why they introduced them in Catalina.
The Girl Scouts sell cookies at the front door of grocery stores with an entire aisle dedicated to cookies. The stores give them permission to do so knowing the goodwill outweighs any loss in Oreo sales.
Google could make the same choice but doesn't for some reason.
Might be convenient and great for Googles revenue, but it's the wrong way to do it if your priorities are to reduce the projects platform-dependence and to support the project with your full donation.
Usually, once I decide to contribute money to a project I want them to be as free as possible and I want them to get as much of that money as possible. Independent from the specific app store I pulled it from.
I think it's wrong that the Google Play Store treats donations like purchases.
Going by your point, shouldn't Amazon be blocked since they are collecting the payment info and charging without any interference from Google? How are donation links being considered to be in violation? Just wondering!
Both stores require payment through their app stores for digital goods. Neither require it for physical goods (Amazon). The donation is for the software itself and so requires payment via Apple/Google.
The “30% cut” only applies to digital goods like apps, software or music. Physical goods like a book ordered from Amazon (or an Uber ride, for example) are exempt. Amazon-owned properties that sell digital goods are subject to the rule though. That’s for example why you can’t buy Audible audiobooks from within the app.
Now, if only Google can remove the apps that can be downloaded and installed on youtube video interface. Those pesky apps can be install even by little children.
579 comments
[ 2.9 ms ] story [ 181 ms ] threadSigning up as developer, paying the fee and building the app yourself is probably the better option. Even if you have to rebuild it every xx days.
> Testut imagines Apple could disable the ability to sync over Wi-Fi, but that would just mean plugging in your phone once a week to continue using AltStore
How about limit the number of disable WiFi syncs and force you to plug in once every 8 hours?
As mentioned in the announcement, you can switch over to F-Droid (for the time being) to get the latest version: https://f-droid.org/en/packages/com.wireguard.android.
Why do you have that caveat ? You can use f-droid forever.
I understand that it's probably Google's fault for not providing APIs/permissions but it's still terrible UX. I only use F-Droid when an app isn't available on the Play Store.
Spamming users with notifications is also against the rules and everybody does it anyways.
> Here are some examples of products not currently supported by Google Play In-app Billing:
> One time-payments, including peer-to-peer payments, online auctions, and donations.
https://play.google.com/about/monetization-ads/
Some examples are purchases that can be used outside the app, eg. cross platform purchases and things like transportation and finance.
How deep does it have to be before they cut you off? Can you link to a page that is only linking to another page where the donation happens? How much extra text would you need to "pass inspection". I find these kinds of arbitrary rules very unsettling. It's definitely time to break up the tech giants.
It is odd that they remove this though, I use at least two more open source apps that asks for a donation and will send me to their donation page if I click.
And before the "android can sideload" argument, how many normal people are going to do that with all the dark pattern warnings that google displays when you try to enable the feature.
Both are lying to you and everyone else. They instead demand their private tax while lying to you about it beforehand.
To all the entrepreneurs reading this: please create one. To all the VCs reading this: please fund one.
It's badly needed. I heard Huawei is working on one but I wouldn't bet on it.
I'm talking about a mainstream alternative android store. The design of f-droid is not appealing enough.
I don't think this is a solution.
2. Please, make it appealing for you and others! https://gitlab.com/fdroid/fdroidclient
Make it mainstream. Spread the word. Install it on family devices.
How else you think mainstream will happen?
> Here are some examples of products not currently supported by Google Play In-app Billing:
> One time-payments, including peer-to-peer payments, online auctions, and donations.
https://play.google.com/about/monetization-ads/
But anyway, now what? Let's say things return to normal, but we still want to put the silly link in the app. Our appeal was rejected. We could send letters, I suppose. Perhaps this article on HN will get the attention of the right people? We could appeal the appeal, maybe. And then appeal the appeal for the appeal. At what point does this become a waste of energy that could be spent coding and improving the app in other ways? It's hard to know where to draw the line and which battles are worth fighting. I'm happy to hear folks' opinions on the matter.
I certainly agree, though, that it is unfortunate.
I would resubmit the app with the donation link and continue to document and share what happened. Please do not allow them to set a precedent with a popular project like WireGuard.
It's important to share every detail of the issue, the messages you received, your replies, and the policy links you were given about the alleged policy violations.
Let me say that I think you're morally right, but it is probably not a reasonable choice of actions for the author and the users of the app.
I'm sure you believe that.
Do you work at Google in a position to supervise app reviews? Because if you do, then you can help straighten this out.
If you don't, then it is hopeless. Technically, Google has the right to drop any app for any reason whether it is fair or not (so suing them or something isn't an option). OP already followed the ONLY channel that Google provides (an "appeal" handled, I presume, by a bot that generally issues quick, automated rejections. Sure, I wish Google had a better policy, with some sort of genuine appeal policy which included genuine human review, followed a consistent policy, and most likely had a public record of decisions... but they don't.
You can look at r/videos and see how many examples there are, the link in [1] provides quite a few...
So hey, go get people to repost across social media, maybe get a nice trendy hashtag going like #freewireguard and maybe their "AI" (or PR department) might actually do something useful.
Because to me, I've noticed more and more companies only reverse decisions or backpeddle once there's enough shit flying at them (See Blizzard recently, for example).
[1]: https://old.reddit.com/r/videos/search?q=flair%3AYouTube%2BD...
https://gdpr-info.eu/art-22-gdpr/
> Donations to 527 designated tax exempt organizations are also permitted.
So if Wireguard becomes a proper tax exempt organisation it would be ok.
If you want donations but aren't tax exempt there is basically no way to do it. However you could easily work around it by offering something trivial like a badge (games can use IAP to purchase trivial things like hats). The downside is that Google take their 30% cut.
[0] https://developer.android.com/google/play/billing/billing_ov...
And then Google get 30% of it.
Yeah...
AKA follow the money.
just to stir the pot and see what happens.
A donation is not a purchase.
A small amount relative to the value that you're giving to the world, but hopefully a few pints won't go amiss.
Fuck gatekeepers.
I'd love to use the F-Droid version but it's not up-to-date, and isn't published by Jason, so it's not signed by him either.
Publishing it on the website with a built in update-check might be one solution I'd be happy with, it'd only need a text file hosted on the website and a check, perhaps each time WG is activated to see if there is an update. Modern Android versions can be toggled to allow installing software from external sources, so the app could "install itself".
Cheers
I don't see anything wrong with this. Charging vs Donations, I don't see what the difference is. It's people paying money for good/services/software. The primary difference is the open ended pricing model.
Google, Apple put up networks and there's value in that network. Whether someone chooses to release their app for free or charge money for it, that app is dictated by the network fees. This network is extremely powerful in terms of its distribution reach. Does it warrant 30%? That's what the market is willing to put up with, but if we're debating 30% - it should be for the whole network not just because someone has an open ended pricing model.
If this app is registered as a non-profit (which it did not look like based on the website?) then I am 100% in the wrong and do believe the app should be able to operate under different pricing schemes.
At a philosophical level - what is the difference between a free-to-use app that has open ended pricing vs a FOSS with donations?
If there is a difference, let's discuss it.
It's a major failure of governments to allow monopolies.
https://play.google.com/about/monetization-ads/
Charging: Person paying gets something in return Donating: Person paying does not get something in return
>The primary difference is the open ended pricing model.
What does "an open ended pricing model" mean?
Agreed, donations do not necessarily mean I receive anything in return and I purely want to support like clean water efforts in 3rd world countries, but policing the difference seems unrealistic.
But that seems like it should be a special non-profit category. I think I'm beginning to convert to a 'middle' ground that there should be a sole proprietor non-profit, but that seems insanely hard to police.
https://www.apple.com/ios/app-store/principles-practices/
Also on the value prop front, worth noting a variety of digital app stores at scale have found operation costs 12% to 18% fees before the hands on “40% rejection” level of oversight that Apple is providing to end users.
This is simply not how the real world works. If it ever does, you've created a dystopia.
Google are being bureaucratic twats here. There's plainly and obviously a difference between WireGuard and the 10,000,000th iteration of some bullshit F2P casual game, and there's obviously a distinction between donations and purchases - the intent of the user, for one.
That they put prole-tier support on the case and 'accidentally or otherwise' sling the banhammer at pivotal pieces of software is their problem to figure out.
But again, what is FOSS with a donation link vs free-to-use software with pay-as-much-as-you-want.
One sounds like a non-profit while the other sounds like a for-profit.
Perhaps if you can directly show your software is FOSS via licensing etc that there should be a special exemption?
Seems like there needs to be a sole-proprietier non-profit... but man that seems like rife for abuse.
The for-profit vs non-profit distinction is immaterial to me; the distinction is between actually paying for products (e.g. buying an ingame item or support or a subscription or whatever; some sort of 'contractual' thing), and literally giving money away with no strings attached.
Google's particular funding model for their App Store is a different kettle of fish entirely - they can decide that apps beginning with the letter A pay a 90% fee and that's just how it works.
Through this discussion I do wish there was an exception for FOSS for individuals at a legal level.
I can 100% agree though that the fees which google/apple charge are extortionist.
the question is whether or not it is right for google to act as a gatekeeper here. i think not.
It would surprise me if that were not true globally.
A donation is definitionally a gift. If it's not due to some legal wankery, rename it, doesn't matter.
as far as i know, at least in the US only donations to registered non-profits are tax free. any other donation is taxed like any other income.
if it's a one-off, sure, calling that a donation may be trivial, but if you start getting donations on a regular basis, you have to prove that they are in fact donations, and not hidden payments for a service. if it weren't so, we would not need to have entities register as non-profit.
Edit: Wireguard literally make that case while soliciting donations
>We're extremely grateful for all donations, which enable us to continue developing WireGuard as free open source software. We are happy to receive donations from interested companies who would like to see WireGuard development continue and thrive, as well as individual donations from folks who would simply like to say "thanks".
I don't believe that the app stores would cease to function or even suffer appreciably decreased profit by doing so. In-app purchases result in new features or items or something being unlocked.
Donations do not. They are gifts.
I disagree with the concept of fees for the Google and Apple play stores because they are monopolies within the platform entirely, but if they must exist, attempting to charge fees for donations is just bad form.
Considering the amount of donations I got, it would have been much more profitable to clean toilets, to just go begging in the streets, collect bottles from public trash cans for the deposit, or just sell my body.
In fact let's have a look how much I got during the past 12 months for 250 hours of work:
$0.
Had I been working as someone who climbs onto roofs and cleans the dirt off of them I would have gotten this much for that in this country:
$16500
And then, as a cherry on top, you now demand that a giant monopoly, which is trying very hard to soak up as much of people's data as possible - without paying them for it! - should get a cut from donations for my work which I genereally give away for free.
Now I can understand that you did not know this when you wrote down your opinion!
But given that you do now, do you understand how insulting this feels? :) It actually itched me so much that I created this account solely for the purpose of telling you, and I would be very happy if you could change your mind :)
100% open source does not pay money for the vast majority of people, and thank you for your contributions to the community.
I also hope you understand that I get that FOSS donations won't make a liveable wage. At the same time, we want to be thanked for our contributions to the community - I get that.
My point is - by throwing up a donation link, we're circumventing their process. What's the difference between throwing up a donation link vs a Apple/Android pay link in app? It's the network fees. We're trying to avoid those because we feel they're unfair (which they 100% are).
If the Apple/Android pay fee was the same as the donation link, the majority of the time, we be using Apple/Android pay. Why not?
We want the benefits of the Apple/Android distribution network without paying their fees because "We belong to FOSS".
But Android is Android because of these apps. Without them it would be like the Windows phone which was nice but didn't get enough apps on it and so it failed.
These companies depend on our apps as much as we depend on their app store for distribution.
Fuck apple for starting this walled garden and creating a parasitic relationship rather than a symbiotic relationship.
I don't understand.
> Fuck apple for starting this walled garden
IIRC apple started it and now all the big players are following suite.. including even Windows 10 which has it's own app store and similar cut.
So how do you decide what a fair cut is? Over the course of a month, given all your app and system usage, and all the pieces of software you've touched or relied on, what percent of the engineer hours required for that stuff to work came from Google/Apple vs coming from third party app makers? Is that how you decide the split? Because I have a feeling the time it took to build the 15 third party apps I might touch in a month don't come close to the level of effort required to have built the system and first party apps.
Thank heavens there's an alternate way of distributing apps on Android. Say what you want about Android vs. iOS, but at least there's an alternative if you as a consumer have a beef with Google Play.
[1]: https://f-droid.org/en/packages/com.wireguard.android/
Something like that already exists. I had to use one of these directories once to install an older release of Signal on a relative's phone (newer releases of Signal don't work on older phones, older releases of Signal aren't compatible with the current Signal server, but there's a single version in the middle which both works on older phones and is compatible with the current Signal server; unfortunately, that phone hadn't yet updated to that release before a newer release went out).
C'mon people, is Google we talk about, you know, those who bow to might $$$ only. You should've made a donation link INSIDE google, so they can charge their 30% before you get the money, that's how you keep your app in their store </sarcasm>.
I've never donated to WireGuard before, and I didn't think about donation (I installed WireGuard from my package manager and didn't realize a donation link exists), until now.
Just donated 25 USD.
Thanks Jason. No thanks, Google.
No one needs them for discovering new software. You go to the app store to get a specific piece of software you already know about and whose reputation you’ve already verified.
No one needs them for code signing. If you want the real firefox.apk you can download it from https://firefox.com/ and notice a lack of SSL alarms going off. What’s the code signing for — to let me know that HTTPS works?!
All I really want is an OS facility that only executes code that has been installed explicitly by me, and always in a sandbox. That’ll stop that dodgy email from executing r00t.sh via an exploit in my mail client.
App stores and code signing popups are proxies for that kind of OS facility, but I’d rather it was just part of the OS explicitly.
App stores leave me with all sorts of unwanted properties, namely Google / Apple throwing their unwanted opinion around. Search for Instagram in the iOS App Store: the top UI element is “InstaMap”, thanks Apple!
The website from which you, the customer, download the software often is built and managed under less controlled and more vulnerable circumstances, often with third party involvement. Any bad actor in a long chain of internal caretakers and potentially external hackers can replace the to-be-downloaded artifact HTTPS with malicious junk. Code-signing mitigates this.
If someone has changed the files on the distribution servers. A Hacker News reader will have no problem recognizing it and stop installing, another one will compare the signature and keep it as evidence.
Of course, the overwhelmingly majority cannot recognize it though.
But only the readers of Hacker News can recognize it. I think it's one of the most powerful argument for a walled garden. Not that I support it, but I acknowledge it's still a powerful argument.
"Isn't just clicking _next_ until the app starts?"
There's also people that don't know that they need "Firefox", they just want a browser. Or a tool to print envelopes or crop an image. So they search in the app store and they know it'll probably be okay.
If you search for this online you'd get a bunch of SEO spam sites, shady tools among other things. At least due to the developer fee and reviews there's at least some barrier of entry (Also if it's not perfect).
> App stores leave me with all sorts of unwanted properties, namely Google / Apple throwing their unwanted opinion around. Search for Instagram in the iOS App Store: the top UI element is “InstaMap”, thanks Apple!
Apple's search is notoriously bad and the perfect case to apply Hanlon's razor.
I trust it enough to believe it won't start crypto mining in the background or connect to random servers and sending the content of my computer somewhere. For the average user it's probably the better option than downloading the top Google result and just executing it.
The current migration towards more sandboxing also helps. For instance, Android has restrictions on how much an application can do in the background without showing up as a persistent notification, and xdg-app's sandboxing can restrict how much of the content of your computer an application can access without using a file open dialog.
Sure, they wont do crypto mining, but that's because it would drain your battery quickly, and people would notice and uninstall.
Isn't the whole point of sandboxing and the permission systems exactly preventing phonebook and location data misuse? Especially location tracking prevention was a pretty big part of the iOS 13 announcements.
I live in a city now and no longer have my own tools/garage, but I know enough about my car to know the shop down the street was trying to screw me when they did a bait in switch, wanting to charge $950 for an alternator repair (and claimed my battery; less than a year old was bad). I called around, towed it to another shop and paid less than half of that...and the battery was perfectly fine.
I should have checked the reviews on the first shop because they were some pretty bad ones. Now I know better, but there are a ton of people who just accept it, maybe because they're car was already towed there and they simply don't know any better.
Because that is the majority of the users and because it's hard to find reliable information on the internet even if you're willing to do the research into this sort of thing. I'm certain there are plenty of things that you are probably not knowledgable about and don't put the time to learn about as well.
Bad plan, both on iOS and Android. You should not be installing random apps unless you vet them first.
People keep going back to the "users are stupid" argument, but (particularly on Android) the app store does not protect users. Installing random apps or trusting the first app that shows up is a terrible thing to teach dumb users to do.
If you want to protect users to the point where they don't need to think at all, you need to be way more locked down than iOS/Android currently are -- you need Nintendo Switch levels of moderation, vetting, and sandboxing. The problem is that very few people (dumb users included) want that level of vetting for a smartphone.
Androids app sandbox is pretty leaky. It has a massive surface area, and the chances of finding exploits to get out of it to find root are high. Also, even from within the sandbox, there are lots of evil things you can do (for example, start on boot, and go fullscreen and use all the ram so the back and home button SystemUI process gets killed and your app is unkillable.).
The 'badness' of the android app model is a big chunk of the reason Google wants to be gatekeeper - otherwise android apps could just load and unload like webpages do. That and profit.
The most popular third party rooting services don't seem to support past Android 8.
Clearly it isn't easy to root these things.
But we have fdroid and the GNU/Linux ecosystem is going to eat android’s lunch anyway.
I so badly wish I could agree with you :)
Sadly, observing the non-tech folks around me, some of which don't even know what an app is, and some of which think the only apps they'll ever use on their phone is the ones it came loaded with ... it's not true.
What is needed is an android app. store that is decentralized / distributed, where the "trust" of an app is a consensus-based score and that has the popularity of whatsapp.
How google tries to claim any sort of support for open source is beyond me. What open source app doesn't need a donation link? Those approved and funded by google don't, okay. But other than that?
These “donations” are more like tips, which are treated as taxable income.
I don’t see the problem here. The outrage in this thread seems more about people wanting a different set of rules for OSS and possibly avoiding income tax than anything else. If there are a different set of rules for OSS, then that just makes it easier to abuse the platform. Google’s policy seems fair to me.
But neither seems to have Google ! While the global license/patronage debates are already a decade old, and we have seen new companies get started and even established in this sector (Patreon). For instance this "donations" page only seems to cover non-profits ? https://www.google.com/nonprofits/offerings/google-donation-...
Do I have that option?
Wait. I suddenly understand something I've seen previously...
There is a workaround! You simply upload two versions of the app, the free edition and the supporter edition. The support's edition is a paid app. You can ask the users who want to support you to install the paid app in your free app. The program itself is still 100% free and open source, there is no functionality restrictions in the free app, the donation notice can be turned off - just as a way to encourage donations. And it's nothing against the rules of the store.
They're thinking that they're a monopoly and can do whatever the hell they want without needing to justify themselves?
To be fair they didn't. You can accept donations if you're an actual charity (like Wikipedia is). The line they drew isn't perfectly fair, no, but it's not a full ban hammer, either.
Now that I think of it, Uber has you put your credit card in. I'm not sure why that's allowed
Quote from policy [1]:
Developers offering products within another category of app downloaded on Google Play must use Google Play In-app Billing as the method of payment, except for the following cases:
- Payment is solely for physical products
- Payment is for digital content that may be consumed outside of the app itself (e.g. songs that can be played on other music players).
[1] https://play.google.com/about/monetization-ads/payments/
A donation doesn’t magically make everyone else work for free.
Yes, they charge 1/10 of what Google charges. The 30% has nothing to do with how much it cost them to run the service, so let's not pretend that they _have_ to charge them.
(I'm not saying they should offer cheap/free donations, I just don't think it's fair to talk about how much it costs them to run the service given that that's clearly not the driving factor)
I just wish F-Droid had a better design but I guess that's just the nature of OSS. It always looked a bit shady and out-of-date, which probably hurts it's popularity.
[1] https://gitlab.com/gdroid/gdroidclient/
https://news.ycombinator.com/item?id=21269542
This is ridiculous. May as well only publish open source apps on F-Droid and similar.
That's what we do in every other domains, what's the difference here ?
Same reasoning for forcing people to have their cars serviced by mechanics and not do their own maintenance in their backyards. Otherwise we'd have people driving cars without pipes and DIY break pads. I'd much rather have that enforced by megacorps/govt than by an infinite amount of businesses/individuals trying to game the system.
For most people a smartphone is an entertainment device, a tool at best, they don't give a single fuck about the underlying tech and they should not. Feel free to root your phone and install whatever you want, you can't ask people to become tech literate, it's your hobby/job, not their. Our job is to provide them safe tools, not teach them about tech. Look at your own life, chances are you don't even have surface knowledge of 99% of the things you use daily, and that's perfectly fine, nobody expects you to be a furniture designer, building safety inspector and car mechanic.
As a service tech if I fill a car with tomato sauce instead of oil I pay for the car.
As a programmer I can sell all the users data, leak it to hacks, then laugh all the way to the bank.
As a furniture salesman I can requirements on materials transparency. If I break those I'm liable.
As a programmer I can totally change the rules of my application at any time.
If society wants to trust tech it will have to hold it's creators responsible.
The back door encryption thing is a fun example of this.
For the record, I do my own break pads. And have done the master cylinder (thing that powers the breaks) on my cars a couple of times. Not just without formal training. Without any training except what I could quickly Google.
Not sure why you would assume that prohibiting people from working on their cars would increase the level of maintenance.
> And what does having to follow the law have to do with any of this
Google is free to handle its playstore as it please as long as it follow the law, I doubt google will pull a genocide anytime soon. Setting boundaries/rules doesn't make you an authoritarian regime. If you want to pull the "this reminds me of the darkest hours of our history" card you better find something more important than an app removal from a mobile phone app store if you want to be taken seriously. But I guess it's fashionable these days to compare everything to nazi germany/fascism/_insert_bad_people_, no matter how convoluted the comparison is.
Can you quote where I said anything about a "regime"?
> Google is free to handle its playstore as it please as long as it follow the law,
Which is true, but completely besides the point? I am free to call you a clueless asshole. But if the discussion is about how to have a constructive dialog, me pointing out that I am free to call you a clueless asshole contributes exactly nothing to the conversation and at best shows that I have no clue what the discussion is about.
> I doubt google will pull a genocide anytime soon.
Your point being? Authoritarianism is good when it's not a genocide, because ... ?
> Setting boundaries/rules doesn't make you an authoritarian regime.
Again: Where did you pull that "regime" from? And also, no, "setting boundaries/rules" does not make for authoritarianism, that is correct. Why did you assume that I wasn't aware of that?
> If you want to pull the "this reminds me of the darkest hours of our history" card you better find something more important than an app removal from a mobile phone app store if you want to be taken seriously.
Why? And no, simply pointing out that one thing is worse than the other is not a relevant argument, that's simply straw manning, because noone claimed that one was as bad as the other.
But, you can't really provide them safe tools without fixing some of the behavioral components, can you.
"Don't try to lick the sharp parts, especially when running the machine" is an implicit and important (albeit obscure) part of the safety to operating, let's say, a band saw. Unfortunately, the intellectual bar seems to be noticeably higher for "When a very urgent and heavily accented Microsoft Support representative calls you out of the blue, don't type into your shiny techno-thingy what they tell you to".
I'm generally all for sane defaults and constructing to make spontaneous use possible too, but a lot of the time there is ultimately no other protection against dangerously wrong use of tools than not using the tools dangerously wrongly. Too bad that's a tall order for very complicated machines that can do vastly different things depending on configuration.
I know people are going to quote Heinlein here, but civilisation exists so that not everybody has to be a specialist in everything.
We need to drop the attitude that technology is a new scary thing it's not. Technology is an extension of our selves we have been using it for thousands of years to expand our ability.
Pen and paper was the old technology if you don't know how to use it you are illiterate, if you don't know how to use the new technology you are still just illiterate.
The baby boomer attitude of "I can't be arsed to improve as a person so every one else has to dumb it down for me" is unacceptable.
Do you apply that to yourself out of tech ? Are you literate in art, philosophy, astrology, history, chemistry, medicine, &c. (more than surface knowledge) ? Where do you draw the line ? Is using google maps without knowing how the GPS system works in details an issue ? What about cooking ? Do you know which chemical reactions create tastes ? Are you buying food from supermarkets, why don't you hunt and grow your own ?
> The baby boomer attitude
As if millennials+ were better. Using a pc/smartphone daily doesn't mean you're tech literate, it's a prime example of familiarity != knowledge.
And do note that there was a point in history when even basic literacy belonged to a small few who argued in exactly the same manner than tech people do today, i.e., that most people will never be able to understand basic science and maths, and we cannot hope for any better than to be benevolent dictators. Later history proved the hollowness of those claims. Today the majority in most of the developed and some of the developing countries are basically literate and what their grandparents couldn't imagine doing, they do effortlessly today. I don't see a single reason why computer sector should be any different. I'm not talking about a deep understanding of computers, just basic literacy that would obviate the excuse for tight, walled gardens and locked down devices.
To be fair, I'm less confident poking around behind the surface because what used to be relatively straight forward has become --for various reasons, few of which are legitimate in my eyes-- absurdly complicated.
I disagree on this. I have a friend who has "basic computer literacy" as in knows how to use MS Excel, KeePass, etc. And yet, she inadvertently got a virus on her laptop. It was puzzling how she could have gotten it. She doesn't visit the usual suspects of porn/gaming/gambling/etc websites. Just normal stuff like CNN, WSJ, etc. The only reason we found out about it was her email account got locked out by the ISP. Apparently, the malware found her MS Outlook email account and used a hidden background service to send a bunch of spam messages using her email profile. Understandably, the ISP monitors SMTP traffic sent from residential addresses and when it hits an unusual threshold, they lock out the account. To clean up the malware, I reformatted her laptop and got the email reset with a new password.
On the other hand, with her Apple iPhone and the locked-down walled garden, I really don't have to worry about malware to the same degree. Yes, the Apple app review process is not infallible and theoretically, she could get infected by downloading a fake bank app that steals all her money. However, the possibilities for that nightmare scenario are drastically reduced in the closed Apple ecosystem.
Even programmers, who we'd classify has uber-computer-literate compared to the general population can unwittingly get bit by malware:
Javascript programmers vulnerable to NPM package repository malware: https://www.theregister.co.uk/2018/07/12/npm_eslint/
Microsoft's uber geek expert Mark Russinovich got infected by Sony's rootkit: https://blogs.technet.microsoft.com/markrussinovich/2005/10/...
What's the solution for those programmers? Educate them on how to use computers? But they're already educated.
Yes, I get the hacker ethos of not having locked-down devices but we also overestimate the ability for the general population to maintain safe computing devices. Heck, I'm a techie that programs in Xcode and I'm not confident I'm really literate on all the vulnerabilities of the iPhone. Thus, it seems unreasonable I would expect non-programmers to "just be educated" to make the App Store's curation unnecessary.
You can do whatever you want on a platform like Windows because they make their money off of selling support for their platform, and selling their own products for it.
Google and Apple do not make money selling support for their platform, and only Apple really focuses on selling products for it. But they both make money by tightly controlling their platforms, in order to to squeeze money from developers, [in the case of Google] from manufacturers, from carriers, from users' payments, and from all the data they collect about it all. They don't have to care about the customer at all, and they can just focus on engineering. It's the programmer's dream.
Their business model is a walled garden, and they pick the fruits of that garden. In the case of Google, they run the Android platform so they have a way to still make ad money if Apple denied them access to that platform. In the case of Apple, they run the Apple platform so they can make money from expensive consumer devices, and also use it to control more of the services/products we use.
So, it really doesn't have anything to do with literacy. Even if everyone were a genius, their choice is still A) don't use a smartphone, or B) use a walled-garden smartphone.
I have worked in this industry for long enough to know that even assuming a minimum of knowledge at all is a bad idea. You can fight this fight as you want, but this comment has nothing in it to convince be otherwise.
Because it's human nature to only care about details that you believe you need to know in order to manage some part of your life.
If you don't see a clear and immediate value in learning something, you won't. No matter what anyone else says or does to try and convince you, you won't.
Then you get burned by something you didn't know, and there's a 50/50 chance you'll learn about it then, and only if you're convinced that it's something YOU have to do, that can't be managed for you.
And most people resent having to learn that much.
I no longer try to convince anyone of anything tech related. And rarely answer much when I am asked, unless I can see that the person is truly interested, not just curious about some buzzword.
Meanwhile in 2019, most people still find "nothing to hide" attitude perfectly reasonable.
For the normal, everyday non-tech user, they see that all their friends use these apps and nothing has ever happened to them. The FBI didn't come knocking, they weren't fired from their jobs or anything like that.
From their point of view, why should they care about repositories, digital signatures etc., when they just want to use Instagram, Snapchat, Whatsapp and so on for some after-work (or during-work) fun / brain-swithoff. They just post some silly pictures or watch some Youtuber videos.
All these concerns about privacy just don't reach the everyday reality and real-life concerns of people and is in effect an ideological thing, similar to rejecting proprietary software on the desktop due to moral and political beliefs.
> They have to face the consequences, that's how it works
The consequences (app creators changing their practices and policies) will be spread over everyone, not on individual users. As long as their friends and society keeps using it, most people will as well. If it slowly dies out, people will use whatever is new. Most people are not that much attached to using these apps, just use them out of boredom or to interact with others. They'd easily move on if that's how things evolve.
Except the tech is already there, and you use it with or without understanding. You use a credit card, electricity, Internet and other communications, some kind of computing device, your entire life depends on it. And IT shapes your life way more than any other tech, so it probably makes sense to get a grasp on the general concepts at least. No need to become an IT expert, similarly to how there's no need to become a Shakespeare to be literate. And yes, being tech illiterate can fuck you up very visibly and personally, for example by losing money from a stolen credit card.
However only a minority of them knows how cars work under the hood. Most people understand the pedals and the steering wheel and that's it.
Same in tech. People understand there are screens, there are buttons you can click, text input fields you can type things in with the keyboard, on/off switch, sleep/standby, etc. All the things needed to operate it.
> for example by losing money from a stolen credit card.
I'm in Europe and I don't know anybody who had this happen to them, nor is identity theft a thing here. And this is mostly about phishing and social engineering anyway, not about understanding the tech background of package managers and digital signatures.
I have had the exact same experience. I've long given up trying to explain anything to normies, including anything related to privacy.
I really pains me to say this, but the bleating masses are the bleating masses, and getting them to internalize anything typically takes a generation.
And I'm happy with these stores and couldn't care less about your cyberpunk libertarianism.
This isn't 1984. The moment they seriously misbehave, the law will come at them, and customers will leave. Therefore they don't.
You're indulging in fantasies because you would like to believe that what interests you is all-important. That's normal: all epidemiologists belief we should talk about the flu a lot more.
But it's just a tiny slice of what matters. So don't disparage people as stupid just because they spend their energy and time with more important things than recompiling kernels.
It's possible to make open source applications and still ask for payment on Google Play, either as the asking price, subscription or by adding in-app payments for donations. This is the right way to do it, and will probably also have a much better return since the payment workflow is much easier.
https://9to5mac.com/2019/09/06/apple-extends-deadline-for-ne...
Arguing that this is somehow related to software quality, safety or whatever is pure BS> There is simply no other explanation for this than "it will make us money and we can get away with it."
Basically Google and Apple both know that people will make more money by listing in their stores and taking a 30% cut than not listing at all.
As soon as you get a certain threeshold you become a monopoly, which essentialy means you controll who does business in that sector.
It should never be allowed to be a distributor as well as the owner of a marketplace.
It's the same problem with amazon marketplace and other similar things.
EDIT: Formatting
Just because Google Play is a monopoly, it doesn't mean that it's illegal or should be fined. Especially since there are other options, like amazon's app store, or manual installation of apps.
Especially compared to iOS, Android is a paradise of freedom.
This is an old claim by now, but these platforms matter a lot today, and since we only have two of them, and they are not in direct competition (users cannot switch at will) they really should be treated as the monopoly infrastructure that they are. What that means concretely is subject to negotiation within society. In my opinion blackmailing the devs of an application that is essentially written and maintained as a service to the public, for free, by volunteers, is a shit move to say the least.
I don’t know what you think the verb ‘to blackmail’ means, but nobody has been blackmailed or anything like it in this situation.
And they are in the process in doing so (partly by closing the platform through read-only system partition and expecting the app developer to sign the app through Apple means) with MacOS.
The platform is not yet closed, as the system partition can still be mounted in read-write mode and notarization can be bypassed for now. But their are clearly in the process to make these changes permanent in near future. Reason why they introduced them in Catalina.
Google could make the same choice but doesn't for some reason.
Might be convenient and great for Googles revenue, but it's the wrong way to do it if your priorities are to reduce the projects platform-dependence and to support the project with your full donation.
Usually, once I decide to contribute money to a project I want them to be as free as possible and I want them to get as much of that money as possible. Independent from the specific app store I pulled it from.
I think it's wrong that the Google Play Store treats donations like purchases.