We merged a similar thread, "AndOTP Removed from the Google Play Store Due to Donation Link", into this one. Perhaps we'll update the title to cover both.
[Prior reply got detached in some cleanup, so adding again here.]
An update on the WireGuard situation: they have reinstated the app _without_ the donation link. From what I can tell from talking to Google insiders, there has been no change in policy. Officially, Google has not communicated at all with us about it, so we're not sure what's up. But at least our app is available again to users, which is great.
My app also got taken down some months ago. I had a menu entry called Donation that linked to a web page containing a PayPal donation button. I'm guessing they are just looking for the string Donation in your app.
Google Play In-app Billing does not support donations [1], so open source developers should be allowed to link to their own donation pages. Google Play policies do not spell out that linking to donation platforms such as Patreon is forbidden.
Disallowing developers from using in-app billing for donations, while also barring them from linking to external donation platforms, puts open source projects in a difficult position, and appears to be overly hostile towards funding open source development.
Google must clarify their position on whether they allow donation links in apps published on Google Play. The app takedowns [2] of the last few days show that this is a significant development, and it is of great importance for all open source developers.
It's best to publicly document the messages you receive during app takedowns, since app store policies are often vague, it's easy for reviewers to make mistakes, and having a clear reference for these decisions also helps the public assess the validity of the takedown.
> Disallowing developers from using in-app billing for donations, while also barring them from linking to external donation platforms, puts open source projects in a difficult position, and appears to be overly hostile towards funding open source development.
Google Play has been very clear about this[1]:
> Fund solicitations
> Examples: Donation solicitations from parties without a valid 501(c)(3) tax exempt status clearly displayed to the public; solicitations from parties without valid proof of exempt tax status or proof of registration with the relevant country's regulatory bodies and authorities; and political organizations that have registered with the Federal Election Commission (FEC)
For instance, Wikipedia displays an external "Support Wikipedia" link in the main menu of its Android app[2] without violating Google Play's terms and conditions.
Sure, but why? If the rules clearly said "no chess games", one could say "that ends the discussion of why chess games are denied", or you could further ask "but why are no chess games allowed?". Is it because Google plans on having their own Google-Chess someday and thus is preemptively preventing competition? Is there a technical or regulatory reason chess games aren't allowed?
That's the question (at least for me) here: why are (non-tax-exempt) donations not allowed, beyond the tautological response of "because the rules say so"? I'm not familiar with the regulations around this area, so for all I know there's a great non-Google reason for this and Google just wants to avoid the hassle of conforming to some law. Or maybe donations is a feature they want to eventually support in Google Play and they don't want to have to force a bunch of apps in the future to switch once they add it (which would be a more disappointing reason). Perhaps they're afraid that it would create a loophole where people could get around the 30% cut since psychologically it feels shitty for someone to middle-man a donation, but then if they made donations Google-tax free, everyone would just choose "donation" and they'd have to police this.
My guess is it's ripe for fraud. Find open source app, put on Google with your donation platform of choice, profit!
By requiring government registration my guess is the hope is both that the fraudsters will be caught or dissuaded and if they do make it past the government registration then when the real devs complain Google can say "take it up with the government. They mis-licensed. We just followed their license"
My guess is you missed the point of Free Software. Anyone can use it in any way, including selling for profit. "Free" as in "freedom", you know
Recently I created a small homepage with different re-packaged versions of Java: https://jdk.dev
All that alternative packages are free of charge but they have extended support from a number of big companies. All these companies funded separately, there's no common place for donations or something.
That's totally ok in the world of Free Software. Pick any source code you want, repackage, rebrand it, sell it as you wish and may the Force be with you. People do it all the time.
Just because the license lets you do what you want with the code doesn't mean you’re allowed to commit fraud.
For example, if a person were to repackage someone else's open source project with a link that says, "Donate to support the development of this software" that's still fraud (assuming they keep the donations).
I understand your point but we should not assume criminal intent without some solid evidence.
Back in days I paid for CDs with only open source software because internet was too slow. CDs were definitely priced for decent profit. The beauty of opensource is that we can do this legally.
But this isn't a discussion of assuming criminal intent of a particular actor. This is a discussion of a rule to prevent actions by a hypothetical criminally-inclined actor...and thereby prevent a platform from getting a reputation for that criminal action.
You are forced to use either Apple or Android or a Windows PC to acces many services that are essential to modern life. Android would probably be the cheapest option. So if you do not want to use Google services you would have to pay premium. For many people it is not an option.
I am not and I am not using neither Apple, Android (I am using the FOSS version, I guess that does not count as Android in this case) nor Windows and I am not missing anything, and I'm not frugal in this sense (most of my friends consider me a guy living in the future). And I am not paying premiums. I simply prefer web apps over native apps, it's a breeze with PWAs.
All government services where I live require Windows/Android or Apple. For some time I used Android in a VM for tax declaration etc, but the developers first banned the OS build name, so I changed the build name :P But then they found some way to figure out that I was using a VM. My hope is in PWA's, but the problem with PWA's (it's a feature really) is that it's harder to fingerprint and spy on the user. Also meaning it's harder to catch abuse like identity theft. I know there are ongoing work on Web ID standards where you can have a cheap second factor device as key. So it looks promising. But then there are the platforms, what incentive do they have, (more then empowering their users and developers), to actually enable a layer like web browsers that circumvent their monopoly status?
The requirement for provable non-profit status is a legal requirement. A new federal law that passed last year makes it so any "online" content distribution network (including Google play) is legally responsible for any crimes committed by someone else listing a product or message on their platform.
Basically, if you include a donation link in your app without proving non-profit status you could be committing fraud, and Google could be held equally responsible to the crimes of the app being hosted. Google also has to report non-tax exempt profits made by any app/content they host in many locations, so only non-profit groups may link to a 3rd party payment system without violating legal statutes in some countries/states.
How is it fraud to ask for donations without being a non-profit?
It's higher risk for sure. Non-501c3 donations are the kind of high risk small peanuts you can imagine a behemoth like Google wanting to get away from.
Because it saves google some hassle in policing shady monetary schemes. As soon as money is involved it is a massive hassle. Going outside of established monetary policy opens up a massive hole of shenanigans. Not to mention every app you download would have huge incentive to put up endless patreon/donate buttons that would go outside of googles carefully crafted walled garden, yet they would be held responsible for shady practices.
So they want the app store but as soon as it gets comlex or difficult to manage they kick up their heels and ban apps rather than stepping up to the plate and owning thier problem.
There are at least three, actually, since Amazon also runs their own store which can be installed on any Android device. Samsung has another one specifically for Samsung devices, and there's also F-Droid though that might not count as a "store" since it doesn't handle payments. Anyone else can start their own the same way. Only the Apple devices are restricted to apps from their vendor-specific app store.
Likely this is Google avoiding additional regulatory complications/KYC. It's cumbersome to prove you're not enabling money laundering or funding terrorist organizations if you're an arbitrary money sink.
But I'd expect better than Google, a business with an astounding $836B market cap. They could just buy a company that primarily handles this sort of money flow (e.g. Streamlabs)
It's understandable that they want to process payments only for registered organizations, but that still does not explain why are open source apps being taken down for linking to an external page that lists ways to support projects.
Probably because Google or it's financial partners have compliance programs that require all money flows they enable go through the required regulatory channels.
If an affiliated party is breaking regulations, you can often get in trouble by continuing to be associated with them once you're aware, and ignorance isn't a valid defense.
It's unlikely that GitHub subjects themselves to legal risk by allowing developers to link to Patreon [1]. I think this issue has more to do with Google's priorities, than what is legally possible.
It's not a lawsuit that people are afraid of. It's potential action from financial regulators, who are famously inflexible and disinterested in being nice to open source software developers in genuine financial need.
Parties like Google and Apple are well aware of the potential consequences, and thus are similarly inflexible and disinterested in being nice to a fairly small group of use-cases that exposes them to an outsized amount of risk.
It's really, deeply unfortunate. It's incredibly painful for everyone who has to deal with this bureaucratic bullshit. Unfortunately, it being bullshit doesn't make it less real or less reasonable.
Unless you're casting literally any action ever as being subject to "potential action from financial regulators", which is theoretically true but simply asinine to discuss, this completely misses the point.
It is not a real concern for Google to have a hyperlink https://wireguard.com/donations buried inside an app distributed on the Google Play Store.
I don't believe your concern is legitimate. It's arse covering gone mad, sorry.
Rhetorical:
You can email me, my email is in my bio, and I will respond with a way that you can send me money. If dang reads this post and does not take it down, does that put HN at risk of AML action for potentially 'aiding the money flow'?
edit: actually, you can click through enough links on my bio and get directly to donation pages. now we're really fucked, right? who's gonna turn off the lights?
Your rhetorical is not equivalent. Google Play Store is a marketplace. Google facilitates transactions -- from users to app developers. Some transactions are free, but Google's financial partnerships might mandate that certain regulations apply to the entire Google Play Store ecosystem. I could be wrong, but I'd reckon this is a grey area and Google is opting to avoid the problem altogether (IMO a bad choice).
This website is different -- not just free -- there is no financial partnership in play (as far as I'm aware). But rules still apply. If you put a link in your profile taking donations for Syria, the operators of this site are obligated to comply with OFAC sanctions and I'd expect your profile to change pretty quickly.
In this case, I'm guessing Google is opting to choose the path of least resistance, and rather than perform due diligence and KYC for apps which solicit donations, they've chosen to just... not do that.
They've chosen to pre-emptively cover their arse against a risk less likely than an asteroid hitting Earth by just nuking the apps.
There's another thread on HN about this right now - I don't know how these people can like, exist, in this world, with every one of the hairs on their head individually combed into a perfect slick. Can you even eat breakfast without worrying about some tail risk?
Too much HN for today, methinks. I'm so glad that the normal people I interact with in the world aren't this wanky (I don't mean you or other posters here, but the bureautwats that actually implement this stuff)
Really? Because Chrome allows me to navigate to all manner of sketchy sites- should Google be dropping Chrome? I mean, it's about as specious of reasoning as claiming that financial regulators will go after Google over donation buttons in apps. At that point, the whole thing is so far removed that it feels like being worried over getting struck by lightning. Heck, Chrome will even autofill a saved card into a donation page for me. Does Google need to follow KYC for every Chrome user and every page they visit?
Sure, maybe the argument can be made, but come on. We all know this is so that Google can get their nice 30% cut, and cut off any alternate funding sources for Android apps. Otherwise, shady developers will just require a "donation" instead of a purchase. That is behavior that Google would be reasonable to police, but to claim that action from financial regulators is what's causing this is just silly.
So many services use KYC/AML stuff as a catch-all excuse because it's easy to claim 'tip-off' provisions and just flat out refuse with no further information.
It's just your bog standard wanky corporate dishonesty. Nothing new under the sun.
Google does not exercise significant control over what websites a user can visit with Chrome. They certainly don't maintain a whitelist. Some might opine that the Play store is perhaps a slightly different matter.
It may also be worth considering that actions can, at some times and in some situations, be taken by human beings for multiple reasons with multiple independent motivations. All of which are real, genuine reasons.
They maintain a blacklist though, called Google Safe Browsing. Perhaps Bitcoin sites should be added to that to prevent money laundering. Pornographers should be licensed, otherwise omitted from search results.
Too many adverse effects you say? Sorry, that's just the way it is, no use complaining.
> If only non-profit organizations are allowed to use Google Play In-app Billing for donations
Nobody is allowed to use Google Play's in-app billing for donations, and only organizations with a valid tax exempt status can link to an external page that lists donation options.
The full text says "relevant country's regulatory bodies and authorities".
"Examples: Donation solicitations from parties without a valid 501(c)(3) tax exempt status clearly displayed to the public; solicitations from parties without valid proof of exempt tax status or proof of registration with the relevant country's regulatory bodies and authorities; and political organizations that have registered with the Federal Election Commission (FEC)."
> solicitations from parties without a valid 501(c)(3) tax exempt status clearly displayed to the public
As far as I can tell (though I am no expert) it would be very difficult or impossible for an open source project to qualify for 501(c)(3) tax exemption. And even if it was, the cost in both time and money to obtain such a status would not be worth it for small open source projects.
What you quote seems to be the Google Payments policy, not the Google Play policy:
"Any individual or business processing transactions with Google payments must adhere to these policies."
These apps weren't using Google payments, and it is suspected that they were taken down for not using Google's payment systems (despite not being allowed to).
>Any individual or business processing transactions with Google payments must adhere to these policies.
Are the developers using google payments for other things/apps? Because in the context of these specific apps they are not using Google payments, so the policy wouldn't appear to be applicable.
> (...) puts open source projects in a difficult position, and appears to be overly hostile towards funding open source development.
This is the problem of developing free software on a non-free platform. They have absolute control of your work under their own terms, no matter how ridiculous they are. I never understood why the google play store is a socially acceptable idea for free software developers.
It's the most widely used software distribution channel in the world. I'm sure most would prefer to distribute on F-Droid but open source developers want their apps to be successful too.
> Google Play In-app Billing does not support donations [1], so open source developers should be allowed to link to their own donation pages.
Ok, I had to stop there. They have no claim to this as long as they distribute within the store. It would be nice if google allowed this, but there is no obligation. App Stores are monopolies and should be regulated to allow open distribution.
I just cannot comprehend how there are thousands of predatory apps on the store and these apps get banned.
Aside from that it should highlight problems with app stores as a model for software distriubtion in general, although I don't have much hope that this will happen in the immediate future.
That there even exists such a rule is ridiculous and unacceptable in my opinion.
I don’t believe cable tv, for how locked down and awful it is/was, ever went so far as to try and limit any spending outside their own platforms. Perhaps it was a lack of innovation, but the internet and the world of software licensing is gross by comparison
There are always workarounds, but that is not the point. We must not allow these platforms to discriminate against funding open source development through donations.
Perhaps the solution would be to allow users to buy a 'virtual currency' in the app that actually doesn't do anything? It could be argued that this is a vanity item, like cosmetics, and so is exempt.
WireGuard was reinstated after Jason has submitted a new version which does not contain a donation link. The issue has not been solved, and Google did not yet contact maintainers to clarify whether they would be allowed to have a donation link in WireGuard.
Several other open source apps are still missing from Google Play, including andOTP.
While WireGuard was bought back online, version 0.0.20191013 was briefly made available (with a donation link) before it got updated to version 0.0.20191016. Again, the current version of WireGuard does not contain a donation link.
This is the original version of the post, which has become inaccurate minutes after it was posted:
> WireGuard has been reinstated [1], and the donation link is in the app menu (version 0.0.20191013).
> Google has reversed its decision to remove an app that contains a link to a donation page, likely because of public scrutiny.
> I'm hopeful that people will continue to seek answers for why Google has begun to remove these open source apps, there are several of them mentioned in this thread alone. Please don't allow this to go unnoticed, the future of a bunch of less popular open source projects may depend on how this issue is perceived by the public, and addressed by Google.
If it really is because of public scrutiny, IMHO we shouldn't actually treat it as if it happened at all - a corporation that only responds to public pressure like this should be shamed and avoided.
An update on this: they have reinstated the app WITHOUT the link, and there has been no change in policy, according to insiders. Officially, Google has not communicated at all with us about it.
It's disheartening to witness some of the arguments in this thread defending Google, saying that disallowing open source developers from linking to their Patreon pages is a legal requirement, because Google is legally liable (while the rest of the internet apparently isn't) for the payments that may happen on Patreon by following those links.
This is why it is important to continue questioning their actions, a bunch of other open source apps remain taken down, or were forced to remove their donation links. The issue of donation links in apps must be clearly addressed by Google.
Could you double check 0.0.20191013? My phone just updated, and I'm seeing the APK version that has the donation link removed, 0.0.20191016.
I haven't received any further emails from Google (yet?), so I'm still uncertain as to whether I have any sort of green light to republish a version with the link.
Yes, 0.0.20191013 has been freshly installed on my device from Google Play right before I posted, and has a donation link. I see the version published on Google Play has been updated since to 0.0.20191016.
Oh, super. Thanks for confirming. I'll wait a day for some response from Google, I suppose, and then decide whether or not to re-add it. I certainly don't want to inconvenience users again.
The version with the donation link was up only for a short period, and then it was superseded by the new version. The currently published WireGuard version has NO donation link.
The very same thing happened to manyverse (android ssb client) the other day. Got de-listed, resubmitted without donation page, now it's back up.
How google tries to claim any sort of support for open source is beyond me. What open source app doesn't need a donation link? Those approved and funded by google don't, okay. But other than that?
Oruxmaps even had a donate version that went through proper Google channels when the free version was forcibly removed either for a donation link in the app that was incompletely removed from the Play store build variant or because of a donation link on the product website. It never came back, now the paid version on Play is effectively a billboard "you could save those dollars by going over to F-Droid where we are payment optional".
I just wish F-Droid had a better design but I guess that's just the nature of OSS. It always looked a bit shady and out-of-date, which probably hurts it's popularity.
Someone started a G-Droid project[1] with the goal of being a better local client for F-Droid. It's not a full replacement yet, but has many additional features and a better UI. Hope it takes off and perhaps gets integrated into the main client some day.
The strangest fact is, those donation pages only have some links, there is no in-app payment. I don't understand what Google is thinking about when they banned donations...
Wait. I suddenly understand something I've seen previously...
There is a workaround! You simply upload two versions of the app, the free edition and the supporter edition. The support's edition is a paid app. You can ask the users who want to support you to install the paid app in your free app. The program itself is still 100% free and open source, there is no functionality restrictions in the free app, the donation notice can be turned off - just as a way to encourage donations. And it's nothing against the rules of the store.
Yes. This is what I suspect. But knocking out all donations using a big ban hammer is not acceptable here, it should be decided on a case-by-case basis. For example, a standard I can think of, is distinguishing donations and payments that influence the functionality of the application/service, and those that have no effect.
> But knocking out all donations using a big ban hammer is not acceptable here
To be fair they didn't. You can accept donations if you're an actual charity (like Wikipedia is). The line they drew isn't perfectly fair, no, but it's not a full ban hammer, either.
I thought this was a Apple only thing and Google doesn't do this. For example, you cannot buy Audible books frim iOS apuo but can from the Android app.
You can, but I don't think you're supposed to direct your users to put their credit card info in, that all needs to be handled somewhere outside the app (with a message like please sign in on our website). Which seems very blatantly anticompetitive to me.
Now that I think of it, Uber has you put your credit card in. I'm not sure why that's allowed
It's allowed because Play Store in-app billing is only required for digital goods & services fulfilled by the app, not physical goods & services fulfilled outside your device. Uber isn't selling you app functionality, they're selling you the physical service of transportation, so they're exempt.
Quote from policy [1]:
Developers offering products within another category of app downloaded on Google Play must use Google Play In-app Billing as the method of payment, except for the following cases:
- Payment is solely for physical products
- Payment is for digital content that may be consumed outside of the app itself (e.g. songs that can be played on other music players).
Oh, what if the donation link added you to a list of contributors to the website. Seems like that would be "digital content that may be consumed outside of the app itself" which might be a workaround. Google might ban it anyway of course
I am sort of annoyed the other replier didn't see the sarcasm here, so I'm going to point it out, and note that it's funny -- seeing the motivation behind a behavior doesn't automatically invalidate it.
It's arguable since it's "donation" so one may expect to get the full donation instead of 30% cut by google but one may argue what exactly is (or isn't) a donation.
I’m not sure why you’d expect to not pay a fee. Google’s expenses are the same for apps that take a charge as those that take a donation. Credit card processors charge the same fees on donations.
A donation doesn’t magically make everyone else work for free.
> Credit card processors charge the same fees on donations.
Yes, they charge 1/10 of what Google charges. The 30% has nothing to do with how much it cost them to run the service, so let's not pretend that they _have_ to charge them.
(I'm not saying they should offer cheap/free donations, I just don't think it's fair to talk about how much it costs them to run the service given that that's clearly not the driving factor)
Open source app can be compiled and installed without Google play store. If you are hosting on their platform, you adhere to their rules, you are not paying monthly for your free app download bandwith and storage do you ?
Because you can't use Google's store as a sales funnel without giving them a 30% cut. It doesn't matter if you're a company taking payments or an individual accepting donations.
Not unless your entity is 503(c) tax-exempt which is explicitly allowed by Google.
These “donations” are more like tips, which are treated as taxable income.
I don’t see the problem here. The outrage in this thread seems more about people wanting a different set of rules for OSS and possibly avoiding income tax than anything else. If there are a different set of rules for OSS, then that just makes it easier to abuse the platform. Google’s policy seems fair to me.
Hmm, yeah, I guess that if we want patronage to become a viable economic model, then it will have to be taxed at some point... Since I mostly give to (AFAIK) tax-exempt entities, I didn't think of this...
But neither seems to have Google ! While the global license/patronage debates are already a decade old, and we have seen new companies get started and even established in this sector (Patreon).
For instance this "donations" page only seems to cover non-profits ?
https://www.google.com/nonprofits/offerings/google-donation-...
It's unfortunate that the developer resubmitted the app without the donation link, open source projects having a donation link in their apps does not violate Google Play policies.
> Here are some examples of products not currently supported by Google Play In-app Billing:
> One time-payments, including peer-to-peer payments, online auctions, and donations.
It indeed is unfortunate. But what other recourse did we have? The first objective, before we even consider donations or anything, is to make our software available and functional to our users. So we had to resubmit. And it's not like the resubmission process is instantaneous; as of writing, the app still isn't back in the store.
But anyway, now what? Let's say things return to normal, but we still want to put the silly link in the app. Our appeal was rejected. We could send letters, I suppose. Perhaps this article on HN will get the attention of the right people? We could appeal the appeal, maybe. And then appeal the appeal for the appeal. At what point does this become a waste of energy that could be spent coding and improving the app in other ways? It's hard to know where to draw the line and which battles are worth fighting. I'm happy to hear folks' opinions on the matter.
I certainly agree, though, that it is unfortunate.
Donations are not supported by in-app purchases, and I'm sure this doesn't mean open source apps are not allowed to sustain themselves by showing a donation link. Or if that is Google's unwritten policy, people must make their voices heard, this abusive behavior cannot be accepted.
I would resubmit the app with the donation link and continue to document and share what happened. Please do not allow them to set a precedent with a popular project like WireGuard.
It's important to share every detail of the issue, the messages you received, your replies, and the policy links you were given about the alleged policy violations.
I think what you are proposing is to make an ideological fight out of this issue, that is exactly what the author describes as "a huge time-drain that does not make the app better" and exactly the opposite of what he meant with "choose your battles".
Let me say that I think you're morally right, but it is probably not a reasonable choice of actions for the author and the users of the app.
There is no need for an ideological fight, because there is no written Google Play policy against donation links in apps. This is most likely a mistake made by the reviewer or an automated system, and I believe they should follow up on it to sort things out.
> I believe they should follow up on it to sort things out.
reply
I'm sure you believe that.
Do you work at Google in a position to supervise app reviews? Because if you do, then you can help straighten this out.
If you don't, then it is hopeless. Technically, Google has the right to drop any app for any reason whether it is fair or not (so suing them or something isn't an option). OP already followed the ONLY channel that Google provides (an "appeal" handled, I presume, by a bot that generally issues quick, automated rejections. Sure, I wish Google had a better policy, with some sort of genuine appeal policy which included genuine human review, followed a consistent policy, and most likely had a public record of decisions... but they don't.
I wouldn't assume up front that any action is hopeless. There are many Googlers on this forum and issues like that get forwarded and discussed internally. Google has Open Source Programs Office which used to have a lot of clout inside the company, at least at the time when I worked there.
It's amusing - I feel it's almost like causing a media "storm" is part of the whole "AI powered" process they've got going on. Create Reddit/Hackernews/tech blog outrage and maybe a human might step in and reverse the decision.
You can look at r/videos and see how many examples there are, the link in [1] provides quite a few...
So hey, go get people to repost across social media, maybe get a nice trendy hashtag going like #freewireguard and maybe their "AI" (or PR department) might actually do something useful.
Because to me, I've noticed more and more companies only reverse decisions or backpeddle once there's enough shit flying at them (See Blizzard recently, for example).
I can almost guarantee you that a googler who reads hn has submitted this issue to an internal mailing list and you will get special treatment for this problem.
Or in Germany to get an emergency court order ("Einstweilige Verfügung"), dunno if the US has a similar legal venue. At least with an EV you get the immediate attention of their legal department.
The US does, but courts are reluctant to issue them in general. Since google as a fair chance of winning the courts will probably reject the immediate order, and then this drags out in court for a few expensive years before a ruling is issued that could go either way, and either way will drag through the appeals process for many more expensive years.
In England you can sue a company for failing to follow its own policies but I don't know if this is possible as a small claim. If not it's probably eye-wateringly expensive.
My app was also removed a few months ago for this. In the email they say you have to use Google Play In-app Billing, however:
> Donations to 527 designated tax exempt organizations are also permitted.
So if Wireguard becomes a proper tax exempt organisation it would be ok.
If you want donations but aren't tax exempt there is basically no way to do it. However you could easily work around it by offering something trivial like a badge (games can use IAP to purchase trivial things like hats). The downside is that Google take their 30% cut.
I was going to suggest this too. According to the Android dev site "Google Play Billing can be used to sell the following types of in-app products: One-time products: An in-app product requiring a single, non-recurring charge to the user's form of payment. Additional game levels, premium loot boxes, and media files are examples of one-time products."[0] So could you have buttons to buy a "bronze supporter badge", "silver supporter badge" etc. (trying to avoid using the word donation in case it triggers something), perhaps even enabling a "Show my supporter badges" page that shows the ones you've purchased? Kind-of unnecessary extra dev, and as you say Google will take their hefty cut, but might be better than nothing.
google gets a 30 % cut.
I wonder about the exactwording and legalese.
so if someone is financially endowed then could they make a simple game or a loot box bonus, that pays people to play it. then google would owe 30% to that player.
I use WireGuard daily since 2017, and it's one of my most favorite computer programs in the entire world - robust, reliable, state-of-art cryptography, and seamless integration into the system.
I've never donated to WireGuard before, and I didn't think about donation (I installed WireGuard from my package manager and didn't realize a donation link exists), until now.
In an ironic twist, our app that Google supported via Summer of Code was removed.
Whoever came up with this policy and started enforcing it at Google is completely tone-deaf, needs to be fired and publicly called out so we can set an example as a community that this sort of behavior will not be tolerated.
We have contacted engineering leadership at Google and they are in the process of figuring out who it is internally.
I think this is a bad decision, but I don't want to live in a world in which people risk their privacy by making poor decisions.
We just need processes to learn and avoid doing mistakes twice, and shaming is a poor way to do it.
If I risked being ashamed when making decisions, I would probably avoid decisions altogether. This would be awful. The discussed decision is not even out of law.
What we can do though, is to tell people we know and love about F-Droid and suggest them to only fall back to the Play Store if they don't find what they want, and that they should be aware that by doing so, they enter the jungle and that this jungle follows Google's arbitrary rules, some of which are not in their own interests.
If you think that's an appropriate and proportional response to an employee making a mistake or misunderstanding an internal policy, I sincerely hope that you're not in charge of anyone at your day job.
I'm pretty sure "whoever came up with this policy and started enforcing it" has significant leeway in their decision making. Having the power to come up with new policies to enforce also means that you should be ready to take responsibility if those policies turn out to be bad.
Sure, but this person was probably given another set of more general policies to work with, and what they came up with was reasonable for the vast majority of cases. It's hard to imagine every single edge case (open source apps with donation links are definitely the minority) and policies will evolve over time to be more comprehensive.
No one needs them for discovering new software. You go to the app store to get a specific piece of software you already know about and whose reputation you’ve already verified.
No one needs them for code signing. If you want the real firefox.apk you can download it from https://firefox.com/ and notice a lack of SSL alarms going off. What’s the code signing for — to let me know that HTTPS works?!
All I really want is an OS facility that only executes code that has been installed explicitly by me, and always in a sandbox. That’ll stop that dodgy email from executing r00t.sh via an exploit in my mail client.
App stores and code signing popups are proxies for that kind of OS facility, but I’d rather it was just part of the OS explicitly.
App stores leave me with all sorts of unwanted properties, namely Google / Apple throwing their unwanted opinion around. Search for Instagram in the iOS App Store: the top UI element is “InstaMap”, thanks Apple!
There's also people that don't know that they need "Firefox", they just want a browser. Or a tool to print envelopes or crop an image. So they search in the app store and they know it'll probably be okay.
If you search for this online you'd get a bunch of SEO spam sites, shady tools among other things. At least due to the developer fee and reviews there's at least some barrier of entry (Also if it's not perfect).
> App stores leave me with all sorts of unwanted properties, namely Google / Apple throwing their unwanted opinion around. Search for Instagram in the iOS App Store: the top UI element is “InstaMap”, thanks Apple!
Apple's search is notoriously bad and the perfect case to apply Hanlon's razor.
> So they search in the app store and they know it'll probably be okay.
Bad plan, both on iOS and Android. You should not be installing random apps unless you vet them first.
People keep going back to the "users are stupid" argument, but (particularly on Android) the app store does not protect users. Installing random apps or trusting the first app that shows up is a terrible thing to teach dumb users to do.
If you want to protect users to the point where they don't need to think at all, you need to be way more locked down than iOS/Android currently are -- you need Nintendo Switch levels of moderation, vetting, and sandboxing. The problem is that very few people (dumb users included) want that level of vetting for a smartphone.
While there is generally always some small percentage of apps that don't do what they promise and slip through the review I think I can be reasonably sure that if I download something from the macOS / iOS app store it'll do what they say.
I trust it enough to believe it won't start crypto mining in the background or connect to random servers and sending the content of my computer somewhere. For the average user it's probably the better option than downloading the top Google result and just executing it.
As I said, it can happen but I'd assume it's done a lot less than on the "open" internet where there's no repercussions. At least in the App Store the developer would get thrown out, people would post it in the reviews or report to the App Store moderators.
Isn't the whole point of sandboxing and the permission systems exactly preventing phonebook and location data misuse? Especially location tracking prevention was a pretty big part of the iOS 13 announcements.
> I trust it enough to believe it won't start crypto mining in the background or connect to random servers and sending the content of my computer somewhere.
The current migration towards more sandboxing also helps. For instance, Android has restrictions on how much an application can do in the background without showing up as a persistent notification, and xdg-app's sandboxing can restrict how much of the content of your computer an application can access without using a file open dialog.
I don't understand why we keep falling back to uneducated users in this discussions. "Oh we're tech heads; we're not the standard audience..." ... maybe the standard audience should bother to learn something.
I live in a city now and no longer have my own tools/garage, but I know enough about my car to know the shop down the street was trying to screw me when they did a bait in switch, wanting to charge $950 for an alternator repair (and claimed my battery; less than a year old was bad). I called around, towed it to another shop and paid less than half of that...and the battery was perfectly fine.
I should have checked the reviews on the first shop because they were some pretty bad ones. Now I know better, but there are a ton of people who just accept it, maybe because they're car was already towed there and they simply don't know any better.
> I don't understand why we keep falling back to uneducated users in this discussions.
Because that is the majority of the users and because it's hard to find reliable information on the internet even if you're willing to do the research into this sort of thing. I'm certain there are plenty of things that you are probably not knowledgable about and don't put the time to learn about as well.
>Ugh, app stores!
>No one needs them for discovering new software
I so badly wish I could agree with you :)
Sadly, observing the non-tech folks around me, some of which don't even know what an app is, and some of which think the only apps they'll ever use on their phone is the ones it came loaded with ... it's not true.
What is needed is an android app. store that is decentralized / distributed, where the "trust" of an app is a consensus-based score and that has the popularity of whatsapp.
I agree with this. What I'd ideally like is to keep the Play and Apple stores, but also make it possible and easy to use 3rd party stores - kind of how you can add alternative package repos in the Linux world. Unlikely to happen without legislation, mind.
> All I really want is an OS facility that only executes code that has been installed explicitly by me, and always in a sandbox.
Androids app sandbox is pretty leaky. It has a massive surface area, and the chances of finding exploits to get out of it to find root are high. Also, even from within the sandbox, there are lots of evil things you can do (for example, start on boot, and go fullscreen and use all the ram so the back and home button SystemUI process gets killed and your app is unkillable.).
The 'badness' of the android app model is a big chunk of the reason Google wants to be gatekeeper - otherwise android apps could just load and unload like webpages do. That and profit.
You say this, but rooting attempts for flagship Android phones have failed at many recent pwn2owns. The grey market price for a root exploit on flagship Android is comparable to iPhone.
The most popular third party rooting services don't seem to support past Android 8.
I wonder if part of that is that a lot of flagships seem to have unlockable boot loafers now, with a force wipe to do so. Does that have a measurable impact on the number of people trying?
It doesn't seem that way. There are still people attempting pwn2owns. The grey market value of a root exploit is still in six figures and likely higher on the black market.
As a matter of fact, APKs are signed anyway using the pubkey of their developers, the signature is embedded in the package, regardless of whether it's in the app store of not. You cannot use a package with a different signature to replace the existing one, the system will warn you about a conflict.
If someone has changed the files on the distribution servers. A Hacker News reader will have no problem recognizing it and stop installing, another one will compare the signature and keep it as evidence.
Of course, the overwhelmingly majority cannot recognize it though.
The product is built in a very controlled and secure environment at the core of a company's competency ... code-signing here stamps the product as authoritative and representing the company's efforts.
The website from which you, the customer, download the software often is built and managed under less controlled and more vulnerable circumstances, often with third party involvement. Any bad actor in a long chain of internal caretakers and potentially external hackers can replace the to-be-downloaded artifact HTTPS with malicious junk. Code-signing mitigates this.
Semi off-topic, but anyway, I have an supportive argument for you: APKs are signed anyway, the signature is embedded in the package, regardless of whether it's in the app store of not, it the signature has changed, you cannot use a new version to replace the previous version without manual reinstallation, it's an effectively safeguard against phishing.
But only the readers of Hacker News can recognize it. I think it's one of the most powerful argument for a walled garden. Not that I support it, but I acknowledge it's still a powerful argument.
For example, code signing can protect against an attacker that can swap the application, but not the signing certificate. It can allow retroactive disabling of a certain application by revoking the cert that signed it. In short: HTTPS ensures the integrity of the download at the time the app is downloaded, code signing at the time it runs.
I'm on an unrooted phone and F-Droid doesn't do auto-updates or even "update all". I have to remember to open F-Droid once in a while to click "Update" and then "Install" for each app, one-by-one.
I understand that it's probably Google's fault for not providing APIs/permissions but it's still terrible UX. I only use F-Droid when an app isn't available on the Play Store.
fdroid periodically automatically checks and notifies of updates to apps. You can also "Update all", using the button of the same name, but you will have to press install for each, due to the way Android works, which is a bit of a pity.
F-Droid isn't a "system app" so it can't even ask for permissions. If it was added as a system app in a custom ROM, then it'd be able to use the undocumented interfaces to install apps.
I agree with your sentiment in theory. Unfortunately, in practice, Google Play Store rips off my signature after I upload and sticks their own one on instead. Blah.
To play devil's advocate, I'm sure Google's intent is to prevent garbage apps from spamming or tricking users into paying money and the resulting PR backlash from having an app store full of shady apps.
A 501(c)(3) application costs at least $275 and takes 2-12 months to process. That seems all right if you're a SV SWE registering something on the side of your regular 6 figure income, but for a lot of folks around the world, that seems a largely no-go way to support their project.
If this is really an attempt at preventing garbage apps from spamming or tricking users, this is both overly broad (many false positives) and badly targeted (many false negatives). Why is it that iOS doesn't have this policy, and has significantly fewer garbage apps?
Maybe if Google were to allow third party app stores, folks could choose the one that fits their ability to evaluate the sophistication of apps themselves. For example, some folks might want to pay for extra security checks on the apps they use, while others want to install anything and everything under the sun.
Yes — if there were real competition between multiple app stores, some of which provided better systems of vetting than others (both for users and for developers), then the kinds of stores that had these policies would die off.
Then break-up is still not the solution. Microsoft didn't get split in the late 90's / early 2000's. Anti-trust case against Google / Apple seems far more appropriate and doesn't require new legislation.
All in all, that whole "break-up" argument is just political white-knighting by wanna-be elites (ie. Warren & co).
I don't follow this line of reasoning at all. By all accounts, Microsoft should have been broken up. They were convicted of abusing their monopoly position in a court of law. It was a travesty of justice that it was not carried out. Had this happened, the new companies would have been vastly more competitive, and the current state of computing might have been much better.
It's hazardous at best to assume the state of something with so much variables.
As for continuing being GAFA advocate (while still thinking they should be compelled to open up "Stores" to competition), vertical integration provides enough economy of scale to achieve ever greater complex things. Also, 1) you can't just "break-up" any GAFA. They're just gonna move out of State and be welcomed somewhere else, and 2) what you're asking put Government in a very awkward position as setting up both enough regulations to block new players, but also blocking player to achieve a certain size. Finally, this argument is getting awfully close to the "broken window" fallacy. You can't just "create competition" out of thin air.
You're right, you can't just create competition out of thin air. The competition already existed at that time. Part of the abuse of their monopoly position was to use the dominance of Windows to also capture other markets, including the Office market, Web browsers, etc. We would have had a far healthier ecosystem if the monopoly had been broken up. Look at where Lotus SmartSuite, Corel Office, StarOffice, and all the rest are today. They were not able to compete commercially in a market distorted by a monopolist, and today are shadows of their former selves.
Just because there was competition doesn't mean it was any good, nor that it was gonna last. Microsoft "decline" largely came from new technology they laughed at (smartphone and cloud computing) and to a large extend, missed on. Such an evolution is typical from the high inertia inherent to such a large structure. It forced them to evolve, for the better. Same will likely happen over time with Google/Apple, their structure will get more and more rigid, they will stop providing as much benefit to the user, competition will appear and their will be forced to open up. Apple is already starting to lose ground on the self-repair front, and both are more and more called out on the rigidity of their stores.
Amazon/Facebook is a different problem. Amazon is colliding with the old retail chain and weakening their power in DC (Amazon is not doing anything more that has been done in brick and mortar stores ~forever). As for Facebook, it is threatening Governments themselves (privacy is just just a convenient red-herring).
Or, they will all pre-emptively adopt stronger policies to avoid freeloading. OSS apps don't pay for bandwidth used in downloads, and Google is the one benefiting most from all the free apps on their platform. So if _they_ aren't comfortable with the situation, I can't see a breakup solving that.
Google will never care about the quality of an app store (for devs and for users) as much as a company with majority of revenue coming from folks using their app store. It's the fundamental problem with a monopoly business and breaking off the Google store from being the exclusive way to get apps on the Android platform will solve it because companies optimize profit.
I don't see how this makes sense -- if someone wants to launder money, why would they need to find a donation link to their external donation system inside an android app?
Yup, I pretty much read it as this: "if you are operating an open source project then you should use ads for funding instead of donations or introduce paid features/upgrades so that we get a cut"
I too made a "fuck Google" donation to the WireGuard project today, after seeing an update and then the app disappearing entirely.
I'd love to use the F-Droid version but it's not up-to-date, and isn't published by Jason, so it's not signed by him either.
Publishing it on the website with a built in update-check might be one solution I'd be happy with, it'd only need a text file hosted on the website and a check, perhaps each time WG is activated to see if there is an update. Modern Android versions can be toggled to allow installing software from external sources, so the app could "install itself".
I am not sure why it needs to be called a donation. Just let the in-app purchase unlock some cosmetics in the app like games do. You weren't going to deduct the donation from your taxes anyway.
I am curious how this ends up working out. Google takes a cut of the donations now... but the process of buying is probably easier. So maybe it will increase donation revenue, and make it easier to support free software.
(Taking a step back; it is pretty weird to have apps opening links to web pages that take your credit card number. The app store operators are right to view that with suspicion because I'm sure that for every legitimate open source project, there are a million phishing scams.)
Open source developers shouldn't be forced to lock away additional functionality in their apps, or resort to special tricks just to be able to receive donations for their projects.
Google could make a positive impact by introducing new features that help users seamlessly fund their favourite open source apps, right from their Google accounts. GitHub has recently introduced a similar initiative called GitHub Sponsors [1].
> Taking a step back; it is pretty weird to have apps opening links to web pages that take your credit card number.
There is nothing weird about accepting payments outside of Google Play, and it is allowed if the payment does not result in buying a product that is used within the app. Buying a movie ticket, or operating an online store with a third-party payment processor are perfectly fine use cases which are allowed on Google Play.
It's sort of a convenience fee. I agree with your App Mafia take but my guess is folks that can't be troubled to use F-Droid probably weren't going to donate in the first place.
For instance, D-Sub is available for free on F-Droid but costs something like ~$4 on Google Play.
AndOTP is available on F-Droid, not sure about Wireguard but I'd assume so.
so the App Mafia is supposed to host your app for free? provide the bandwidth to download it for free ? give visibility to your app thru search in the store for free ?
at some point someone gonna pay for the datacenters, the wires and all these stuff needed for software distribution.
Try running your own site on your own servers and paying for the data traffic and then do the math.
First we're talking about the free app for a good cause, so you're already providing an app for free, so you've assumed some sacrifice for others for whatever reason, and setting up a website for it may be comparatively negligible part of the whole cost to you in terms of time.
In my case I would have already had an infrastructure and knowledge how to host things, so it might take a few minutes to put some new files up on a machine used for other projects. Additional costs being pretty much 0.
And there may be benefits (even if I didn't have the knowledge and infra) like learning something new, or now having an infrastructure and knowledge that helps you save expenses or time in the future. So that would offset the costs. You can't just look at costs alone.
Android is worth sh*t without any apps. I consider providing a market for apps and managing the quality of the market is their responsibility, business expense not developers.
If they don't like free apps, then they should stop hosting free apps if they want that 30% tax so much.
Google should be thankful in the first place that developers are making apps on their ecosystem (doubly so for open source apps), because without them, Android and the Google Play Store itself isn't worth much. It's their part of the deal to stay relevant.
Edit2:
Having read round some more, it seems you possibly could sell a different version, of course you would have to offer the source code which others would be free to give away, (this is for the gpl). I don't know if the discrimination clause of the Open Source Definition would come into play though.
>> Just let the in-app purchase unlock some cosmetics in the app like games do.
> Open source developers shouldn't be forced to lock away additional functionality in their apps
I don't think functionality was what was suggested. Literally cosmetics. A nice banner that says thanks for supporting the project would likely be sufficient.
Edit: Although I agree it shouldn't be required. As a workaround it doesn't seem too bad though.
It isn't [1] but an average Joe doesn't know about alternatives and what's worse doesn't care about them because he's not affected by Google's foul play (or at least he thinks he isn't).
While I see what you are saying, it doesn't need to be "locked away functionality". You could like "sell" badges. $10 """buys""" a bronze badge, $30 a silver etc, whose only functionality is to be listed in some irrelevant "thanks for your support" view.
> "Just let the in-app purchase unlock some cosmetics in the app like games do."
Doesn't Google take a whopping 30% cut of the purchase price for both in-app purchases or direct purchase of the app itself? That's a pretty big bite out of the donation.
> You weren't going to deduct the donation from your taxes anyway.
Unless I’m mistaken, this is only possible if you’re donating to a registered charity. Many view open source as more noble, but OSS developers don’t magically get a different rule book :)
(I don’t disagree with your perspective here, but the prevailing sentiment in this thread seems to be that OSS developers should get a different rule book.)
And also, if you receive goods or services in exchange for your donation, you need to discount your deduction by the fair market value of those goods and services.
This is not tax advice; consult a tax professional for your own personal situation.
Asking consideration from a platform based heavily on OSS isn't unreasonable. Especially considering Google would benefit from the improvements those donations could spur.
> Just let the in-app purchase unlock some cosmetics in the app like games do.
I contribute to projects that are committed to never locking away features behind licenses or in-app purchases, because most open-source projects in that space eventually went down that route.
You might not have to actually lock anything away. It might be acceptable to "unlock" a theme that you could otherwise just install in some other way, or there might be some other workaround.
>I am not sure why it needs to be called a donation. Just let the in-app purchase unlock some cosmetics in the app like games do. You weren't going to deduct the donation from your taxes anyway.
My immediate thought at reading the title "So sell a supporter animation that plays in an about menu".
The problem of donation links from Google's perspective is that they are not getting their 30% cut. You might think that this is unfair, but the app is using their distribution platform.
It's possible to make open source applications and still ask for payment on Google Play, either as the asking price, subscription or by adding in-app payments for donations. This is the right way to do it, and will probably also have a much better return since the payment workflow is much easier.
I can even go along your last point. But it's a different argument to say "going through google is more efficient" or to say "you can't not go through google".
Frankly, they're using their market dominant position to force free developers into a distribution model that serves them as the payment processor. I'd not go so far as to argue those are separate businesses, but it's really a blatant abuse of their power.
Arguing that this is somehow related to software quality, safety or whatever is pure BS> There is simply no other explanation for this than "it will make us money and we can get away with it."
Why is it an abuse of their power? Google and Apple are essentially saying that if you use their store as a sales funnel then they take a 30% cut, and they enforce that by being the sole payment processor on the store.
Basically Google and Apple both know that people will make more money by listing in their stores and taking a 30% cut than not listing at all.
1. most open source software is not even close to breaking even via donations. so "making more money" really is a misleading way to portrait the situation.
2. I hope we can agree that "if you use their store as a sales funnel then they take a 30% cut" is at least a use of their power. The fact that there's no recourse, no (practical) competition for the distribution, and that they're not acting in agreement with their "official" stance on free-as-in-beer or free-as-in-speech software makes it an abuse in my book. The thing is, they don't officially say "we only host apps that make us money, not at all. They say they're just platforms, facilitating exchange, blabla. Also, see point 1: "sales funnel" for projects that maybe (!) manage to break even on their hosting costs is not the right term to use here.
This is an old claim by now, but these platforms matter a lot today, and since we only have two of them, and they are not in direct competition (users cannot switch at will) they really should be treated as the monopoly infrastructure that they are. What that means concretely is subject to negotiation within society.
In my opinion blackmailing the devs of an application that is essentially written and maintained as a service to the public, for free, by volunteers, is a shit move to say the least.
Correct, the more precise term here is extortion, and I can speak to that having had to face that exact criminal charge before. It follows pretty much every required element of the crime.
Not exactly. Being a monopoly is fine. Google is a monopoly in search for example. It's not fine when you use that monopoly power to either stifle competition (like what MS did), or to demonstrably harm the consumer (very hard to prove).
Just because Google Play is a monopoly, it doesn't mean that it's illegal or should be fined. Especially since there are other options, like amazon's app store, or manual installation of apps.
Especially compared to iOS, Android is a paradise of freedom.
A monopoly is not defined as a 100% market share though. I'd argue the playstore is the way to distribute apps on android, and realistically a monopoly.
Wether or not the "software distribution" and "payments processing" aspects of the playstore are separate markets/products is (in my mind) up for debate. If they were then google would be using it's distribution market penetration to push its payment processing business.
Then there's the argument that the way they selectively seem to cut off smalltime donation-based software does harm users overall, although it is a systemic harm, not individual, or at least that would be (as you said) very hard to prove.
Except, in case of iOS AppStore, you don't have the choice of a third party store or even side-loading ability.
And they are in the process in doing so (partly by closing the platform through read-only system partition and expecting the app developer to sign the app through Apple means) with MacOS.
The platform is not yet closed, as the system partition can still be mounted in read-write mode and notarization can be bypassed for now. But their are clearly in the process to make these changes permanent in near future. Reason why they introduced them in Catalina.
The Girl Scouts sell cookies at the front door of grocery stores with an entire aisle dedicated to cookies. The stores give them permission to do so knowing the goodwill outweighs any loss in Oreo sales.
Google could make the same choice but doesn't for some reason.
Donations through the Play store's payment platform are prohibited, since all purchases need to give an additional value in return.
The only reliable way to get donations in a compliant way is by linking to a website from the app and have a donation button there.
Going by your point, shouldn't Amazon be blocked since they are collecting the payment info and charging without any interference from Google? How are donation links being considered to be in violation? Just wondering!
The “30% cut” only applies to digital goods like apps, software or music. Physical goods like a book ordered from Amazon (or an Uber ride, for example) are exempt. Amazon-owned properties that sell digital goods are subject to the rule though. That’s for example why you can’t buy Audible audiobooks from within the app.
Both stores require payment through their app stores for digital goods. Neither require it for physical goods (Amazon). The donation is for the software itself and so requires payment via Apple/Google.
Might be convenient and great for Googles revenue, but it's the wrong way to do it if your priorities are to reduce the projects platform-dependence and to support the project with your full donation.
Usually, once I decide to contribute money to a project I want them to be as free as possible and I want them to get as much of that money as possible. Independent from the specific app store I pulled it from.
I think it's wrong that the Google Play Store treats donations like purchases.
I like the way that the author of Simple Mobile Tools [0] made donations. Applications are free and open source, but there is a paid app Simple Thank You [1].
That's also how I was thinking about doing "donationware" on a mobile app store.
> Sorry for the inconvenience. I'm sure many users are just as annoyed as I am. In the interim, luckily F-Droid has our app.[1]
Thank heavens there's an alternate way of distributing apps on Android. Say what you want about Android vs. iOS, but at least there's an alternative if you as a consumer have a beef with Google Play.
Even if the Play Store and F-Droid both disappeared, the replacement could be a community-run open directory of APKs sorted by version. At least we have options on Android.
Something like that already exists. I had to use one of these directories once to install an older release of Signal on a relative's phone (newer releases of Signal don't work on older phones, older releases of Signal aren't compatible with the current Signal server, but there's a single version in the middle which both works on older phones and is compatible with the current Signal server; unfortunately, that phone hadn't yet updated to that release before a newer release went out).
A general comment: the need of the hour is to educate the billions of 'ordinary' computer users about the basics of software, privacy, security and trust. We must not fall into the narrative being parroted around off-late that considers end-users as pretty much dumb content consumers who should not be expected to ever know even the minimum about the underlying tech and therefore every decision needs to be made for them by a small minority of corporations, govts, and the tech elite acting as gatekeepers and overseers. This is a dangerous road to go down unwittingly. Too much de facto power is concentrated in the hands of the few while the rest are gradually trained into normalise being helplessly manipulated and told to defer to authority.
> who should not be expected to ever know even the minimum about the underlying tech
I have worked in this industry for long enough to know that even assuming a minimum of knowledge at all is a bad idea. You can fight this fight as you want, but this comment has nothing in it to convince be otherwise.
(12 years of corporate IT support experience and 40 years working with tech in general)
Because it's human nature to only care about details that you believe you need to know in order to manage some part of your life.
If you don't see a clear and immediate value in learning something, you won't. No matter what anyone else says or does to try and convince you, you won't.
Then you get burned by something you didn't know, and there's a 50/50 chance you'll learn about it then, and only if you're convinced that it's something YOU have to do, that can't be managed for you.
And most people resent having to learn that much.
I no longer try to convince anyone of anything tech related. And rarely answer much when I am asked, unless I can see that the person is truly interested, not just curious about some buzzword.
Not the original person but: In one company I had built a reporting system. An end user generated a report and contacted support. The report contained a column that they didn't understand the meaning of..... The column was "Date" and it was the date that had occurred. They suggested that we explained that in the generated report because it was confusing. This was a medical professional.
I've tried to educate many people on a personal level and failed miserably almost every time, being perceived and dismissed as an evangelist for some weird ideology they don't care about (and I took it very slow and tried really, really hard not to sound as one). Maybe they are right, after all? Who am I to dictate or even influence what they should care about, especially if they don't experience that clearly. People never become tech literate until it bites them in the ass. They have to face the consequences, that's how it works.
Meanwhile in 2019, most people still find "nothing to hide" attitude perfectly reasonable.
But it is actually an ideology... It's the same as why people don't care about climate change or other far removed things from everyday life.
For the normal, everyday non-tech user, they see that all their friends use these apps and nothing has ever happened to them. The FBI didn't come knocking, they weren't fired from their jobs or anything like that.
From their point of view, why should they care about repositories, digital signatures etc., when they just want to use Instagram, Snapchat, Whatsapp and so on for some after-work (or during-work) fun / brain-swithoff. They just post some silly pictures or watch some Youtuber videos.
All these concerns about privacy just don't reach the everyday reality and real-life concerns of people and is in effect an ideological thing, similar to rejecting proprietary software on the desktop due to moral and political beliefs.
> They have to face the consequences, that's how it works
The consequences (app creators changing their practices and policies) will be spread over everyone, not on individual users. As long as their friends and society keeps using it, most people will as well. If it slowly dies out, people will use whatever is new. Most people are not that much attached to using these apps, just use them out of boredom or to interact with others. They'd easily move on if that's how things evolve.
Funny that the same could have been said about actual literacy several hundred years ago. Who ever needs to be able to read and write in their everyday life? Why should I care? It's a thing far removed from everyday life, unless you're a trader or a priest or a scholar or some other expert. Today you can't imagine an adult person being unable to read, in most of the world.
Except the tech is already there, and you use it with or without understanding. You use a credit card, electricity, Internet and other communications, some kind of computing device, your entire life depends on it. And IT shapes your life way more than any other tech, so it probably makes sense to get a grasp on the general concepts at least. No need to become an IT expert, similarly to how there's no need to become a Shakespeare to be literate. And yes, being tech illiterate can fuck you up very visibly and personally, for example by losing money from a stolen credit card.
I think a better metaphor is driving. In many countries, like the US, driving is extremely widespread and most adults cannot function in the job market without being able to drive.
However only a minority of them knows how cars work under the hood. Most people understand the pedals and the steering wheel and that's it.
Same in tech. People understand there are screens, there are buttons you can click, text input fields you can type things in with the keyboard, on/off switch, sleep/standby, etc. All the things needed to operate it.
> for example by losing money from a stolen credit card.
I'm in Europe and I don't know anybody who had this happen to them, nor is identity theft a thing here. And this is mostly about phishing and social engineering anyway, not about understanding the tech background of package managers and digital signatures.
> that considers end-users as pretty much dumb content consumers who should not be expected to ever know even the minimum about the underlying tech and therefore every decision needs to be made for them by a small minority of corporations, govts, and the tech elite acting as gatekeepers and overseers.
That's what we do in every other domains, what's the difference here ?
We need to drop the attitude that technology is a new scary thing it's not. Technology is an extension of our selves we have been using it for thousands of years to expand our ability.
Pen and paper was the old technology if you don't know how to use it you are illiterate, if you don't know how to use the new technology you are still just illiterate.
The baby boomer attitude of "I can't be arsed to improve as a person so every one else has to dumb it down for me" is unacceptable.
> I can't be arsed to improve as a person so every one else has to dumb it down for me
Do you apply that to yourself out of tech ? Are you literate in art, philosophy, astrology, history, chemistry, medicine, &c. (more than surface knowledge) ? Where do you draw the line ? Is using google maps without knowing how the GPS system works in details an issue ? What about cooking ? Do you know which chemical reactions create tastes ? Are you buying food from supermarkets, why don't you hunt and grow your own ?
> The baby boomer attitude
As if millennials+ were better. Using a pc/smartphone daily doesn't mean you're tech literate, it's a prime example of familiarity != knowledge.
With the history of viruses, malware, ransomware, etc of personal computers for the last 3 decades, the average user is better served by a curated environment. I will download any random crap on my iPhone knowing that it can’t do much damage and has a strict permission system. I very careful about what I download on my computer.
Yes, we, as tech workers. Most people aren't "us".
It's perfectly understandable for places like the android/apple app stores to be heavily moderated.
Same reasoning for forcing people to have their cars serviced by mechanics and not do their own maintenance in their backyards. Otherwise we'd have people driving cars without pipes and DIY break pads. I'd much rather have that enforced by megacorps/govt than by an infinite amount of businesses/individuals trying to game the system.
For most people a smartphone is an entertainment device, a tool at best, they don't give a single fuck about the underlying tech and they should not. Feel free to root your phone and install whatever you want, you can't ask people to become tech literate, it's your hobby/job, not their. Our job is to provide them safe tools, not teach them about tech. Look at your own life, chances are you don't even have surface knowledge of 99% of the things you use daily, and that's perfectly fine, nobody expects you to be a furniture designer, building safety inspector and car mechanic.
How is that? If more 'ordinary' people understood that the only functional encryption is one that is resistant to MitM etc., and the undesirability of implementing backdoors, even for ostensibly legitimate reasons, there would be far more pressure on legislators to not keep advancing these proposals than there is now.
Again, knowing that privacy is good doesn't have anything to do with the "underlying tech" and doesn't require any technological understanding. You can read a book without knowing how it was printed.
> Our job is to provide them safe tools, not teach them about tech.
But, you can't really provide them safe tools without fixing some of the behavioral components, can you.
"Don't try to lick the sharp parts, especially when running the machine" is an implicit and important (albeit obscure) part of the safety to operating, let's say, a band saw.
Unfortunately, the intellectual bar seems to be noticeably higher for "When a very urgent and heavily accented Microsoft Support representative calls you out of the blue, don't type into your shiny techno-thingy what they tell you to".
I'm generally all for sane defaults and constructing to make spontaneous use possible too, but a lot of the time there is ultimately no other protection against dangerously wrong use of tools than not using the tools dangerously wrongly.
Too bad that's a tall order for very complicated machines that can do vastly different things depending on configuration.
Yikes. Really? Where do you live? I can’t imagine living someplace where I’m forbidden from picking up a wrench. Heaven forbid I buy some PVC pipe. Who knows what mischief I might get up to!
For the record, I do my own break pads. And have done the master cylinder (thing that powers the breaks) on my cars a couple of times. Not just without formal training. Without any training except what I could quickly Google.
Europe. When I lived in the US I saw cars with bald tires, clearly damaged frames, spewing insane amount of smoke &c. on the road daily, I'm glad I don't have to deal with that over here.
44 states have minimum tread depth specified in the law. Almost nobody has the tool necessary to replace a tire anyway, so nobody does that themselves. So what’s your point?
Not sure why you would assume that prohibiting people from working on their cars would increase the level of maintenance.
The problem is the authoritarianism. You are advocating for totalitarian control as a solution to the possibility that some individuals might misbehave. If there is one thing we should have learned from history by now, it's that that's about the worst solution to a problem ever.
So? I don't understand your point. Authoritarian solutions are good as long as they are not "the Final solution" because ... ? And what does having to follow the law have to do with any of this? Even "the Final solution" was law, and in a developed country at that, so ... yeah, could you explain what your point is there?
If any rule/law = "authoritarian regime" to you I think we can't stop the discussion now and save us both some time.
> And what does having to follow the law have to do with any of this
Google is free to handle its playstore as it please as long as it follow the law, I doubt google will pull a genocide anytime soon. Setting boundaries/rules doesn't make you an authoritarian regime. If you want to pull the "this reminds me of the darkest hours of our history" card you better find something more important than an app removal from a mobile phone app store if you want to be taken seriously. But I guess it's fashionable these days to compare everything to nazi germany/fascism/_insert_bad_people_, no matter how convoluted the comparison is.
> If any rule/law = "authoritarian regime" to you I think we can't stop the discussion now and save us both some time.
Can you quote where I said anything about a "regime"?
> Google is free to handle its playstore as it please as long as it follow the law,
Which is true, but completely besides the point? I am free to call you a clueless asshole. But if the discussion is about how to have a constructive dialog, me pointing out that I am free to call you a clueless asshole contributes exactly nothing to the conversation and at best shows that I have no clue what the discussion is about.
> I doubt google will pull a genocide anytime soon.
Your point being? Authoritarianism is good when it's not a genocide, because ... ?
> Setting boundaries/rules doesn't make you an authoritarian regime.
Again: Where did you pull that "regime" from? And also, no, "setting boundaries/rules" does not make for authoritarianism, that is correct. Why did you assume that I wasn't aware of that?
> If you want to pull the "this reminds me of the darkest hours of our history" card you better find something more important than an app removal from a mobile phone app store if you want to be taken seriously.
Why? And no, simply pointing out that one thing is worse than the other is not a relevant argument, that's simply straw manning, because noone claimed that one was as bad as the other.
Nazi Germany was a pretty developed country, and its companies followed the "law" pretty well ? Imagine how useful an app store would have been to identify the "indesirables" and how long / whether the app store owner would have resisted?
Right. That means you have to pick which domains those are. Picking some to learn about means not picking others, because there's an infinity of domains. Forcing everyone to become a security expert to survive limits all their other options.
I know people are going to quote Heinlein here, but civilisation exists so that not everybody has to be a specialist in everything.
What you're asking for is technology literacy, similar to science literacy. Adults generally don't care to learn this stuff. But you can teach the next generation.
Yes, and the tech industry is already several decades old and multiple generations have come and gone, but today's tech consumers seem to be even less confident of poking behind the surface than those of the yesteryears.
And do note that there was a point in history when even basic literacy belonged to a small few who argued in exactly the same manner than tech people do today, i.e., that most people will never be able to understand basic science and maths, and we cannot hope for any better than to be benevolent dictators. Later history proved the hollowness of those claims. Today the majority in most of the developed and some of the developing countries are basically literate and what their grandparents couldn't imagine doing, they do effortlessly today. I don't see a single reason why computer sector should be any different. I'm not talking about a deep understanding of computers, just basic literacy that would obviate the excuse for tight, walled gardens and locked down devices.
> but today's tech consumers seem to be even less confident of poking behind the surface than those of the yesteryears.
To be fair, I'm less confident poking around behind the surface because what used to be relatively straight forward has become --for various reasons, few of which are legitimate in my eyes-- absurdly complicated.
> basic literacy that would obviate the excuse for tight, walled gardens and locked down devices
You can do whatever you want on a platform like Windows because they make their money off of selling support for their platform, and selling their own products for it.
Google and Apple do not make money selling support for their platform, and only Apple really focuses on selling products for it. But they both make money by tightly controlling their platforms, in order to to squeeze money from developers, [in the case of Google] from manufacturers, from carriers, from users' payments, and from all the data they collect about it all. They don't have to care about the customer at all, and they can just focus on engineering. It's the programmer's dream.
Their business model is a walled garden, and they pick the fruits of that garden. In the case of Google, they run the Android platform so they have a way to still make ad money if Apple denied them access to that platform. In the case of Apple, they run the Apple platform so they can make money from expensive consumer devices, and also use it to control more of the services/products we use.
So, it really doesn't have anything to do with literacy. Even if everyone were a genius, their choice is still A) don't use a smartphone, or B) use a walled-garden smartphone.
>I'm not talking about a deep understanding of computers, just basic literacy that would obviate the excuse for tight, walled gardens and locked down devices.
I disagree on this. I have a friend who has "basic computer literacy" as in knows how to use MS Excel, KeePass, etc. And yet, she inadvertently got a virus on her laptop. It was puzzling how she could have gotten it. She doesn't visit the usual suspects of porn/gaming/gambling/etc websites. Just normal stuff like CNN, WSJ, etc. The only reason we found out about it was her email account got locked out by the ISP. Apparently, the malware found her MS Outlook email account and used a hidden background service to send a bunch of spam messages using her email profile. Understandably, the ISP monitors SMTP traffic sent from residential addresses and when it hits an unusual threshold, they lock out the account. To clean up the malware, I reformatted her laptop and got the email reset with a new password.
On the other hand, with her Apple iPhone and the locked-down walled garden, I really don't have to worry about malware to the same degree. Yes, the Apple app review process is not infallible and theoretically, she could get infected by downloading a fake bank app that steals all her money. However, the possibilities for that nightmare scenario are drastically reduced in the closed Apple ecosystem.
Even programmers, who we'd classify has uber-computer-literate compared to the general population can unwittingly get bit by malware:
What's the solution for those programmers? Educate them on how to use computers? But they're already educated.
Yes, I get the hacker ethos of not having locked-down devices but we also overestimate the ability for the general population to maintain safe computing devices. Heck, I'm a techie that programs in Xcode and I'm not confident I'm really literate on all the vulnerabilities of the iPhone. Thus, it seems unreasonable I would expect non-programmers to "just be educated" to make the App Store's curation unnecessary.
I want to do this with my nieces and nephew, if they and their parents are willing. I think I already screwed up, though, when I bought Amazon Fire tablets for three of them for Christmas in 2017. Granted, they were around 3 years old at the time, so maybe they couldn't handle anything more. Still, I'm wondering what I should buy them next time. My sense of nostalgia tells me that I should buy them something at least as hackable as my Apple IIGS was. But that might not be practical. As one of my best friends pointed out to me, if I buy them an all-open-source computer, they're likely to protest, "But Uncle Matt, why can't it play [insert kids' TV show here]?". And they're not likely to accept my anti-DRM stance.
Buying three year old kids tablets for Christmas is already a fuckup imo. They're not even able to have logical thoughts, don't feed them digital heroin already!
In my opinion it's not the problem of software but the problem of hardware. You can more easily write software then produce phone hardware. From consumer perspective it's quite easy to make custom computer and use custom os on it cause most of drivers are open and you can see there are plenty of computer operating systems in the world, on the other hand most of phones hardware and os is proprietary what was not an issue when we were using it for calling not using it as alternative to traditional computer. So first we need to define what is broken, from my perspective broken is phone hardware.
I know plenty about software, privacy, security, and trust.
And I'm happy with these stores and couldn't care less about your cyberpunk libertarianism.
This isn't 1984. The moment they seriously misbehave, the law will come at them, and customers will leave. Therefore they don't.
You're indulging in fantasies because you would like to believe that what interests you is all-important. That's normal: all epidemiologists belief we should talk about the flu a lot more.
But it's just a tiny slice of what matters. So don't disparage people as stupid just because they spend their energy and time with more important things than recompiling kernels.
I guess this will get lost in the noise, but a few years ago Apple relaxed its restrictions on IAP donations and allows developers to offer a "tip jar" where IAPs don't unlock any specific features. I've been shipping a free and open source app with a donate button on the App Store since mid-2017 [1].
Busting somebody's balls because they're not abstracting away something as significant as 27% seems unreasonable. It shouldn't surprise you that somebody who dislikes giving 30% to apple would be proportionally less concerned about giving 3% to Visa.
It's hardly unreasonable; if their problem is, as they've said, "giving money to Apple", then it's not the amount, but the fact that Apple gets a cut at all.
And none of this is surprising, merely inconsistently applied logic. I fully understand what is happening here, clarifying statements will not help.
Says you, but obviously that's not how most people approach matters like this. Most people can reasonably be assumed to think that differences in degree, particularly an order of magnitude apart, are very relevant. At best you're being a pedantic pain in the ass, hassling people for not explicitly stating that a difference in degree is being considered, when such considerations should be reasonably assumed even when not explicitly stated.
Says me? No. Says the person I replied to. Their outrage wasn't sparked by the size of the payment, but that payment went to Apple at all.
Nothing is reasonable about what you're writing, not one thing. At best you're being absurdly pedantic yourself, and hiding behind a throwaway no less. At worst you're trolling. I'm guessing it's the latter, so stop trolling.
Interesting. As someone who considers making an open source app with a tip jar like that I would be very interested in hearing how much that actually nets you if you want to share that info (Maybe via PM if you prefer)
Quote: "They said it was because we're in violation of their "Payments
Policy", presumably because we have a link inside the app that opens
the user's web browser to wireguard.com/donations/"
C'mon people, is Google we talk about, you know, those who bow to might $$$ only. You should've made a donation link INSIDE google, so they can charge their 30% before you get the money, that's how you keep your app in their store </sarcasm>.
I mean you're being sarcastic but this is how basically every other app accepts payments to support the developer. There are plenty of "buy me a coffee" buttons in free apps.
My social-network/IM app (https://movim.eu/) got also removed from the Play Store because I had a link to the F-Droid app.
The Android app is basically a web-view pointing to one of the many instances of the social network https://nl.movim.eu/?login.
Regarding the time (and also money) spent to publish the APK on the Play Store and the hassle it is to discuss with the Google moderation team I didn't bothered putting it back.
That's probably due to the "can't link to other stores" clause. There's a reason you have to manually go to Amazon.com to download their app store, you can't advertise or link to a third-party app source via a Google Play-delivered app.
As far as moneitisation is concerned it really feels as though Google want you displaying their ads or have you funnel your users through their checkout process. Anything else seems to result in apps getting flagged for violating policies around payments or deceptive advertising.
A lot of people justify Google and Apple's 30% because they provide an app store and distribution.
But Android is Android because of these apps. Without them it would be like the Windows phone which was nice but didn't get enough apps on it and so it failed.
These companies depend on our apps as much as we depend on their app store for distribution.
Fuck apple for starting this walled garden and creating a parasitic relationship rather than a symbiotic relationship.
TBH Google Maps was the killer app that smartphones needed to get off the ground. Out of 13 apps on my home screen, 7 are Google apps. Both Apple and Google did a little more than building the framework and then sitting back...
So how do you decide what a fair cut is? Over the course of a month, given all your app and system usage, and all the pieces of software you've touched or relied on, what percent of the engineer hours required for that stuff to work came from Google/Apple vs coming from third party app makers? Is that how you decide the split? Because I have a feeling the time it took to build the 15 third party apps I might touch in a month don't come close to the level of effort required to have built the system and first party apps.
These two apps are functionally identical, only difference is the logo and that the "Gold" version costs money.
So if you want to contribute some cash to this project, you just buy the "Gold" version. Other open-source projects could adopt this model too to evade this policy.
The price you pay however, is that a part of the money goes to Google. Which is obviously the reason why donation links are not allowed in the first place.
This is really unfortunate. If Google is ready to arm twist a popular project like Wireguard, smaller indie open source apps stand little to no chance than to bend over.
This App store gatekeeping should be illegal. Selling the hardware/OS and marketplace by the same person is more like online dictatorship at this time.
Honestly. I'm fine as long as sideloading 3rd party shops is not actively sabotaged. I tend to search stuff on fdroid first and Play store later, and that's something I just can't do on iOS.
One of our apps (https://Yang2020.app) were rejected by Apple for the same reason - having a Donate link. Ultimately we removed the link on native apps (kept it on the Web) and the app was accepted.
However, before doing this, we corresponded with Apple Developer Support / App Review Team and asked them about the Acceptable Business Models of their developer guidelines, which states:
(vii) Apps may enable individual users to give a monetary gift to another individual without using in-app purchase, provided that (a) the gift is a completely optional choice by the giver, and (b) 100% of the funds go to the receiver of the gift. However, a gift that is connected to or associated at any point in time with receiving digital content or services must use in-app purchase.
They scheduled a “specialist” to call us from Apple and discuss this. However when they called a few days later, they repeatedly declined to give a single example of how this paragraph would ever apply. We tried asking many different ways, but they kept saying we would need to submit the app with the business model to get it reviewed. They would not give a single example of an app they approved with this business model. I personally was on the phone and said that we simply wanted to be compliant and it was very expensive to build something just to be rejected, so we wanted guidance about their policies. But the representative did not know anything. I asked if anyone else on their team knew but they basically said no.
So Apple seems to have certain “platitudes” in their Guidelines which companies can’t take advantage of.
Has anyone here seen a single exception to the 30% cut? I know ApplePay may be used to purchase “real-life” items and where you can’t afford to pay 30% less to the vendor. But what about services, like booking time with a teacher? What about digital services such as hosting a videoconference? Apple takes a 30% but you have to pay Twilio. That means any web-based app would cost 30% less!
We were hoping that maybe there can be some link to buy things with Ethereum and since Apple doesn’t offer that facility we can try to argue that we need transactions to be non-reversible etc. Doesn’t Apple allow apps that allow the user to send and receive bitcoin payments to some address? BOOM!
Another thing we can do is micropayments, maybe, and tell users how they can purchase credits elsewhere. But that last part is against Apple’s rules, isn’t it?
Who do you trust more, to secure their infrastructure? Google or F-Droid / a bunch of volunteers who may or may not be very security-conscious?
Not to downplay the effort that F-Droid contributors (or any Android FOSS groups) make, but it's a very legitimate concern.
Would an attacker have an easier time infiltrating Google or a member of F-Droid the development community?
Are users of F-Droid higher value than users of Google Play, to warrant a direct attack? If one wants to pick off users who are fairly technically inclined, other developers, system administrators, etc...F-Droid is a pretty good place to start.
Regardless of the fact that builds are reproducible, F-Droid has infrastructure. How is that infra secured? How are the servers that store signing keys secured? How are the build servers accessed? How is the access secured?
Okay, so the builds are reproducible -- is someone maintaining a concurrent system that verifies reproducibility and provides notification of a collision when things don't match up with built and served binaries?
After reading so many similar stories, here is what Google/Apple/etc should, in my opinion.
If an automated process blocks/bans/rejects something, then the message to the developer MUST say "Our automated scanner discovered..."
Any time something is blocked/banned/rejected, the message to the developer MUST explain exactly why. In the case of this article: "Your update was rejected due to a link to a third party payment system. This violates section N of our terms. The link we detected was <insert link here>."
There should be two kinds of appeal processes. Automated, and manual. You should be able to appeal or resubmit to the automated process as often as you need to.
The manual process should involve real time communication between the developer and an appeal agent. Via phone or chat. To prevent the system from being overloaded, only allow developers a few free appeals, then start charging a fee.
Developer accounts should only be fully banned after multiple manual appeals and the appeals agent determining that the developer is operating in bad faith. Automated processes should never be able to fully ban an account. It must involve a real person. Full bans also must include a detailed email to the developer explaining exactly why they have been banned.
The biggest, and most important, change these companies really need to make is including exactly WHY something happened. No more of these general "you violated our TOS" without any explanation of how the TOS was violated messages.
Actually, F-Droid is not panacea. F-Droid apps do not have access to Push notifications. Coupled with crippled background app performance in recent Android version, it extremely limits certain classes of apps, especially all messengers.
Apple can still shut it down, and you can bet they will if it gets any sort of popularity.
> Testut imagines Apple could disable the ability to sync over Wi-Fi, but that would just mean plugging in your phone once a week to continue using AltStore
How about limit the number of disable WiFi syncs and force you to plug in once every 8 hours?
That requires jailbreaking the device, which may or may not be possible depending on the device and the version of iOS it's running. Recently there was a bootrom exploit called checkm8 that made possible "tethered" jailbreaks to be created for a large range of devices. But even that works only till iPhone X (and not on newer devices), and the jailbreak (if/when available) would have to be done every time the device is restarted.
If you jailbreak you also usually have to run on an older iteration of the OS and have to wait before updating. It's not really a very attractive option.
Signing up as developer, paying the fee and building the app yourself is probably the better option. Even if you have to rebuild it every xx days.
I have been disappointed in the Play Store for a while now. Last I checked, they don't display licenses either, so you can't easily tell what's free software. I get everything from F-Droid these days, and on my primary devices I never even install the google apps after flashing LineageOS.
One thing I've found to be true throughout my career: the culture and ethos of organizations is usually a direct consequence of the culture and ethos of the leader who built it initially, and remains as such loooong after said leader is gone.
Well guess what ... the android team at google and the entire android ecosystem is the brainchild of Andy Rubin, who has recently been outed publicly as a total asshole (and who everyone at Google knew was a total asshole since pretty much the start of Android).
All the things wrong with Android, including the iron-fisted management of what can and cannot run on the platform ("I know, I'm squeezing your balls til you pass out, but don't worry, it's for your own protection") can easily be traced to him.
All of these really motivates me to push for decentralized projects. If the future Is basically full of gate keepers choosing what apps can be used or not and we don’t have any platform allowing freedom then it would be a very sad future indeed
And yet games with hundred dollar microtransactions stay up fine. It's almost as if Google turn a blind eye to that which makes them richer. oh wait, that's exactly what it's like. The bastards.
Though easy to phrase it as a moral problem, I think the matter requires an unemotional analysis. At first hearing it looks like shutting down avenues by which open source app developers can gather donations, but perhaps the measure was targeted at shady money laundering operations.
Perhaps the right thing to do is for Google to offer a discounted cut to legit open source apps, from the usual 30% to a lesser value or entirely waive it off so that they can still seek contributions through Google play billing.
Recently, new versions "Simple ..." line of open source apps from "simplemobiletools.com "on the F-Droid app store have started popping up requests for donations. Those now need to be checked.
For anyone else publishing mobile apps:
Neither Apple nor Google allow bypassing the store's purchase system by linking to external donation pages. No matter the app type, it will result in rejection.
I wonder what would happen if you link your your home page and you have a donation link there.
How deep does it have to be before they cut you off?
Can you link to a page that is only linking to another page where the donation happens? How much extra text would you need to "pass inspection". I find these kinds of arbitrary rules very unsettling. It's definitely time to break up the tech giants.
It is odd that they remove this though, I use at least two more open source apps that asks for a donation and will send me to their donation page if I click.
Break up the tech giants? How is that going to result in having 5 Androids and 6 iOSs? The nature of the technology and market is what drives consolidation. It's a testament to the quality of both platforms that we even have two options.
It was a generalised statement of how they now have too much power to decide what can and can not be put on our devices.
And before the "android can sideload" argument, how many normal people are going to do that with all the dark pattern warnings that google displays when you try to enable the feature.
> I appealed using
their website appeal form. Thirty minutes later (was this automated,
unlike the manual app review process?), I received a rejection of the
appeal.
Again making a case for alternative app stores. Yes having a centralized software repository has its benefits, but it's starting to show it's limits ...
Now, if only Google can remove the apps that can be downloaded and installed on youtube video interface. Those pesky apps can be install even by little children.
So if a Facebook profile or article inside an app has a donation link it should get de-listed? All of Facebook fund raising should get burnt as well?!!
Can we just stop distributing "donation-ware" FOSS and use F-Droid for that instead? It is not as if Google Play Store is a credible source anyway given all the hostile content (for both privacy and security). Today I learned they even remove the orig. signature [1]
Why? Google Play Store has a much larger audience and so the apps will be seen by many more people. Many people use Android and they also should be able to use FOSS apps, regardless of the platform’s privacy and security issues. Is there a reason to not join the Play Store besides something philosophical?
(What you describe is the issue of the Google Play Store network effect.)
Because that way, we can install these applications from F-Droid, by default. That allows us to cope out of the network effect of Google Play Store, allowing the more fair F-Droid (which specifically allows donation-ware) to increase its network effect.
The Apple/Play stores are essentially a totally broken implementation of something that had existed for over a decade before: package repositories. It's embraced and extended Linux/BSD package/ports trees, except without things like the ability to add a 3rd party repository with other authors signing keys, pin certain versions, etc.
We could go on about how regular users wouldn't understand or care and blah blah blah and we'll keep getting software that's neutered, tracks us and becomes more like the proverbial car with the hood welded shut; where people who know about cars have to attach several sidecars just to keep our vehicle doing what we want it to do.
Don't conflate Apple's monopoly with Google's store. Anyone can go install F-Droid or Amazon or whatever on their Android phone. The only thing stopping people is satisfaction with the status quo and/or ignorance.
However, Apple totally rules their walled garden, with some added gross exploitation to boot (recent "Sherlocking" story for Luna Display).
I have to say, I'm really disappointed how few open-source projects are even on F-Droid. It feels like every time I hear about a new OSS android app, I look for it on F-Droid and find it's only on the Play Store.
It's not always trivial to submit new apps and ensure it compiles correctly on their build servers. Same goes for updates, which can be silently dropped due to any number of tool issues.
If you are a front or backend developer please consider investing a weekend or two helping fdroid improve their systems.
E.g. I tried to submit my app to F-Droid, but I wrote it in FreePascal+Lazarus, and they did not want to include it, because they did not have FreePascal+Lazarus installed.
>Anyone can go install F-Droid or Amazon or whatever on their Android phone.
F-Droid/Amazon/whatever can't automatically update installed apps unless the phone is rooted. It's not an even playing field - Google has a de facto monopoly on Android.
All that happens is that, the first time you try to install from such an application (or any other application other than your store, eg: the first time you try to install an apk after you download it from your browser), a settings windows appears telling you this application can't install more applications on your phone until you give it permissions. From there giving the permission is a two click matter, and you don't need to look for it the link is given. See the exemple 2 pictures (and that's the only two steps - note that the "settings" button in the first takes you directly to the second picture, aka straight to the right settings page for the correct application, no looking around needed): https://imgur.com/a/Vafqyic
Then you press back one time after giving the permission, which is the normal way to go back to what you were doing on android, and it works at expected, aka it goes back to the install screen except this time it enables the install button.
Any porn site like youporn and pornhub, or epic with fortnite, etc ... Do it this way with no major issue, because the messages are super clear, and where to click to allow it is super clear, no need to look for it.
If anything, this is almost too easy and I'm surprised there is not a bigger spread of malware through browsers using that, and I would be for it asking you to confirm your password before enabling that permission.
EDIT: it appears I missed that parent was talking about UPDATING apps, not installing.
To install apps without user prompt on Android, you need INSTALL_PACKAGE permission. Guess what? You cannot use that permission on third-party apps (meaning any app installed by the user, in opposition to apps that are pre-installed on the ROM), since it's for first-party apps only. The documentation backup this claim: https://developer.android.com/reference/android/Manifest.per... Without that permission, you cannot have automatic updates.
The feature you are referring to and shows in your screenshot refers to the ability to launch an APK install prompt (that the user have to click through) using an Intent. It cannot be considered as automatic update. So, yeah, it's not an even playing field.
Still not quite comparable. On iOS it takes 1 to n clicks to update n apps (click “update all” or “update” on each app). On a non privileged install of f-droid it takes at least 2n+1 clicks (“update all” to download the new apks, then “update” and “install” on each app, more clicks if any permissions changed).
Comment you replied to was talking about automatic updates, not installing apps. Google Play and vendor installed apps can automatically update apps in the background without needing to prompt the user for permission to install each individual update, while a typical f-droid install requires the user to click through each update and press “install” at the prompt. This can be fixed by making f-droid a system app, which requires root or an unlocked bootloader.
Yes and that is just a story. The ability to use your iPad as a second screen was first introduced by a third party app less than a year after the iPad was introduced in 2010.
This is one aspect and admittedly Android is better than Apple, but the other aspect (and more fundamental) is the ability to gain root on the system and do whatever you wish, and here both Google and Android (in the former case if not Google themselves then all the 3rd party Android vendors) lock down their devices. Rooting through exploits is not an acceptable solution.
Rooting the Pixel 2 (I haven't tried the other Pixels) is not trivial for the average user, it still involves downloading third-party software and doing stuff on the command line.
I had hoped that the pure-Google devices would have just had a switch: "I am now root," but alas it wasn't to be.
I don't believe that is correct. All you need is adb and the various Android command line tools. Those are all first party. If you downloaded a third party tool to make it easier, that's fine I guess, but it's not a requirement.
Some of this I can understand. Root permissions does introduce some additional security considerations. We haven't fixed this in decades of computer usage in a way that preserves security, ease of use, and giving people easy access under the hood.
My mother would click any number of scary UAC prompts in Windows just to get to the webpage she's trying to get to. That's not Windows' fault, but it is reality.
I think what he was referring to was the need to use "complicated" tools not built into systems to gain root
I do think it is a good thing though. For people like you and me, it's easy to do, but we also understand what root is and the dangers of it. For someone who doesn't, it's better off for them to not be able to root their device in the first place.
Of course, we could bring up the catch 22 that is learning. If I hadn't tried out rooting, the terminal, modifying the filesystem etc back when I was younger and didn't know anything, I probably wouldn't know much about that stuff now.
> My mother would click any number of scary UAC prompts in Windows just to get to the webpage she's trying to get to. That's not Windows' fault, but it is reality.
It kind of is Windows' fault, because it's pretending to protect you from things it doesn't actually understand.
I have had trouble getting people to install Signal on their phones because it wants access to your texts and contacts. But it only wants that because it's a messaging app. It's not as if it uploads your texts to the Signal Foundation -- its very purpose is to do the opposite, and the source code is published so that anyone can verify as much.
But because the validation provided by mobile app stores is theater, it doesn't understand that and treats Signal the same as any random flashlight app written by Some Guy in Russia who wants to sell your contacts to Viagra spammers in order to buy a new Mercedes.
If this idea of validation and curation is to mean anything then it should be that it validates that Signal has both a legitimate reason to access your contacts and doesn't do anything untoward with them, and then allows Signal to access your contacts by virtue of you having installed it, but not so for a flashlight app. There shouldn't be a pop up allowing naive relatives to either break Signal or volunteer your contact information to spammers. Even if it's possible to grant the flashlight app greater permissions, there is no need for that interface to present itself in a way that allows users inclined to mash buttons an easy way to do the wrong thing. Use better defaults and then making changes can be six taps deep in a scary system menu that the app itself can't launch.
Which is how Linux package managers already work. If you try to put an app that hoovers up your contacts and sends them to spammers into the Debian repositories, it'll get refused. And packagers can restrict apps to by default only doing the things they ought to be able to do using apparmor and the like, instead of relying on the untrusted author or the unknowing end user. The user can still override it manually, but then you're typing things at a command line, which deters novices who don't know what they're doing and gives experienced users a red flag that there had better be a good reason why they have to do it that way.
So strictly speaking you can have root through purely first-party, open source, AOSP tools exclusively. It does, however, require doing a full build & flash yourself. That process is at least documented, though, so there's that. Just think of it like Gentoo
You're correct it's not trivial for the average user, but the average user should also not have a rooted device (nor does the average user even want a rooted device).
Is the learning curve perfect for the semi-advanced user? Probably not. But third-party software also fills this gap just fine. I don't think Google should be a required party here. They do provide officially supported tools & documentation for the process itself (and those tools work on all major platforms at that), just not a shiny GUI to do it. I think that's a reasonable point to be at.
I'm not sure that's important. If you make it too easy, it's a security hole. So, you have to wipe the device, which makes since in preventing a hostile actor from pressing the, "I am mow root" button and either dumping everything or installing malware. I also don't see an issue with google not putting a fancy gui front-end on their dev tools. They're built for advanced users, and in some ways, that's a barrier to entry to the avg. guy can't mess up his system or get phished into pressing the "root button."
> I had hoped that the pure-Google devices would have just had a switch: "I am now root," but alas it wasn't to be.
An unlocked bootloader is strictly more powerful than simply gaining root. You can even install other operating systems. The ability to safely gain root falls out as one of the possible uses of an unlockable bootloader.
That would have been acceptable if in parallel Google didn't own Google Play...
Remember how installing apk's was claimed to be a viable alternative to Google Play for even the average user ?
Yes, that's a real problem. At the same time, as long as Google is very clear why they are doing that I think they will be okay. After all, they already do this on Chromebook.
Now, why should they do this? Because I have seen malware sites tricking people into first enabling 3rd party apps and then installing their apk.
Yes do NOT buy a Pixel from ebay/amazon because they are all Verizon or Sprint bootloader locked, even if they can work on other carriers. Carriers lock bootloaders so you can't circumvent their tethering paywalls.
> Unlocking bootloader is not the same as rooting.
True, but having an unlocked bootloader makes rooting trivial.
Those wanting to root devices with locked bootloaders have to depend on exploiting security flaws in their OS to do so. This means intentionally ignoring security updates and potentially maintaining a vulnerable device just to be able to retain root. These exploits tend to be device specific as well and often carry a risk of at least soft-bricking.
Those with an unlockable bootloader can just unlock and flash in something like Magisk in a pretty much universal fashion.
Blame the companies that want & use DRM, not the DRM provider.
It's the same thing that happened on PC ages ago. If you don't like DRM, don't support games & apps that use DRM. Complaining to SecuROM that they are supplying market demand isn't useful. At least SafetyNet isn't a badly made rootkit that destroys your hardware and it's only real flaw is being semi-functional DRM.
I don't understand what you're attempting to get at with this.
PC DRM back in the day was notorious for rootkit vulnerabilities and even bricking CD/DVD drives (example: https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootk... ). The point was just at least SafetyNet isn't straight up broken like the wild-west of arbitrary DRM providers of yester-year.
The sherlocking story is as gross as, say, systemd implementing systemd.timer so that users don’t need a crappy, third-party, paid version of cron anymore (okay, the analogy breaks down since it’s pretty hard to find something less gross). Not that I’m a big fan of systemd, or stopped using cron.
Android/Google don't make it easy though.
Installing an APK requires a security setting change.
Search results for "install f-droid on android" on google are very unhelpful for a general user compared to search results from DDG or Bing.
I’m fine with that being difficult. My grandmother, bless her wonderful heart, clicks on everything no matter what you tell her or do. I like being able to give her a lockeddown android device and I know that she has no reasonable way to escape the android market (which is what she wants) but I can still drill into the menus and do as i will
Nudging non-technical users to a trustworthy default store without actually restricting alternative sources is a pretty good solution for protecting non-technical users without limiting users' freedom. But it still gives the store operator an extremely strong market position, making meaningful competition very unlikely. In fact, for non-technical users it's a monopoly because they aren't in the market for apps but for apps they can trust aren't malware.
So this is no excuse for Google banning apps to protect their profits at their users' expense.
I've never used f-droid, but decide to try it on my (original) Pixel XL. I clicked "Download" and the file saved. I pulled down the top drawer and opened the file with "files". I clicked the APK and got a security warning with a link to the exact "settings" page where I change it. I clicked the security option off. I returned to files and clicked the APK again and it installed.
This is very wordy and sounds a bit complicated, but it was simply a few extra taps and it installed. A pretty good balance of not too easy that a novice might do it by accident and still accessable.
I can. But it's more a workaround. I have to allow all non-google-appstore apps to do this. Why not just allow this specific store? Similar to how repositories work.
Your analogy is certainly interesting... but expecting everyone to want or know how to look under the hood of their car is a little delusional. Most people don’t even know or care to check their oil. They drive from A to B and only take their car in for service when a light is illuminated on the dash or if it’s making a funny noise.
Personally, I do all my own maintenance and love to look under my hood. My wife? She’d drive a car until it was devoid of oil or coolant and the block seized up without even batting an eye lash. I’m not passing judgement here, just offering a more realistic viewpoint.
The same is true for users of apps. There’s a reason the stores have grown to be so successful, and a reason the Google store is evolving to be more and more like Apple’s.
I don’t think that they are perfect, but I also would never consider the open source package systems to be perfect either. Everything has a trade off, you can’t have your cake and eat it too.
It's best to avoid analogies. Computing devices nowadays contain all of one's information including sensitive photos, passwords, ability to authenticate, location data, and other security risks that a car doesn't pose.
I do wonder how crappy an opensource package repository would get if it faced the kind of sustained attack by con-men that Play & Apple have to deal with.
For a brief moment in time, there was an alternative in mobile space having best of the both worlds. Back then Nokia was still a thing, Meego/Maemo OSes on some -very few- Nokia devices had apt & rpm. Nokia repository would be there by default, and you could easily go and add any package repository through their UI. Just like good ol' Linux package managers, because it was one.
In fact this capability even enabled the community of these OSes to support the platform much longer than Nokia intended to. They made emulators, enabled hidden functionality (like FM Radio), even the bootloader was unlocked so you could go and install Android -but drivers were not open-source- if you wanted. It was liberating.
Too bad it got killed prematurely, and from its ashes Windows Phone was born.
The primary goal of package repositories is to make available the software users need. The primary goal of Apple/Play/whatever stores is to make money.
“Totally broken implementation” is very close to BS, at least strongly exaggerated. They’re both highly successful distribution models. Of course, every system has downsides. You’re free not to participate
Really? It's basically impossible to distribute apps for iOS outside the AppStore and very difficult (all security, warranty warnings, settings, etc.) to distribute them outside the PlayStore.
Yeah... really. As a user, I (and >99% of others) just don't care about the distribution channel. The stores work. I've never been hit by a security issue. Choice is plentiful. Prices are ok.
So "totally broken" just isn't a rational description.
Thankfully so. Apple keeps the App Store pretty clean, legacy apps, that are not maintained enough don't make it to the next iOS release and their capability system means I don't have to trust third party apps with anything.
Of course, there are cases that essentially suffer from this, but for me as a user, I've got to say I'm pretty satisfied.
This might be a fine answer to dealing with a commodity product in a market with strong competition, but a terrible one for any system with limited choice and an extremely strong network effect.
Package repos don't provide analytics for developers, search for discovery, malware and abuse detection that scales to millions of apps, and loads of other features that the app stores offer. They aren't equivalent.
You can use text search on APT repositories, and probably other ones.
> malware and abuse detection that scales to millions of apps
We don't need millions of apps.
A thing I like with distribution repos is curation: only trusted people can add new packages.
Of course it means less packages, but it also means there is no junk at all.
Also, whenever I needed to do something, either F-Droid already had an application for it, or there wasn't any open source app doing what I needed.
People complain about app stores being restrictive and then you suggest only trusted people being able to distribute code that I can use? That's way worse.
Part of the complaint is also lack of transparency when a Google Play app is removed.
When I want to use some popular software and it's missing from Debian, I can usually find a thread on Debian's bug tracker with a detailed discussion on what the issues around providing this particular software are.
Unsurprising - Google obviously wants you to be within their walled garden. You could probably add an in-app purchase but this has been a known thing for a while now.
A lot of these threads feel like complaining that McDonalds doesn't offer more sauces, or that they don't let you leave their store with the sauce. It's their store, it's their sauce. I don't think you can even claim monopoly, because nobody needs to use these devices. We can still use dumb phones for voice and texting, and regular computers for the internet.
You have to accept that these are commercial products for commercial gain. They are not a product of or for a community. Massive corporations use these systems to create products that drive their revenue. They will do whatever works for the majority; the fact that a minority wants certain kinds of changes does not impact their bottom line, so why should they consider it? They do not care about your outrage or opinions, they care about cash.
F-Droid has a pretty strong foundation in my opinion. It just needs more resources to be able to publish app updates more quickly. It also needs a redesign, like you said, but I don't think there's a need to start from scratch
Yes, that would be nice, but at this point it would take a few billion to replicate all the functionality - who is going to be willing to pay for that and be still tied to Google? Might as well start a brand new smartphone/OS company...
So do you mean a store run by a company that has the money and intent to promote such a store enough for everybody knows about it, e.g. Facebook, Amazon, or Microsoft?
What else would you expect? Any other commercial app store - especially VC-backed - will eventually follow suit with Google's and Apple's stores in order to maximize profit over everything else. This includes denying any kinds of donation links.
Google (Or Apple) is pretty serious regarding their app stores rules and regulations.
Google owns the app store. So, developers should abide rules imposed by Google although the rules do not seem reasonable all the time.
My suggestion is, developer can still implement in-app billing, removing "donation" wording. For the in-app item, make it as good-to-have feature like "unlocking additional app color theme".
With such, he will still abide the rule, yet able to get his monetary reward.
I know this will be against deeply against HNews but I'm open to discussion.
I don't see anything wrong with this. Charging vs Donations, I don't see what the difference is. It's people paying money for good/services/software. The primary difference is the open ended pricing model.
Google, Apple put up networks and there's value in that network. Whether someone chooses to release their app for free or charge money for it, that app is dictated by the network fees. This network is extremely powerful in terms of its distribution reach. Does it warrant 30%? That's what the market is willing to put up with, but if we're debating 30% - it should be for the whole network not just because someone has an open ended pricing model.
If this app is registered as a non-profit (which it did not look like based on the website?) then I am 100% in the wrong and do believe the app should be able to operate under different pricing schemes.
At a philosophical level - what is the difference between a free-to-use app that has open ended pricing vs a FOSS with donations?
You're stating, essentially, that anyone who wants to publish FOSS software with a donation link should be forced to go through some convoluted procedure and register as a charitable organization. (where? in the US? in their specific region? does it matter? how much time will it take for them to figure out? is this even possible in all regions? does this require ongoing effort e.g. accounting, document submission, general bureaucracy?)
This is simply not how the real world works. If it ever does, you've created a dystopia.
Google are being bureaucratic twats here. There's plainly and obviously a difference between WireGuard and the 10,000,000th iteration of some bullshit F2P casual game, and there's obviously a distinction between donations and purchases - the intent of the user, for one.
That they put prole-tier support on the case and 'accidentally or otherwise' sling the banhammer at pivotal pieces of software is their problem to figure out.
Sure, there is very little distinction. I'd argue that both are donations. Pay-as-much-as-you-want (if $0 is an allowable price) represents a donation with a slightly different funnel.
The for-profit vs non-profit distinction is immaterial to me; the distinction is between actually paying for products (e.g. buying an ingame item or support or a subscription or whatever; some sort of 'contractual' thing), and literally giving money away with no strings attached.
Google's particular funding model for their App Store is a different kettle of fish entirely - they can decide that apps beginning with the letter A pay a 90% fee and that's just how it works.
To purely play devil's advocate, there are a number of 'home restaurants' (operate out of my home) that are pay-what-you-want and operate quite profitably. I believe 100% they should be taxed (i'm totally conflating taxes and apple/google profit share but it's a form of a network fee?).
Through this discussion I do wish there was an exception for FOSS for individuals at a legal level.
I can 100% agree though that the fees which google/apple charge are extortionist.
Not for profit status is susceptible to abuse so I'm glad the process is strict. But you're proposing that app developers should be able to self-describe as charitable in order to dodge fees? And how well do you think that would work exactly?
Having a donation link in your app that is completely voluntary and confers no benefit other than fuzzy warms (and yes, indirectly, if enough donations are acquired, continued development) should not carry fees.
I don't believe that the app stores would cease to function or even suffer appreciably decreased profit by doing so. In-app purchases result in new features or items or something being unlocked.
Donations do not. They are gifts.
I disagree with the concept of fees for the Google and Apple play stores because they are monopolies within the platform entirely, but if they must exist, attempting to charge fees for donations is just bad form.
this exactly is how the world works. if you receive money, wherever it comes from, in more and more countries it must be taxed as income. if you want it tax free, you must prove that you are eligible to do so.
the question is whether or not it is right for google to act as a gatekeeper here. i think not.
Gifts are trivially tax free in the UK excepting cases of Inheritance Tax whereby someone pretends to 'gift' an inheritance before dying instead of having it taxed normally.
It would surprise me if that were not true globally.
A donation is definitionally a gift. If it's not due to some legal wankery, rename it, doesn't matter.
as far as i know, at least in the US only donations to registered non-profits are tax free. any other donation is taxed like any other income.
if it's a one-off, sure, calling that a donation may be trivial, but if you start getting donations on a regular basis, you have to prove that they are in fact donations, and not hidden payments for a service. if it weren't so, we would not need to have entities register as non-profit.
You can't just freely receive donations and not pay any tax.
There is definitely an argument that you are donating to ensure future development of the software, essentially quid pro quo.
Edit: Wireguard literally make that case while soliciting donations
>We're extremely grateful for all donations, which enable us to continue developing WireGuard as free open source software. We are happy to receive donations from interested companies who would like to see WireGuard development continue and thrive, as well as individual donations from folks who would simply like to say "thanks".
I have done open source development for well over a decade, thousands of hours, tens of thousands of lines of code, and I can tell you:
Considering the amount of donations I got, it would have been much more profitable to clean toilets, to just go begging in the streets, collect bottles from public trash cans for the deposit, or just sell my body.
In fact let's have a look how much I got during the past 12 months for 250 hours of work:
$0.
Had I been working as someone who climbs onto roofs and cleans the dirt off of them I would have gotten this much for that in this country:
$16500
And then, as a cherry on top, you now demand that a giant monopoly, which is trying very hard to soak up as much of people's data as possible - without paying them for it! - should get a cut from donations for my work which I genereally give away for free.
Now I can understand that you did not know this when you wrote down your opinion!
But given that you do now, do you understand how insulting this feels? :) It actually itched me so much that I created this account solely for the purpose of telling you, and I would be very happy if you could change your mind :)
Thanks for making an account to comment. I went to sleep (live in Singapore).
100% open source does not pay money for the vast majority of people, and thank you for your contributions to the community.
I also hope you understand that I get that FOSS donations won't make a liveable wage. At the same time, we want to be thanked for our contributions to the community - I get that.
My point is - by throwing up a donation link, we're circumventing their process. What's the difference between throwing up a donation link vs a Apple/Android pay link in app? It's the network fees. We're trying to avoid those because we feel they're unfair (which they 100% are).
If the Apple/Android pay fee was the same as the donation link, the majority of the time, we be using Apple/Android pay. Why not?
We want the benefits of the Apple/Android distribution network without paying their fees because "We belong to FOSS".
By "open ended pricing" i mean - pay what you want. This is very common in food industry, "house restaurants" if you will. I get a meal and very well can pay $0 or $1000.
Agreed, donations do not necessarily mean I receive anything in return and I purely want to support like clean water efforts in 3rd world countries, but policing the difference seems unrealistic.
But that seems like it should be a special non-profit category. I think I'm beginning to convert to a 'middle' ground that there should be a sole proprietor non-profit, but that seems insanely hard to police.
In most legislations they are taxed (and deducted) very differently and must respect specific characteristics (eg donators must not receive nothing of value in exchange, must not be asked to donate a minimum amount or a repeated amount, etc)
While it doesn’t touch on donations, for the “value prop” angle I strongly suggest developers read and internalize Apple’s point of view as expressed in “iOS App Store Principles and Practices”:
Also on the value prop front, worth noting a variety of digital app stores at scale have found operation costs 12% to 18% fees before the hands on “40% rejection” level of oversight that Apple is providing to end users.
We merged a similar thread, "AndOTP Removed from the Google Play Store Due to Donation Link", into this one. Perhaps we'll update the title to cover both.
https://github.com/andOTP/andOTP/issues/396
https://news.ycombinator.com/item?id=21269542
Just to add clarity these were two different apps that were taken down: Wireguard and AndOTP (among others mentioned in this thread)
Wireguard had 50k+ installs according to its (now dead) playstore page: https://webcache.googleusercontent.com/search?q=cache:kSsZsb...
AndOTP had 10k+ installs: https://webcache.googleusercontent.com/search?q=cache:buaKcF...
[Prior reply got detached in some cleanup, so adding again here.]
An update on the WireGuard situation: they have reinstated the app _without_ the donation link. From what I can tell from talking to Google insiders, there has been no change in policy. Officially, Google has not communicated at all with us about it, so we're not sure what's up. But at least our app is available again to users, which is great.
Hmm, any idea how Google automatically catches a donation link? I feel like there's so many ways to do it that they must only be catching a handful.
My app also got taken down some months ago. I had a menu entry called Donation that linked to a web page containing a PayPal donation button. I'm guessing they are just looking for the string Donation in your app.
What app was it?
The OP says the process is manual.
Google Play In-app Billing does not support donations [1], so open source developers should be allowed to link to their own donation pages. Google Play policies do not spell out that linking to donation platforms such as Patreon is forbidden.
Disallowing developers from using in-app billing for donations, while also barring them from linking to external donation platforms, puts open source projects in a difficult position, and appears to be overly hostile towards funding open source development.
Google must clarify their position on whether they allow donation links in apps published on Google Play. The app takedowns [2] of the last few days show that this is a significant development, and it is of great importance for all open source developers.
It's best to publicly document the messages you receive during app takedowns, since app store policies are often vague, it's easy for reviewers to make mistakes, and having a clear reference for these decisions also helps the public assess the validity of the takedown.
[1] https://play.google.com/about/monetization-ads/
> Here are some examples of products not currently supported by Google Play In-app Billing:
> One time-payments, including peer-to-peer payments, online auctions, and donations.
[2] https://news.ycombinator.com/item?id=21268389
> Disallowing developers from using in-app billing for donations, while also barring them from linking to external donation platforms, puts open source projects in a difficult position, and appears to be overly hostile towards funding open source development.
Google Play has been very clear about this[1]:
> Fund solicitations
> Examples: Donation solicitations from parties without a valid 501(c)(3) tax exempt status clearly displayed to the public; solicitations from parties without valid proof of exempt tax status or proof of registration with the relevant country's regulatory bodies and authorities; and political organizations that have registered with the Federal Election Commission (FEC)
For instance, Wikipedia displays an external "Support Wikipedia" link in the main menu of its Android app[2] without violating Google Play's terms and conditions.
[1] https://support.google.com/faqs/answer/75724?hl=en
[2] https://i.imgur.com/MEut6yC.png
Sure, but why? If the rules clearly said "no chess games", one could say "that ends the discussion of why chess games are denied", or you could further ask "but why are no chess games allowed?". Is it because Google plans on having their own Google-Chess someday and thus is preemptively preventing competition? Is there a technical or regulatory reason chess games aren't allowed?
That's the question (at least for me) here: why are (non-tax-exempt) donations not allowed, beyond the tautological response of "because the rules say so"? I'm not familiar with the regulations around this area, so for all I know there's a great non-Google reason for this and Google just wants to avoid the hassle of conforming to some law. Or maybe donations is a feature they want to eventually support in Google Play and they don't want to have to force a bunch of apps in the future to switch once they add it (which would be a more disappointing reason). Perhaps they're afraid that it would create a loophole where people could get around the 30% cut since psychologically it feels shitty for someone to middle-man a donation, but then if they made donations Google-tax free, everyone would just choose "donation" and they'd have to police this.
My guess is it's ripe for fraud. Find open source app, put on Google with your donation platform of choice, profit!
By requiring government registration my guess is the hope is both that the fraudsters will be caught or dissuaded and if they do make it past the government registration then when the real devs complain Google can say "take it up with the government. They mis-licensed. We just followed their license"
My guess is you missed the point of Free Software. Anyone can use it in any way, including selling for profit. "Free" as in "freedom", you know
Recently I created a small homepage with different re-packaged versions of Java: https://jdk.dev
All that alternative packages are free of charge but they have extended support from a number of big companies. All these companies funded separately, there's no common place for donations or something.
That's totally ok in the world of Free Software. Pick any source code you want, repackage, rebrand it, sell it as you wish and may the Force be with you. People do it all the time.
Just because the license lets you do what you want with the code doesn't mean you’re allowed to commit fraud.
For example, if a person were to repackage someone else's open source project with a link that says, "Donate to support the development of this software" that's still fraud (assuming they keep the donations).
I understand your point but we should not assume criminal intent without some solid evidence.
Back in days I paid for CDs with only open source software because internet was too slow. CDs were definitely priced for decent profit. The beauty of opensource is that we can do this legally.
But this isn't a discussion of assuming criminal intent of a particular actor. This is a discussion of a rule to prevent actions by a hypothetical criminally-inclined actor...and thereby prevent a platform from getting a reputation for that criminal action.
I like that page but really not a fan of the font. It looks... dirty? Like writing with ink on wet paper.
If they repackaged the app, gave it out for free, but changed the donation link how would that violate the license?
I suspect OP was referring to the non-profit status given by the government as “the license,” not the license of the source code.
And a non-donation in-app payment isn't open for fraud?
If it was a normal in-app payment it would go through Google. Where it could be tracked, identified as fraud, and stopped.
You misspelled "Where it benefits Google, no matter whether it's fraud or not".
I am okay with that. No one is forcing anyone to use the Google service.
You are forced to use either Apple or Android or a Windows PC to acces many services that are essential to modern life. Android would probably be the cheapest option. So if you do not want to use Google services you would have to pay premium. For many people it is not an option.
I am not and I am not using neither Apple, Android (I am using the FOSS version, I guess that does not count as Android in this case) nor Windows and I am not missing anything, and I'm not frugal in this sense (most of my friends consider me a guy living in the future). And I am not paying premiums. I simply prefer web apps over native apps, it's a breeze with PWAs.
All government services where I live require Windows/Android or Apple. For some time I used Android in a VM for tax declaration etc, but the developers first banned the OS build name, so I changed the build name :P But then they found some way to figure out that I was using a VM. My hope is in PWA's, but the problem with PWA's (it's a feature really) is that it's harder to fingerprint and spy on the user. Also meaning it's harder to catch abuse like identity theft. I know there are ongoing work on Web ID standards where you can have a cheap second factor device as key. So it looks promising. But then there are the platforms, what incentive do they have, (more then empowering their users and developers), to actually enable a layer like web browsers that circumvent their monopoly status?
The requirement for provable non-profit status is a legal requirement. A new federal law that passed last year makes it so any "online" content distribution network (including Google play) is legally responsible for any crimes committed by someone else listing a product or message on their platform.
Basically, if you include a donation link in your app without proving non-profit status you could be committing fraud, and Google could be held equally responsible to the crimes of the app being hosted. Google also has to report non-tax exempt profits made by any app/content they host in many locations, so only non-profit groups may link to a 3rd party payment system without violating legal statutes in some countries/states.
> Basically, if you include a donation link in your app without proving non-profit status you could be committing fraud,
How is it fraud to ask for donations without being a non-profit?
> Google also has to report non-tax exempt profits made by any app/content they host in many locations,
I am not familiar with google's payment model, but is there no way to charge users except through Google for google play apps?
How is it fraud to ask for donations without being a non-profit?
It's higher risk for sure. Non-501c3 donations are the kind of high risk small peanuts you can imagine a behemoth like Google wanting to get away from.
Thank's for the insightful response. I figured it was google covering their financial butt.
Because it saves google some hassle in policing shady monetary schemes. As soon as money is involved it is a massive hassle. Going outside of established monetary policy opens up a massive hole of shenanigans. Not to mention every app you download would have huge incentive to put up endless patreon/donate buttons that would go outside of googles carefully crafted walled garden, yet they would be held responsible for shady practices.
So they want the app store but as soon as it gets comlex or difficult to manage they kick up their heels and ban apps rather than stepping up to the plate and owning thier problem.
It seems like either (1) Google fears getting in legal trouble, or (2) Google wants to tax the transaction.
Their house, their rules.
Right, but I’m outside their house, asking others who are standing on the sidewalk with me, why they think they have these rules.
Smartphone app stores are a duopoly, so I don't think Google should have total freedom to decide what they allow and what they don't.
There are at least three, actually, since Amazon also runs their own store which can be installed on any Android device. Samsung has another one specifically for Samsung devices, and there's also F-Droid though that might not count as a "store" since it doesn't handle payments. Anyone else can start their own the same way. Only the Apple devices are restricted to apps from their vendor-specific app store.
A great way to have nobody come to your parties.
Or a good way to avoid having party guests trash your house.
Can't have party guests trash your house if nobody comes to your party!
taps finger on temple
Problem comes when they own 90% of houses
Please read the first paragraph again. Slowly this time.
It's pretty obtuse to only permit 501(c)(3)s.
Likely this is Google avoiding additional regulatory complications/KYC. It's cumbersome to prove you're not enabling money laundering or funding terrorist organizations if you're an arbitrary money sink.
But I'd expect better than Google, a business with an astounding $836B market cap. They could just buy a company that primarily handles this sort of money flow (e.g. Streamlabs)
It's understandable that they want to process payments only for registered organizations, but that still does not explain why are open source apps being taken down for linking to an external page that lists ways to support projects.
Probably because Google or it's financial partners have compliance programs that require all money flows they enable go through the required regulatory channels.
If an affiliated party is breaking regulations, you can often get in trouble by continuing to be associated with them once you're aware, and ignorance isn't a valid defense.
It's unlikely that GitHub subjects themselves to legal risk by allowing developers to link to Patreon [1]. I think this issue has more to do with Google's priorities, than what is legally possible.
[1] https://help.github.com/en/articles/displaying-a-sponsor-but...
Patreon assumes the bulk of the legal risk, and GitHub probably is ok with Patreon.
FWIW I agree with you, Google isn't prioritizing solving this properly and is opting to take the easy way out
Oh do come off it. This is bureaucratic bullshit at its' finest.
We're talking about a hyperlink in the app. Linking to wireguard.com would be fine.
How about if wireguard.com had a big donate button?
How about if wireguard.com has 'Donate' in bold?
I know you're not the person actually signing off on this - but to the one that is - fuck you. In bold.
No-one is getting sued because of one step being removed in a hyperlink chain to a donate button. If they are it's getting thrown out instantaneously.
Characterising a link to a donate button as being in _any way_ related to aiding money laundering is ridiculous.
Cease this insanity.
It's not a lawsuit that people are afraid of. It's potential action from financial regulators, who are famously inflexible and disinterested in being nice to open source software developers in genuine financial need.
Parties like Google and Apple are well aware of the potential consequences, and thus are similarly inflexible and disinterested in being nice to a fairly small group of use-cases that exposes them to an outsized amount of risk.
It's really, deeply unfortunate. It's incredibly painful for everyone who has to deal with this bureaucratic bullshit. Unfortunately, it being bullshit doesn't make it less real or less reasonable.
Unless you're casting literally any action ever as being subject to "potential action from financial regulators", which is theoretically true but simply asinine to discuss, this completely misses the point.
It is not a real concern for Google to have a hyperlink https://wireguard.com/donations buried inside an app distributed on the Google Play Store.
I don't believe your concern is legitimate. It's arse covering gone mad, sorry.
Rhetorical:
You can email me, my email is in my bio, and I will respond with a way that you can send me money. If dang reads this post and does not take it down, does that put HN at risk of AML action for potentially 'aiding the money flow'?
edit: actually, you can click through enough links on my bio and get directly to donation pages. now we're really fucked, right? who's gonna turn off the lights?
Your rhetorical is not equivalent. Google Play Store is a marketplace. Google facilitates transactions -- from users to app developers. Some transactions are free, but Google's financial partnerships might mandate that certain regulations apply to the entire Google Play Store ecosystem. I could be wrong, but I'd reckon this is a grey area and Google is opting to avoid the problem altogether (IMO a bad choice).
This website is different -- not just free -- there is no financial partnership in play (as far as I'm aware). But rules still apply. If you put a link in your profile taking donations for Syria, the operators of this site are obligated to comply with OFAC sanctions and I'd expect your profile to change pretty quickly.
In this case, I'm guessing Google is opting to choose the path of least resistance, and rather than perform due diligence and KYC for apps which solicit donations, they've chosen to just... not do that.
They haven't chosen to just "not do that".
They've chosen to pre-emptively cover their arse against a risk less likely than an asteroid hitting Earth by just nuking the apps.
There's another thread on HN about this right now - I don't know how these people can like, exist, in this world, with every one of the hairs on their head individually combed into a perfect slick. Can you even eat breakfast without worrying about some tail risk?
Too much HN for today, methinks. I'm so glad that the normal people I interact with in the world aren't this wanky (I don't mean you or other posters here, but the bureautwats that actually implement this stuff)
Honestly, I'm in agreement with you.
You're right, and the Google is wrong.
Really? Because Chrome allows me to navigate to all manner of sketchy sites- should Google be dropping Chrome? I mean, it's about as specious of reasoning as claiming that financial regulators will go after Google over donation buttons in apps. At that point, the whole thing is so far removed that it feels like being worried over getting struck by lightning. Heck, Chrome will even autofill a saved card into a donation page for me. Does Google need to follow KYC for every Chrome user and every page they visit?
Sure, maybe the argument can be made, but come on. We all know this is so that Google can get their nice 30% cut, and cut off any alternate funding sources for Android apps. Otherwise, shady developers will just require a "donation" instead of a purchase. That is behavior that Google would be reasonable to police, but to claim that action from financial regulators is what's causing this is just silly.
So many services use KYC/AML stuff as a catch-all excuse because it's easy to claim 'tip-off' provisions and just flat out refuse with no further information.
It's just your bog standard wanky corporate dishonesty. Nothing new under the sun.
Google does not exercise significant control over what websites a user can visit with Chrome. They certainly don't maintain a whitelist. Some might opine that the Play store is perhaps a slightly different matter.
It may also be worth considering that actions can, at some times and in some situations, be taken by human beings for multiple reasons with multiple independent motivations. All of which are real, genuine reasons.
They maintain a blacklist though, called Google Safe Browsing. Perhaps Bitcoin sites should be added to that to prevent money laundering. Pornographers should be licensed, otherwise omitted from search results.
Too many adverse effects you say? Sorry, that's just the way it is, no use complaining.
They are not enabling this money transfer. They have nothing to do with it at all.
It appears only non-profit organizations are allowed to use Google Play In-app Billing for donations, which is fine.
But why are we forbidden from linking to an external page that lists other ways to support a project, such as Patreon?
I think we should stop being apologetic, and begin to call out Google for the damage they are inflicting upon open source developers.
> If only non-profit organizations are allowed to use Google Play In-app Billing for donations
Nobody is allowed to use Google Play's in-app billing for donations, and only organizations with a valid tax exempt status can link to an external page that lists donation options.
The page you linked to lists activities that are forbidden if you use Google payments.
> Any individual or business processing transactions with Google payments must adhere to these policies.
Maybe the Software Freedom Conservancy[1] or Software in the Public Interest[2] could help open source Android apps take donations.
[1]: https://sfconservancy.org/ [2]: https://www.spi-inc.org/
What do you do if you aren't based in the US? Are you able to gain a tax-exempt status or do that only applies to US orgs?
> Examples
Since those are examples I hope this also covers tax-exempt charities in other jurisdictions.
I switched to the german site and it still only refers to american laws.
The full text says "relevant country's regulatory bodies and authorities".
"Examples: Donation solicitations from parties without a valid 501(c)(3) tax exempt status clearly displayed to the public; solicitations from parties without valid proof of exempt tax status or proof of registration with the relevant country's regulatory bodies and authorities; and political organizations that have registered with the Federal Election Commission (FEC)."
> solicitations from parties without a valid 501(c)(3) tax exempt status clearly displayed to the public
As far as I can tell (though I am no expert) it would be very difficult or impossible for an open source project to qualify for 501(c)(3) tax exemption. And even if it was, the cost in both time and money to obtain such a status would not be worth it for small open source projects.
What you quote seems to be the Google Payments policy, not the Google Play policy:
"Any individual or business processing transactions with Google payments must adhere to these policies."
These apps weren't using Google payments, and it is suspected that they were taken down for not using Google's payment systems (despite not being allowed to).
>Any individual or business processing transactions with Google payments must adhere to these policies.
Are the developers using google payments for other things/apps? Because in the context of these specific apps they are not using Google payments, so the policy wouldn't appear to be applicable.
> (...) puts open source projects in a difficult position, and appears to be overly hostile towards funding open source development.
This is the problem of developing free software on a non-free platform. They have absolute control of your work under their own terms, no matter how ridiculous they are. I never understood why the google play store is a socially acceptable idea for free software developers.
It's the most widely used software distribution channel in the world. I'm sure most would prefer to distribute on F-Droid but open source developers want their apps to be successful too.
... and this is why it's a good idea to use F-Droid instead of the Google Play Store if you can.
> Google Play In-app Billing does not support donations [1], so open source developers should be allowed to link to their own donation pages.
Ok, I had to stop there. They have no claim to this as long as they distribute within the store. It would be nice if google allowed this, but there is no obligation. App Stores are monopolies and should be regulated to allow open distribution.
I just cannot comprehend how there are thousands of predatory apps on the store and these apps get banned.
Aside from that it should highlight problems with app stores as a model for software distriubtion in general, although I don't have much hope that this will happen in the immediate future.
That there even exists such a rule is ridiculous and unacceptable in my opinion.
I don’t believe cable tv, for how locked down and awful it is/was, ever went so far as to try and limit any spending outside their own platforms. Perhaps it was a lack of innovation, but the internet and the world of software licensing is gross by comparison
In this case, can't you simply have a one time purchase instead of a donation ?
There are always workarounds, but that is not the point. We must not allow these platforms to discriminate against funding open source development through donations.
Perhaps the solution would be to allow users to buy a 'virtual currency' in the app that actually doesn't do anything? It could be argued that this is a vanity item, like cosmetics, and so is exempt.
Why can't open source app developer have companion donation app like many freemium android apps do?
WireGuard was reinstated after Jason has submitted a new version which does not contain a donation link. The issue has not been solved, and Google did not yet contact maintainers to clarify whether they would be allowed to have a donation link in WireGuard.
Several other open source apps are still missing from Google Play, including andOTP.
While WireGuard was bought back online, version 0.0.20191013 was briefly made available (with a donation link) before it got updated to version 0.0.20191016. Again, the current version of WireGuard does not contain a donation link.
This is the original version of the post, which has become inaccurate minutes after it was posted:
> WireGuard has been reinstated [1], and the donation link is in the app menu (version 0.0.20191013).
> Google has reversed its decision to remove an app that contains a link to a donation page, likely because of public scrutiny.
> I'm hopeful that people will continue to seek answers for why Google has begun to remove these open source apps, there are several of them mentioned in this thread alone. Please don't allow this to go unnoticed, the future of a bunch of less popular open source projects may depend on how this issue is perceived by the public, and addressed by Google.
> [1] https://play.google.com/store/apps/details?id=com.wireguard....
If it really is because of public scrutiny, IMHO we shouldn't actually treat it as if it happened at all - a corporation that only responds to public pressure like this should be shamed and avoided.
(slightly expanded version at https://news.ycombinator.com/item?id=20829422)
An update on this: they have reinstated the app WITHOUT the link, and there has been no change in policy, according to insiders. Officially, Google has not communicated at all with us about it.
It's disheartening to witness some of the arguments in this thread defending Google, saying that disallowing open source developers from linking to their Patreon pages is a legal requirement, because Google is legally liable (while the rest of the internet apparently isn't) for the payments that may happen on Patreon by following those links.
> Google has reversed its decision to remove an app that contains a link to a donation page
Are we sure that this is a decision reversal, as opposed to just reinstating one (or a few) apps?
This is why it is important to continue questioning their actions, a bunch of other open source apps remain taken down, or were forced to remove their donation links. The issue of donation links in apps must be clearly addressed by Google.
Could you double check 0.0.20191013? My phone just updated, and I'm seeing the APK version that has the donation link removed, 0.0.20191016.
I haven't received any further emails from Google (yet?), so I'm still uncertain as to whether I have any sort of green light to republish a version with the link.
Yes, 0.0.20191013 has been freshly installed on my device from Google Play right before I posted, and has a donation link. I see the version published on Google Play has been updated since to 0.0.20191016.
Oh, super. Thanks for confirming. I'll wait a day for some response from Google, I suppose, and then decide whether or not to re-add it. I certainly don't want to inconvenience users again.
But was it a version with the donation link removed?
The version with the donation link was up only for a short period, and then it was superseded by the new version. The currently published WireGuard version has NO donation link.
At least they heard us this time.
Too often they refuse to listen when there isn't an angry mob at the door.
The very same thing happened to manyverse (android ssb client) the other day. Got de-listed, resubmitted without donation page, now it's back up.
How google tries to claim any sort of support for open source is beyond me. What open source app doesn't need a donation link? Those approved and funded by google don't, okay. But other than that?
Oruxmaps even had a donate version that went through proper Google channels when the free version was forcibly removed either for a donation link in the app that was incompletely removed from the Play store build variant or because of a donation link on the product website. It never came back, now the paid version on Play is effectively a billboard "you could save those dollars by going over to F-Droid where we are payment optional".
This is good news for F-Droid.
I just wish F-Droid had a better design but I guess that's just the nature of OSS. It always looked a bit shady and out-of-date, which probably hurts it's popularity.
Someone started a G-Droid project[1] with the goal of being a better local client for F-Droid. It's not a full replacement yet, but has many additional features and a better UI. Hope it takes off and perhaps gets integrated into the main client some day.
[1] https://gitlab.com/gdroid/gdroidclient/
Well, throw them a couple of bucks a month, they have a donation button on their homepage ;)
But the design is fine, at least with dark theme. For me, the UX is better than Play Market.
The strangest fact is, those donation pages only have some links, there is no in-app payment. I don't understand what Google is thinking about when they banned donations...
Wait. I suddenly understand something I've seen previously...
There is a workaround! You simply upload two versions of the app, the free edition and the supporter edition. The support's edition is a paid app. You can ask the users who want to support you to install the paid app in your free app. The program itself is still 100% free and open source, there is no functionality restrictions in the free app, the donation notice can be turned off - just as a way to encourage donations. And it's nothing against the rules of the store.
> I don't understand what Google is thinking about when they banned donations.
They're thinking that they're a monopoly and can do whatever the hell they want without needing to justify themselves?
hazarding a guess, i’m assuming people tried using off-platform payments described as donations to sidestep play store payments
Yes. This is what I suspect. But knocking out all donations using a big ban hammer is not acceptable here, it should be decided on a case-by-case basis. For example, a standard I can think of, is distinguishing donations and payments that influence the functionality of the application/service, and those that have no effect.
> But knocking out all donations using a big ban hammer is not acceptable here
To be fair they didn't. You can accept donations if you're an actual charity (like Wikipedia is). The line they drew isn't perfectly fair, no, but it's not a full ban hammer, either.
As far as I can tell, probably!
That way google gets a cut of the donation.
Oops, it's not a good idea! I now see the motivation behind it!
This is the reason Apple started doing this way back. Sad to see Google follow suit. I guess the bottom line is the bottom line...
I thought this was a Apple only thing and Google doesn't do this. For example, you cannot buy Audible books frim iOS apuo but can from the Android app.
You can, but I don't think you're supposed to direct your users to put their credit card info in, that all needs to be handled somewhere outside the app (with a message like please sign in on our website). Which seems very blatantly anticompetitive to me.
Now that I think of it, Uber has you put your credit card in. I'm not sure why that's allowed
It's allowed because Play Store in-app billing is only required for digital goods & services fulfilled by the app, not physical goods & services fulfilled outside your device. Uber isn't selling you app functionality, they're selling you the physical service of transportation, so they're exempt.
Quote from policy [1]:
Developers offering products within another category of app downloaded on Google Play must use Google Play In-app Billing as the method of payment, except for the following cases:
- Payment is solely for physical products
- Payment is for digital content that may be consumed outside of the app itself (e.g. songs that can be played on other music players).
[1] https://play.google.com/about/monetization-ads/payments/
Oh, what if the donation link added you to a list of contributors to the website. Seems like that would be "digital content that may be consumed outside of the app itself" which might be a workaround. Google might ban it anyway of course
I am sort of annoyed the other replier didn't see the sarcasm here, so I'm going to point it out, and note that it's funny -- seeing the motivation behind a behavior doesn't automatically invalidate it.
To clarify, it’s a 30% cut, not just some small payment processing fee.
What’s wrong with that? They’re paying to host and review the app and create the platform it runs on.
It's arguable since it's "donation" so one may expect to get the full donation instead of 30% cut by google but one may argue what exactly is (or isn't) a donation.
I’m not sure why you’d expect to not pay a fee. Google’s expenses are the same for apps that take a charge as those that take a donation. Credit card processors charge the same fees on donations.
A donation doesn’t magically make everyone else work for free.
> Credit card processors charge the same fees on donations.
Yes, they charge 1/10 of what Google charges. The 30% has nothing to do with how much it cost them to run the service, so let's not pretend that they _have_ to charge them.
(I'm not saying they should offer cheap/free donations, I just don't think it's fair to talk about how much it costs them to run the service given that that's clearly not the driving factor)
A paid app means Google gets to claim some revenues out of it.
So Google can make the donation go through them, cripple the normal version, and take a 20% processing fee?
30%
And then Google gets ~30% of your donations.
For sure Google would reimburse that rake off since they have been prodigious beneficiaries.
That's what PPSSPP already does. AFAIK PPSSPP Gold only differs in price and the icon.
So Google get what they want. The sweet 30pc cut on donations
Seems to have happened to AndOTP:
https://news.ycombinator.com/item?id=21269542
This is ridiculous. May as well only publish open source apps on F-Droid and similar.
Open source app can be compiled and installed without Google play store. If you are hosting on their platform, you adhere to their rules, you are not paying monthly for your free app download bandwith and storage do you ?
That doesn't mean you can't question (and even criticize!) the rules or their application.
Wow great point. Now why the hell can't they have a donation link?
Because you can't use Google's store as a sales funnel without giving them a 30% cut. It doesn't matter if you're a company taking payments or an individual accepting donations.
Wrong. You can’t even use Google with giving them a 30% cut since donations are prohibited from Google Payments.
I'm not a lawyer, but aren't sales and donations quite different? For instance donations tend to have negative taxes...
Not unless your entity is 503(c) tax-exempt which is explicitly allowed by Google.
These “donations” are more like tips, which are treated as taxable income.
I don’t see the problem here. The outrage in this thread seems more about people wanting a different set of rules for OSS and possibly avoiding income tax than anything else. If there are a different set of rules for OSS, then that just makes it easier to abuse the platform. Google’s policy seems fair to me.
Hmm, yeah, I guess that if we want patronage to become a viable economic model, then it will have to be taxed at some point... Since I mostly give to (AFAIK) tax-exempt entities, I didn't think of this...
But neither seems to have Google ! While the global license/patronage debates are already a decade old, and we have seen new companies get started and even established in this sector (Patreon). For instance this "donations" page only seems to cover non-profits ? https://www.google.com/nonprofits/offerings/google-donation-...
"Tips" might well be taxable income. But that doesn't automatically entitle Google to a cut of them. Talk about a greedy land grab.
> you are not paying monthly for your free app download bandwith and storage do you ?
Do I have that option?
It's unfortunate that the developer resubmitted the app without the donation link, open source projects having a donation link in their apps does not violate Google Play policies.
> Here are some examples of products not currently supported by Google Play In-app Billing:
> One time-payments, including peer-to-peer payments, online auctions, and donations.
https://play.google.com/about/monetization-ads/
It indeed is unfortunate. But what other recourse did we have? The first objective, before we even consider donations or anything, is to make our software available and functional to our users. So we had to resubmit. And it's not like the resubmission process is instantaneous; as of writing, the app still isn't back in the store.
But anyway, now what? Let's say things return to normal, but we still want to put the silly link in the app. Our appeal was rejected. We could send letters, I suppose. Perhaps this article on HN will get the attention of the right people? We could appeal the appeal, maybe. And then appeal the appeal for the appeal. At what point does this become a waste of energy that could be spent coding and improving the app in other ways? It's hard to know where to draw the line and which battles are worth fighting. I'm happy to hear folks' opinions on the matter.
I certainly agree, though, that it is unfortunate.
Donations are not supported by in-app purchases, and I'm sure this doesn't mean open source apps are not allowed to sustain themselves by showing a donation link. Or if that is Google's unwritten policy, people must make their voices heard, this abusive behavior cannot be accepted.
I would resubmit the app with the donation link and continue to document and share what happened. Please do not allow them to set a precedent with a popular project like WireGuard.
It's important to share every detail of the issue, the messages you received, your replies, and the policy links you were given about the alleged policy violations.
I think what you are proposing is to make an ideological fight out of this issue, that is exactly what the author describes as "a huge time-drain that does not make the app better" and exactly the opposite of what he meant with "choose your battles".
Let me say that I think you're morally right, but it is probably not a reasonable choice of actions for the author and the users of the app.
There is no need for an ideological fight, because there is no written Google Play policy against donation links in apps. This is most likely a mistake made by the reviewer or an automated system, and I believe they should follow up on it to sort things out.
> I believe they should follow up on it to sort things out. reply
I'm sure you believe that.
Do you work at Google in a position to supervise app reviews? Because if you do, then you can help straighten this out.
If you don't, then it is hopeless. Technically, Google has the right to drop any app for any reason whether it is fair or not (so suing them or something isn't an option). OP already followed the ONLY channel that Google provides (an "appeal" handled, I presume, by a bot that generally issues quick, automated rejections. Sure, I wish Google had a better policy, with some sort of genuine appeal policy which included genuine human review, followed a consistent policy, and most likely had a public record of decisions... but they don't.
I wouldn't assume up front that any action is hopeless. There are many Googlers on this forum and issues like that get forwarded and discussed internally. Google has Open Source Programs Office which used to have a lot of clout inside the company, at least at the time when I worked there.
You are effectively proposing to spend the donated money on improving the Play Store instead of on improving Wireguard.
It's amusing - I feel it's almost like causing a media "storm" is part of the whole "AI powered" process they've got going on. Create Reddit/Hackernews/tech blog outrage and maybe a human might step in and reverse the decision.
You can look at r/videos and see how many examples there are, the link in [1] provides quite a few...
So hey, go get people to repost across social media, maybe get a nice trendy hashtag going like #freewireguard and maybe their "AI" (or PR department) might actually do something useful.
Because to me, I've noticed more and more companies only reverse decisions or backpeddle once there's enough shit flying at them (See Blizzard recently, for example).
[1]: https://old.reddit.com/r/videos/search?q=flair%3AYouTube%2BD...
Of course. No company will admit fault unless forced. The best PR move is wait for it to pass.
I can almost guarantee you that a googler who reads hn has submitted this issue to an internal mailing list and you will get special treatment for this problem.
It's fucking infuriating that the only way to get the attention of a human at Google is to know someone or to frontpage HN.
Time for HN to branch out.. "HN Eyeballs, submit your gripe with Google, we'll show it to Googlers based on their IP address".
As soon as you do that, the effect is gone. It can only ever work in a few isolated cases. Attention arbitrage so to speak
Or in Germany to get an emergency court order ("Einstweilige Verfügung"), dunno if the US has a similar legal venue. At least with an EV you get the immediate attention of their legal department.
The US does, but courts are reluctant to issue them in general. Since google as a fair chance of winning the courts will probably reject the immediate order, and then this drags out in court for a few expensive years before a ruling is issued that could go either way, and either way will drag through the appeals process for many more expensive years.
Does GDPR cover these kind of issues where accounts/apps are demonetized or taken down because of some automated process mistake?
In England you can sue a company for failing to follow its own policies but I don't know if this is possible as a small claim. If not it's probably eye-wateringly expensive.
No.
Yes, it does actually. Article 22 of the GDPR covers this.
https://gdpr-info.eu/art-22-gdpr/
GDPR doesn't cover apps, or organizations a data subject can only be an individual.
Individual developers (sole proprietors) are covered under GDPR!
They are, their products aren't. This is about a decision being made on the basis on PII not just an arbitrary automated decision.
My app was also removed a few months ago for this. In the email they say you have to use Google Play In-app Billing, however:
> Donations to 527 designated tax exempt organizations are also permitted.
So if Wireguard becomes a proper tax exempt organisation it would be ok.
If you want donations but aren't tax exempt there is basically no way to do it. However you could easily work around it by offering something trivial like a badge (games can use IAP to purchase trivial things like hats). The downside is that Google take their 30% cut.
I was going to suggest this too. According to the Android dev site "Google Play Billing can be used to sell the following types of in-app products: One-time products: An in-app product requiring a single, non-recurring charge to the user's form of payment. Additional game levels, premium loot boxes, and media files are examples of one-time products."[0] So could you have buttons to buy a "bronze supporter badge", "silver supporter badge" etc. (trying to avoid using the word donation in case it triggers something), perhaps even enabling a "Show my supporter badges" page that shows the ones you've purchased? Kind-of unnecessary extra dev, and as you say Google will take their hefty cut, but might be better than nothing.
[0] https://developer.android.com/google/play/billing/billing_ov...
You could probably just sell it as "get name on Wireguard website".
And then Google get 30% of it.
Yeah...
> Google take their 30% cut.
AKA follow the money.
google gets a 30 % cut. I wonder about the exactwording and legalese. so if someone is financially endowed then could they make a simple game or a loot box bonus, that pays people to play it. then google would owe 30% to that player.
just to stir the pot and see what happens.
>Apps that employ in-store or in-app purchases must comply with the following guidelines
A donation is not a purchase.
So what is stopping all apps from being “free with a donation”?
The same thing that stops random stores from being "free with a donation"? Laws, tax fraud, etc. .
There's no law against it. You just have to pay taxes on it as it's just a normal income if you're not a charity.
It’s not “tax fraud” to ask for donations even if you’re not a non profit. A for profit developer can ask for a “donation” to get feature X.
Because the huge majority of users don’t donate?
Can someone explains me why PayPal's app is then allowed per this policy ?
Because you can't add funds to your PayPal account through Google Play billing. It has its own billing platform.
I use WireGuard daily since 2017, and it's one of my most favorite computer programs in the entire world - robust, reliable, state-of-art cryptography, and seamless integration into the system.
I've never donated to WireGuard before, and I didn't think about donation (I installed WireGuard from my package manager and didn't realize a donation link exists), until now.
Just donated 25 USD.
Thanks Jason. No thanks, Google.
Me too. Just donated. Awesome software.
In an ironic twist, our app that Google supported via Summer of Code was removed.
Whoever came up with this policy and started enforcing it at Google is completely tone-deaf, needs to be fired and publicly called out so we can set an example as a community that this sort of behavior will not be tolerated.
We have contacted engineering leadership at Google and they are in the process of figuring out who it is internally.
As crazy as this policy is, firing and publicly shaming an employee is not the right response to a poor decision by an employee.
I feel it is. It's an effective platform for (positive) change, in this case.
I think this is a bad decision, but I don't want to live in a world in which people risk their privacy by making poor decisions.
We just need processes to learn and avoid doing mistakes twice, and shaming is a poor way to do it.
If I risked being ashamed when making decisions, I would probably avoid decisions altogether. This would be awful. The discussed decision is not even out of law.
What we can do though, is to tell people we know and love about F-Droid and suggest them to only fall back to the Play Store if they don't find what they want, and that they should be aware that by doing so, they enter the jungle and that this jungle follows Google's arbitrary rules, some of which are not in their own interests.
If you think that's an appropriate and proportional response to an employee making a mistake or misunderstanding an internal policy, I sincerely hope that you're not in charge of anyone at your day job.
I'm pretty sure "whoever came up with this policy and started enforcing it" has significant leeway in their decision making. Having the power to come up with new policies to enforce also means that you should be ready to take responsibility if those policies turn out to be bad.
Sure, but this person was probably given another set of more general policies to work with, and what they came up with was reasonable for the vast majority of cases. It's hard to imagine every single edge case (open source apps with donation links are definitely the minority) and policies will evolve over time to be more comprehensive.
Please share more details about your app and its takedown, it's important to publicly document the issue.
Yes, let’s publicly shame and fire people over business decisions we disagree with. Cancel culture!
Ugh, app stores!
No one needs them for discovering new software. You go to the app store to get a specific piece of software you already know about and whose reputation you’ve already verified.
No one needs them for code signing. If you want the real firefox.apk you can download it from https://firefox.com/ and notice a lack of SSL alarms going off. What’s the code signing for — to let me know that HTTPS works?!
All I really want is an OS facility that only executes code that has been installed explicitly by me, and always in a sandbox. That’ll stop that dodgy email from executing r00t.sh via an exploit in my mail client.
App stores and code signing popups are proxies for that kind of OS facility, but I’d rather it was just part of the OS explicitly.
App stores leave me with all sorts of unwanted properties, namely Google / Apple throwing their unwanted opinion around. Search for Instagram in the iOS App Store: the top UI element is “InstaMap”, thanks Apple!
> No one needs them for discovering new software.
There's also people that don't know that they need "Firefox", they just want a browser. Or a tool to print envelopes or crop an image. So they search in the app store and they know it'll probably be okay.
If you search for this online you'd get a bunch of SEO spam sites, shady tools among other things. At least due to the developer fee and reviews there's at least some barrier of entry (Also if it's not perfect).
> App stores leave me with all sorts of unwanted properties, namely Google / Apple throwing their unwanted opinion around. Search for Instagram in the iOS App Store: the top UI element is “InstaMap”, thanks Apple!
Apple's search is notoriously bad and the perfect case to apply Hanlon's razor.
> So they search in the app store and they know it'll probably be okay.
Bad plan, both on iOS and Android. You should not be installing random apps unless you vet them first.
People keep going back to the "users are stupid" argument, but (particularly on Android) the app store does not protect users. Installing random apps or trusting the first app that shows up is a terrible thing to teach dumb users to do.
If you want to protect users to the point where they don't need to think at all, you need to be way more locked down than iOS/Android currently are -- you need Nintendo Switch levels of moderation, vetting, and sandboxing. The problem is that very few people (dumb users included) want that level of vetting for a smartphone.
In what sense will it be ok? Isn't a lot of the stuff in appstores spyware nowadays?
While there is generally always some small percentage of apps that don't do what they promise and slip through the review I think I can be reasonably sure that if I download something from the macOS / iOS app store it'll do what they say.
I trust it enough to believe it won't start crypto mining in the background or connect to random servers and sending the content of my computer somewhere. For the average user it's probably the better option than downloading the top Google result and just executing it.
Uh, what are you talking about? Phoning home with your data (mainly phonebook and location data) is exactly what a lot of apps are doing.
Sure, they wont do crypto mining, but that's because it would drain your battery quickly, and people would notice and uninstall.
As I said, it can happen but I'd assume it's done a lot less than on the "open" internet where there's no repercussions. At least in the App Store the developer would get thrown out, people would post it in the reviews or report to the App Store moderators.
Isn't the whole point of sandboxing and the permission systems exactly preventing phonebook and location data misuse? Especially location tracking prevention was a pretty big part of the iOS 13 announcements.
The permission system does work and is a great achievement. Along with battery monitor and the ability to easily and cleanly uninstall any app.
> I trust it enough to believe it won't start crypto mining in the background or connect to random servers and sending the content of my computer somewhere.
The current migration towards more sandboxing also helps. For instance, Android has restrictions on how much an application can do in the background without showing up as a persistent notification, and xdg-app's sandboxing can restrict how much of the content of your computer an application can access without using a file open dialog.
I don't understand why we keep falling back to uneducated users in this discussions. "Oh we're tech heads; we're not the standard audience..." ... maybe the standard audience should bother to learn something.
I live in a city now and no longer have my own tools/garage, but I know enough about my car to know the shop down the street was trying to screw me when they did a bait in switch, wanting to charge $950 for an alternator repair (and claimed my battery; less than a year old was bad). I called around, towed it to another shop and paid less than half of that...and the battery was perfectly fine.
I should have checked the reviews on the first shop because they were some pretty bad ones. Now I know better, but there are a ton of people who just accept it, maybe because they're car was already towed there and they simply don't know any better.
> I don't understand why we keep falling back to uneducated users in this discussions.
Because that is the majority of the users and because it's hard to find reliable information on the internet even if you're willing to do the research into this sort of thing. I'm certain there are plenty of things that you are probably not knowledgable about and don't put the time to learn about as well.
>Ugh, app stores! >No one needs them for discovering new software
I so badly wish I could agree with you :)
Sadly, observing the non-tech folks around me, some of which don't even know what an app is, and some of which think the only apps they'll ever use on their phone is the ones it came loaded with ... it's not true.
What is needed is an android app. store that is decentralized / distributed, where the "trust" of an app is a consensus-based score and that has the popularity of whatsapp.
I agree with this. What I'd ideally like is to keep the Play and Apple stores, but also make it possible and easy to use 3rd party stores - kind of how you can add alternative package repos in the Linux world. Unlikely to happen without legislation, mind.
> All I really want is an OS facility that only executes code that has been installed explicitly by me, and always in a sandbox.
Androids app sandbox is pretty leaky. It has a massive surface area, and the chances of finding exploits to get out of it to find root are high. Also, even from within the sandbox, there are lots of evil things you can do (for example, start on boot, and go fullscreen and use all the ram so the back and home button SystemUI process gets killed and your app is unkillable.).
The 'badness' of the android app model is a big chunk of the reason Google wants to be gatekeeper - otherwise android apps could just load and unload like webpages do. That and profit.
You say this, but rooting attempts for flagship Android phones have failed at many recent pwn2owns. The grey market price for a root exploit on flagship Android is comparable to iPhone.
The most popular third party rooting services don't seem to support past Android 8.
Clearly it isn't easy to root these things.
I wonder if part of that is that a lot of flagships seem to have unlockable boot loafers now, with a force wipe to do so. Does that have a measurable impact on the number of people trying?
It doesn't seem that way. There are still people attempting pwn2owns. The grey market value of a root exploit is still in six figures and likely higher on the black market.
Code Signing and HTTPS are two completely unrelated concepts...
Yes, but their point is: Why would you need code signing if https is working correctly when downloading software?
Because somebody might’ve changed the files on the distribution servers. We’ve been signing executables for decades?
As a matter of fact, APKs are signed anyway using the pubkey of their developers, the signature is embedded in the package, regardless of whether it's in the app store of not. You cannot use a package with a different signature to replace the existing one, the system will warn you about a conflict.
If someone has changed the files on the distribution servers. A Hacker News reader will have no problem recognizing it and stop installing, another one will compare the signature and keep it as evidence.
Of course, the overwhelmingly majority cannot recognize it though.
The product is built in a very controlled and secure environment at the core of a company's competency ... code-signing here stamps the product as authoritative and representing the company's efforts.
The website from which you, the customer, download the software often is built and managed under less controlled and more vulnerable circumstances, often with third party involvement. Any bad actor in a long chain of internal caretakers and potentially external hackers can replace the to-be-downloaded artifact HTTPS with malicious junk. Code-signing mitigates this.
Semi off-topic, but anyway, I have an supportive argument for you: APKs are signed anyway, the signature is embedded in the package, regardless of whether it's in the app store of not, it the signature has changed, you cannot use a new version to replace the previous version without manual reinstallation, it's an effectively safeguard against phishing.
But only the readers of Hacker News can recognize it. I think it's one of the most powerful argument for a walled garden. Not that I support it, but I acknowledge it's still a powerful argument.
For example, code signing can protect against an attacker that can swap the application, but not the signing certificate. It can allow retroactive disabling of a certain application by revoking the cert that signed it. In short: HTTPS ensures the integrity of the download at the time the app is downloaded, code signing at the time it runs.
Street Joe and Jane lack the technical skills to understand https://firefox.com/ from https://firefox,.com/, or what installing an app means.
"Isn't just clicking _next_ until the app starts?"
Hear Hear. I'll take that in a non-phone version too please.
SSL during download really isn’t a substitute for code signing.
But we have fdroid and the GNU/Linux ecosystem is going to eat android’s lunch anyway.
Apparently andOTP was removed for the same reason a couple of days ago: https://github.com/andOTP/andOTP/issues/396.
As mentioned in the announcement, you can switch over to F-Droid (for the time being) to get the latest version: https://f-droid.org/en/packages/com.wireguard.android.
>(for the time being)
Why do you have that caveat ? You can use f-droid forever.
I'm on an unrooted phone and F-Droid doesn't do auto-updates or even "update all". I have to remember to open F-Droid once in a while to click "Update" and then "Install" for each app, one-by-one.
I understand that it's probably Google's fault for not providing APIs/permissions but it's still terrible UX. I only use F-Droid when an app isn't available on the Play Store.
fdroid periodically automatically checks and notifies of updates to apps. You can also "Update all", using the button of the same name, but you will have to press install for each, due to the way Android works, which is a bit of a pity.
F-Droid isn't a "system app" so it can't even ask for permissions. If it was added as a system app in a custom ROM, then it'd be able to use the undocumented interfaces to install apps.
Because I prefer sticking to APKs signed by the author of the app. F-Droid APKs are signed with different keys, typically.
I agree with your sentiment in theory. Unfortunately, in practice, Google Play Store rips off my signature after I upload and sticks their own one on instead. Blah.
I thought that was opt-in still (https://support.google.com/googleplay/android-developer/answ...) unless you use app bundles, but that article makes it sound like you can bring your own key too. Do they still modify the signature in that case?
Huh, isn't that only the case for Android App Bundles?
Only if the app is enrolled to their resigning program, requires either initial agreement or signing key upload.
Typically but not necessarily. F-Droid can distribute apps with original signatures from developers if the app builds reproducibly. See: https://f-droid.org/en/docs/Reproducible_Builds/
I think he meant until the app is reinstated on the Play Store. I choose the F-Droid version whenever possible.
I wouldn't want the app from any other place than Fdroid!
Ah yes, the multi-billion dollar megacorp trying to prevent goodwill donations. Dear regulators: BREAK UP GOOGLE.
To play devil's advocate, I'm sure Google's intent is to prevent garbage apps from spamming or tricking users into paying money and the resulting PR backlash from having an app store full of shady apps.
As evidence of this, Google does allow donations if the publisher is a 501(c)(3) (see https://support.google.com/faqs/answer/75724?hl=en).
Nothing like opaque, zero due process take downs which change day-to-day unexpectedly until you wake and find your app is no longer in the Play Store.
There has to be a better way to handle these sorts of things.
Were they even notified beforehand?
A 501(c)(3) application costs at least $275 and takes 2-12 months to process. That seems all right if you're a SV SWE registering something on the side of your regular 6 figure income, but for a lot of folks around the world, that seems a largely no-go way to support their project.
If this is really an attempt at preventing garbage apps from spamming or tricking users, this is both overly broad (many false positives) and badly targeted (many false negatives). Why is it that iOS doesn't have this policy, and has significantly fewer garbage apps?
Maybe if Google were to allow third party app stores, folks could choose the one that fits their ability to evaluate the sophistication of apps themselves. For example, some folks might want to pay for extra security checks on the apps they use, while others want to install anything and everything under the sun.
So if I write a legit open source app and release it, and link to a donation page, that's wrong? I don't deserve some credit for my work?
Oh right, it's because Google wants me to have some kind of "pro" app that is effectively a license, that they can get their 30% cut of.
They don't give a damn about fraud via this method. They want their money.
You think a breakup will change anything?
Yes — if there were real competition between multiple app stores, some of which provided better systems of vetting than others (both for users and for developers), then the kinds of stores that had these policies would die off.
Then break-up is still not the solution. Microsoft didn't get split in the late 90's / early 2000's. Anti-trust case against Google / Apple seems far more appropriate and doesn't require new legislation.
All in all, that whole "break-up" argument is just political white-knighting by wanna-be elites (ie. Warren & co).
I don't follow this line of reasoning at all. By all accounts, Microsoft should have been broken up. They were convicted of abusing their monopoly position in a court of law. It was a travesty of justice that it was not carried out. Had this happened, the new companies would have been vastly more competitive, and the current state of computing might have been much better.
It's hazardous at best to assume the state of something with so much variables.
As for continuing being GAFA advocate (while still thinking they should be compelled to open up "Stores" to competition), vertical integration provides enough economy of scale to achieve ever greater complex things. Also, 1) you can't just "break-up" any GAFA. They're just gonna move out of State and be welcomed somewhere else, and 2) what you're asking put Government in a very awkward position as setting up both enough regulations to block new players, but also blocking player to achieve a certain size. Finally, this argument is getting awfully close to the "broken window" fallacy. You can't just "create competition" out of thin air.
You're right, you can't just create competition out of thin air. The competition already existed at that time. Part of the abuse of their monopoly position was to use the dominance of Windows to also capture other markets, including the Office market, Web browsers, etc. We would have had a far healthier ecosystem if the monopoly had been broken up. Look at where Lotus SmartSuite, Corel Office, StarOffice, and all the rest are today. They were not able to compete commercially in a market distorted by a monopolist, and today are shadows of their former selves.
Just because there was competition doesn't mean it was any good, nor that it was gonna last. Microsoft "decline" largely came from new technology they laughed at (smartphone and cloud computing) and to a large extend, missed on. Such an evolution is typical from the high inertia inherent to such a large structure. It forced them to evolve, for the better. Same will likely happen over time with Google/Apple, their structure will get more and more rigid, they will stop providing as much benefit to the user, competition will appear and their will be forced to open up. Apple is already starting to lose ground on the self-repair front, and both are more and more called out on the rigidity of their stores.
Amazon/Facebook is a different problem. Amazon is colliding with the old retail chain and weakening their power in DC (Amazon is not doing anything more that has been done in brick and mortar stores ~forever). As for Facebook, it is threatening Governments themselves (privacy is just just a convenient red-herring).
Or, they will all pre-emptively adopt stronger policies to avoid freeloading. OSS apps don't pay for bandwidth used in downloads, and Google is the one benefiting most from all the free apps on their platform. So if _they_ aren't comfortable with the situation, I can't see a breakup solving that.
Google will never care about the quality of an app store (for devs and for users) as much as a company with majority of revenue coming from folks using their app store. It's the fundamental problem with a monopoly business and breaking off the Google store from being the exclusive way to get apps on the Android platform will solve it because companies optimize profit.
How would breaking up google create multiple app stores? How would that actually work from a logistics perspective?
go live in china you commie
They're trying to prevent money laundering.
I don't see how this makes sense -- if someone wants to launder money, why would they need to find a donation link to their external donation system inside an android app?
I'm pretty sure they just want their cut.
Yup, I pretty much read it as this: "if you are operating an open source project then you should use ads for funding instead of donations or introduce paid features/upgrades so that we get a cut"
$50 sent, thanks Jason, no thanks Google.
A small amount relative to the value that you're giving to the world, but hopefully a few pints won't go amiss.
Fuck gatekeepers.
I too made a "fuck Google" donation to the WireGuard project today, after seeing an update and then the app disappearing entirely.
I'd love to use the F-Droid version but it's not up-to-date, and isn't published by Jason, so it's not signed by him either.
Publishing it on the website with a built in update-check might be one solution I'd be happy with, it'd only need a text file hosted on the website and a check, perhaps each time WG is activated to see if there is an update. Modern Android versions can be toggled to allow installing software from external sources, so the app could "install itself".
Though I am not using android app, I just made a $10 donation. WireGuard has been a great software for me on Desktops.
Cheers
I am not sure why it needs to be called a donation. Just let the in-app purchase unlock some cosmetics in the app like games do. You weren't going to deduct the donation from your taxes anyway.
I am curious how this ends up working out. Google takes a cut of the donations now... but the process of buying is probably easier. So maybe it will increase donation revenue, and make it easier to support free software.
(Taking a step back; it is pretty weird to have apps opening links to web pages that take your credit card number. The app store operators are right to view that with suspicion because I'm sure that for every legitimate open source project, there are a million phishing scams.)
Open source developers shouldn't be forced to lock away additional functionality in their apps, or resort to special tricks just to be able to receive donations for their projects.
Google could make a positive impact by introducing new features that help users seamlessly fund their favourite open source apps, right from their Google accounts. GitHub has recently introduced a similar initiative called GitHub Sponsors [1].
> Taking a step back; it is pretty weird to have apps opening links to web pages that take your credit card number.
There is nothing weird about accepting payments outside of Google Play, and it is allowed if the payment does not result in buying a product that is used within the app. Buying a movie ticket, or operating an online store with a third-party payment processor are perfectly fine use cases which are allowed on Google Play.
[1] https://github.com/sponsors
>Open source developers shouldn't be forced to lock away additional functionality in their app
The additional feature can just be text that says thanks for the money, feel free to give us more money in the future.
Better yet, just charge a dollar for the app. Link from the primary website to the app store, so people can buy the right one.
No thanks. If I'm donating to a good cause, I don't want the App Mafia taking a 30% cut. That just reinforces this bad behavior.
It's sort of a convenience fee. I agree with your App Mafia take but my guess is folks that can't be troubled to use F-Droid probably weren't going to donate in the first place.
For instance, D-Sub is available for free on F-Droid but costs something like ~$4 on Google Play.
AndOTP is available on F-Droid, not sure about Wireguard but I'd assume so.
> For instance, D-Sub is available for free on F-Droid but costs something like ~$4 on Google Play.
This is great solution to sustain the app developmant and spread the word about F-Droid!
so the App Mafia is supposed to host your app for free? provide the bandwidth to download it for free ? give visibility to your app thru search in the store for free ?
at some point someone gonna pay for the datacenters, the wires and all these stuff needed for software distribution.
Try running your own site on your own servers and paying for the data traffic and then do the math.
30% is ok
Ok, let's do the math:
Say app has 10MiB, 100,000 downloads is ~1TiB, 1 have a 1GiB/20GiB VPS with that monthly bandwidth which I pay $1/month.
So distributing 100,000 copies costs $1.
I'll give Google $1 for distribution of 100000 copies of my app. Fair?
Yeah, I'll give Google a bit more for payment processing, perhaps. But actual distribution costs nothing really, for most apps.
Remember that creating a Google Play account already costs $20, so for the most people the distribution costs are far more than covered.
you completely ignore the #1 cost: human cost to setup your vps, manage it, backups and whatnot etc. you gotta take all costs into account.
not every developer is willing to learn and spend time configuring & managing a server. that's not the same skill set.
Human cost is not really very well measurable.
First we're talking about the free app for a good cause, so you're already providing an app for free, so you've assumed some sacrifice for others for whatever reason, and setting up a website for it may be comparatively negligible part of the whole cost to you in terms of time.
In my case I would have already had an infrastructure and knowledge how to host things, so it might take a few minutes to put some new files up on a machine used for other projects. Additional costs being pretty much 0.
And there may be benefits (even if I didn't have the knowledge and infra) like learning something new, or now having an infrastructure and knowledge that helps you save expenses or time in the future. So that would offset the costs. You can't just look at costs alone.
Google also does the work of keeping fake versions of your app out of the store.
I remember that being a problem in the app store for windows phones. Lots of fake apps that used the VLC name and logo, for example.
Android is worth sh*t without any apps. I consider providing a market for apps and managing the quality of the market is their responsibility, business expense not developers.
If they don't like free apps, then they should stop hosting free apps if they want that 30% tax so much.
Google should be thankful in the first place that developers are making apps on their ecosystem (doubly so for open source apps), because without them, Android and the Google Play Store itself isn't worth much. It's their part of the deal to stay relevant.
Is that still technically open source compatible?
Edit: I'm referring to https://opensource.org/osd
Edit2: Having read round some more, it seems you possibly could sell a different version, of course you would have to offer the source code which others would be free to give away, (this is for the gpl). I don't know if the discrimination clause of the Open Source Definition would come into play though.
>> Just let the in-app purchase unlock some cosmetics in the app like games do.
> Open source developers shouldn't be forced to lock away additional functionality in their apps
I don't think functionality was what was suggested. Literally cosmetics. A nice banner that says thanks for supporting the project would likely be sufficient.
Edit: Although I agree it shouldn't be required. As a workaround it doesn't seem too bad though.
> …are allowed on Google Play.
Until some morning when suddenly, they're not!
Completely agree. I do not want to restrict any users.
Annoying how hard it is to be independent of FAANG control.
Would it be acceptable to Google if the only perk of buying an IAP was a little icon on the screen saying "contributor" or something?
Do they ban all donation verbiage or just IAPs that do nothing?
it's not the verbiage it's the 30% cut that google is missing when using a donation link
Oh, I see, thanks
I don’t know much about Android, but is the Play store necessary? If it isn’t, then isn’t that independence from FAANG control?
That's like telling a convenience store owner that they're "independent" of Visa and Mastercard. Yeah sure, good luck with that.
It isn't [1] but an average Joe doesn't know about alternatives and what's worse doesn't care about them because he's not affected by Google's foul play (or at least he thinks he isn't).
1: https://f-droid.org/
While I see what you are saying, it doesn't need to be "locked away functionality". You could like "sell" badges. $10 """buys""" a bronze badge, $30 a silver etc, whose only functionality is to be listed in some irrelevant "thanks for your support" view.
> "Just let the in-app purchase unlock some cosmetics in the app like games do."
Doesn't Google take a whopping 30% cut of the purchase price for both in-app purchases or direct purchase of the app itself? That's a pretty big bite out of the donation.
> You weren't going to deduct the donation from your taxes anyway.
Unless I’m mistaken, this is only possible if you’re donating to a registered charity. Many view open source as more noble, but OSS developers don’t magically get a different rule book :)
(I don’t disagree with your perspective here, but the prevailing sentiment in this thread seems to be that OSS developers should get a different rule book.)
And also, if you receive goods or services in exchange for your donation, you need to discount your deduction by the fair market value of those goods and services.
This is not tax advice; consult a tax professional for your own personal situation.
Asking consideration from a platform based heavily on OSS isn't unreasonable. Especially considering Google would benefit from the improvements those donations could spur.
> Just let the in-app purchase unlock some cosmetics in the app like games do.
I contribute to projects that are committed to never locking away features behind licenses or in-app purchases, because most open-source projects in that space eventually went down that route.
You might not have to actually lock anything away. It might be acceptable to "unlock" a theme that you could otherwise just install in some other way, or there might be some other workaround.
Like another poster said, unlock a text box, in the settings, or about page, or wherever, saying: "Thank you for your support!"
An easy way to let people know how to donate without links is just use plaintext on a page.
At the bottom of an “About” page:
Paypal: email-adress
Venmo: open-source-proj-maker
BTC/ETH: <address>
If someone is not a 501(c)3 org and just a solo person, why do donations have to go through a particular website link?
It seems like the same thing (getting money) can be accomplished without needing to use links from an app.
>I am not sure why it needs to be called a donation. Just let the in-app purchase unlock some cosmetics in the app like games do. You weren't going to deduct the donation from your taxes anyway.
My immediate thought at reading the title "So sell a supporter animation that plays in an about menu".
The problem of donation links from Google's perspective is that they are not getting their 30% cut. You might think that this is unfair, but the app is using their distribution platform.
It's possible to make open source applications and still ask for payment on Google Play, either as the asking price, subscription or by adding in-app payments for donations. This is the right way to do it, and will probably also have a much better return since the payment workflow is much easier.
I can even go along your last point. But it's a different argument to say "going through google is more efficient" or to say "you can't not go through google". Frankly, they're using their market dominant position to force free developers into a distribution model that serves them as the payment processor. I'd not go so far as to argue those are separate businesses, but it's really a blatant abuse of their power.
Arguing that this is somehow related to software quality, safety or whatever is pure BS> There is simply no other explanation for this than "it will make us money and we can get away with it."
Why is it an abuse of their power? Google and Apple are essentially saying that if you use their store as a sales funnel then they take a 30% cut, and they enforce that by being the sole payment processor on the store.
Basically Google and Apple both know that people will make more money by listing in their stores and taking a 30% cut than not listing at all.
1. most open source software is not even close to breaking even via donations. so "making more money" really is a misleading way to portrait the situation. 2. I hope we can agree that "if you use their store as a sales funnel then they take a 30% cut" is at least a use of their power. The fact that there's no recourse, no (practical) competition for the distribution, and that they're not acting in agreement with their "official" stance on free-as-in-beer or free-as-in-speech software makes it an abuse in my book. The thing is, they don't officially say "we only host apps that make us money, not at all. They say they're just platforms, facilitating exchange, blabla. Also, see point 1: "sales funnel" for projects that maybe (!) manage to break even on their hosting costs is not the right term to use here.
This is an old claim by now, but these platforms matter a lot today, and since we only have two of them, and they are not in direct competition (users cannot switch at will) they really should be treated as the monopoly infrastructure that they are. What that means concretely is subject to negotiation within society. In my opinion blackmailing the devs of an application that is essentially written and maintained as a service to the public, for free, by volunteers, is a shit move to say the least.
> In my opinion blackmailing the devs
I don’t know what you think the verb ‘to blackmail’ means, but nobody has been blackmailed or anything like it in this situation.
Correct, the more precise term here is extortion, and I can speak to that having had to face that exact criminal charge before. It follows pretty much every required element of the crime.
For the same reason microsoft had to give you an option for the preinstalled browser.
As soon as you get a certain threeshold you become a monopoly, which essentialy means you controll who does business in that sector.
It should never be allowed to be a distributor as well as the owner of a marketplace.
It's the same problem with amazon marketplace and other similar things.
EDIT: Formatting
Not exactly. Being a monopoly is fine. Google is a monopoly in search for example. It's not fine when you use that monopoly power to either stifle competition (like what MS did), or to demonstrably harm the consumer (very hard to prove).
Just because Google Play is a monopoly, it doesn't mean that it's illegal or should be fined. Especially since there are other options, like amazon's app store, or manual installation of apps.
Especially compared to iOS, Android is a paradise of freedom.
A monopoly is not defined as a 100% market share though. I'd argue the playstore is the way to distribute apps on android, and realistically a monopoly. Wether or not the "software distribution" and "payments processing" aspects of the playstore are separate markets/products is (in my mind) up for debate. If they were then google would be using it's distribution market penetration to push its payment processing business. Then there's the argument that the way they selectively seem to cut off smalltime donation-based software does harm users overall, although it is a systemic harm, not individual, or at least that would be (as you said) very hard to prove.
Except, in case of iOS AppStore, you don't have the choice of a third party store or even side-loading ability.
And they are in the process in doing so (partly by closing the platform through read-only system partition and expecting the app developer to sign the app through Apple means) with MacOS.
The platform is not yet closed, as the system partition can still be mounted in read-write mode and notarization can be bypassed for now. But their are clearly in the process to make these changes permanent in near future. Reason why they introduced them in Catalina.
Can I sell a product within any retail store and sell it without the retailer getting a cut?
The Girl Scouts sell cookies at the front door of grocery stores with an entire aisle dedicated to cookies. The stores give them permission to do so knowing the goodwill outweighs any loss in Oreo sales.
Google could make the same choice but doesn't for some reason.
How many shoppers know or care about Girl Scouts compared to the number of mobile phone users who know or care about open source?
Donations through the Play store's payment platform are prohibited, since all purchases need to give an additional value in return. The only reliable way to get donations in a compliant way is by linking to a website from the app and have a donation button there.
how long until that is prohibited though..
It's already forbidden for Apple /iOS...
https://9to5mac.com/2019/09/06/apple-extends-deadline-for-ne...
Going by your point, shouldn't Amazon be blocked since they are collecting the payment info and charging without any interference from Google? How are donation links being considered to be in violation? Just wondering!
The “30% cut” only applies to digital goods like apps, software or music. Physical goods like a book ordered from Amazon (or an Uber ride, for example) are exempt. Amazon-owned properties that sell digital goods are subject to the rule though. That’s for example why you can’t buy Audible audiobooks from within the app.
Both stores require payment through their app stores for digital goods. Neither require it for physical goods (Amazon). The donation is for the software itself and so requires payment via Apple/Google.
> This is the right way to do it
Might be convenient and great for Googles revenue, but it's the wrong way to do it if your priorities are to reduce the projects platform-dependence and to support the project with your full donation.
Usually, once I decide to contribute money to a project I want them to be as free as possible and I want them to get as much of that money as possible. Independent from the specific app store I pulled it from.
I think it's wrong that the Google Play Store treats donations like purchases.
I like the way that the author of Simple Mobile Tools [0] made donations. Applications are free and open source, but there is a paid app Simple Thank You [1].
That's also how I was thinking about doing "donationware" on a mobile app store.
Side note: They are also available on F-Droid.
[0] https://play.google.com/store/apps/collection/cluster?clp=ig...
[1] https://play.google.com/store/apps/details?id=com.simplemobi...
This is against policy. Not sure if it is enforced though
https://play.google.com/about/spam-min-functionality/min-fun...
I think it's pretty common though, for example buying a "key" separately from the main app. https://play.google.com/store/apps/details?id=com.keramidas....
How is that better than just having an IAP donation through Google? Either way Google is taking their cut right?
Yes, this is quite a good workaround, though probably less lucrative.
https://play.google.com/store/apps/details?id=com.simplemobi...
Has more than 100K downloads. i.e made at least 100K after Google cut.
> Sorry for the inconvenience. I'm sure many users are just as annoyed as I am. In the interim, luckily F-Droid has our app.[1]
Thank heavens there's an alternate way of distributing apps on Android. Say what you want about Android vs. iOS, but at least there's an alternative if you as a consumer have a beef with Google Play.
[1]: https://f-droid.org/en/packages/com.wireguard.android/
Even if the Play Store and F-Droid both disappeared, the replacement could be a community-run open directory of APKs sorted by version. At least we have options on Android.
> directory of APKs sorted by version
Something like that already exists. I had to use one of these directories once to install an older release of Signal on a relative's phone (newer releases of Signal don't work on older phones, older releases of Signal aren't compatible with the current Signal server, but there's a single version in the middle which both works on older phones and is compatible with the current Signal server; unfortunately, that phone hadn't yet updated to that release before a newer release went out).
A general comment: the need of the hour is to educate the billions of 'ordinary' computer users about the basics of software, privacy, security and trust. We must not fall into the narrative being parroted around off-late that considers end-users as pretty much dumb content consumers who should not be expected to ever know even the minimum about the underlying tech and therefore every decision needs to be made for them by a small minority of corporations, govts, and the tech elite acting as gatekeepers and overseers. This is a dangerous road to go down unwittingly. Too much de facto power is concentrated in the hands of the few while the rest are gradually trained into normalise being helplessly manipulated and told to defer to authority.
> who should not be expected to ever know even the minimum about the underlying tech
I have worked in this industry for long enough to know that even assuming a minimum of knowledge at all is a bad idea. You can fight this fight as you want, but this comment has nothing in it to convince be otherwise.
Why do you think this? It's a pretty bold statement.
(12 years of corporate IT support experience and 40 years working with tech in general)
Because it's human nature to only care about details that you believe you need to know in order to manage some part of your life.
If you don't see a clear and immediate value in learning something, you won't. No matter what anyone else says or does to try and convince you, you won't.
Then you get burned by something you didn't know, and there's a 50/50 chance you'll learn about it then, and only if you're convinced that it's something YOU have to do, that can't be managed for you.
And most people resent having to learn that much.
I no longer try to convince anyone of anything tech related. And rarely answer much when I am asked, unless I can see that the person is truly interested, not just curious about some buzzword.
Ah yeah, I see now. That's fair enough.
Not the original person but: In one company I had built a reporting system. An end user generated a report and contacted support. The report contained a column that they didn't understand the meaning of..... The column was "Date" and it was the date that had occurred. They suggested that we explained that in the generated report because it was confusing. This was a medical professional.
I've tried to educate many people on a personal level and failed miserably almost every time, being perceived and dismissed as an evangelist for some weird ideology they don't care about (and I took it very slow and tried really, really hard not to sound as one). Maybe they are right, after all? Who am I to dictate or even influence what they should care about, especially if they don't experience that clearly. People never become tech literate until it bites them in the ass. They have to face the consequences, that's how it works.
Meanwhile in 2019, most people still find "nothing to hide" attitude perfectly reasonable.
But it is actually an ideology... It's the same as why people don't care about climate change or other far removed things from everyday life.
For the normal, everyday non-tech user, they see that all their friends use these apps and nothing has ever happened to them. The FBI didn't come knocking, they weren't fired from their jobs or anything like that.
From their point of view, why should they care about repositories, digital signatures etc., when they just want to use Instagram, Snapchat, Whatsapp and so on for some after-work (or during-work) fun / brain-swithoff. They just post some silly pictures or watch some Youtuber videos.
All these concerns about privacy just don't reach the everyday reality and real-life concerns of people and is in effect an ideological thing, similar to rejecting proprietary software on the desktop due to moral and political beliefs.
> They have to face the consequences, that's how it works
The consequences (app creators changing their practices and policies) will be spread over everyone, not on individual users. As long as their friends and society keeps using it, most people will as well. If it slowly dies out, people will use whatever is new. Most people are not that much attached to using these apps, just use them out of boredom or to interact with others. They'd easily move on if that's how things evolve.
Funny that the same could have been said about actual literacy several hundred years ago. Who ever needs to be able to read and write in their everyday life? Why should I care? It's a thing far removed from everyday life, unless you're a trader or a priest or a scholar or some other expert. Today you can't imagine an adult person being unable to read, in most of the world.
Except the tech is already there, and you use it with or without understanding. You use a credit card, electricity, Internet and other communications, some kind of computing device, your entire life depends on it. And IT shapes your life way more than any other tech, so it probably makes sense to get a grasp on the general concepts at least. No need to become an IT expert, similarly to how there's no need to become a Shakespeare to be literate. And yes, being tech illiterate can fuck you up very visibly and personally, for example by losing money from a stolen credit card.
I think a better metaphor is driving. In many countries, like the US, driving is extremely widespread and most adults cannot function in the job market without being able to drive.
However only a minority of them knows how cars work under the hood. Most people understand the pedals and the steering wheel and that's it.
Same in tech. People understand there are screens, there are buttons you can click, text input fields you can type things in with the keyboard, on/off switch, sleep/standby, etc. All the things needed to operate it.
> for example by losing money from a stolen credit card.
I'm in Europe and I don't know anybody who had this happen to them, nor is identity theft a thing here. And this is mostly about phishing and social engineering anyway, not about understanding the tech background of package managers and digital signatures.
I wonder, were at some point doctors warning about cancer from second-hand smoking dismissed like that.
The still are today (unless you live in em-bubbled places like Cali.)
> Meanwhile in 2019, most people still find "nothing to hide" attitude perfectly reasonable.
I have had the exact same experience. I've long given up trying to explain anything to normies, including anything related to privacy.
I really pains me to say this, but the bleating masses are the bleating masses, and getting them to internalize anything typically takes a generation.
> that considers end-users as pretty much dumb content consumers who should not be expected to ever know even the minimum about the underlying tech and therefore every decision needs to be made for them by a small minority of corporations, govts, and the tech elite acting as gatekeepers and overseers.
That's what we do in every other domains, what's the difference here ?
The domain is information not technology.
We need to drop the attitude that technology is a new scary thing it's not. Technology is an extension of our selves we have been using it for thousands of years to expand our ability.
Pen and paper was the old technology if you don't know how to use it you are illiterate, if you don't know how to use the new technology you are still just illiterate.
The baby boomer attitude of "I can't be arsed to improve as a person so every one else has to dumb it down for me" is unacceptable.
> I can't be arsed to improve as a person so every one else has to dumb it down for me
Do you apply that to yourself out of tech ? Are you literate in art, philosophy, astrology, history, chemistry, medicine, &c. (more than surface knowledge) ? Where do you draw the line ? Is using google maps without knowing how the GPS system works in details an issue ? What about cooking ? Do you know which chemical reactions create tastes ? Are you buying food from supermarkets, why don't you hunt and grow your own ?
> The baby boomer attitude
As if millennials+ were better. Using a pc/smartphone daily doesn't mean you're tech literate, it's a prime example of familiarity != knowledge.
With the history of viruses, malware, ransomware, etc of personal computers for the last 3 decades, the average user is better served by a curated environment. I will download any random crap on my iPhone knowing that it can’t do much damage and has a strict permission system. I very careful about what I download on my computer.
We can act more effectively in the domains in which we are most authoritative, knowledgeable and able to effect change.
Yes, we, as tech workers. Most people aren't "us". It's perfectly understandable for places like the android/apple app stores to be heavily moderated.
Same reasoning for forcing people to have their cars serviced by mechanics and not do their own maintenance in their backyards. Otherwise we'd have people driving cars without pipes and DIY break pads. I'd much rather have that enforced by megacorps/govt than by an infinite amount of businesses/individuals trying to game the system.
For most people a smartphone is an entertainment device, a tool at best, they don't give a single fuck about the underlying tech and they should not. Feel free to root your phone and install whatever you want, you can't ask people to become tech literate, it's your hobby/job, not their. Our job is to provide them safe tools, not teach them about tech. Look at your own life, chances are you don't even have surface knowledge of 99% of the things you use daily, and that's perfectly fine, nobody expects you to be a furniture designer, building safety inspector and car mechanic.
In every other field people are reasonably held responsible for their failures.
As a service tech if I fill a car with tomato sauce instead of oil I pay for the car.
As a programmer I can sell all the users data, leak it to hacks, then laugh all the way to the bank.
As a furniture salesman I can requirements on materials transparency. If I break those I'm liable.
As a programmer I can totally change the rules of my application at any time.
If society wants to trust tech it will have to hold it's creators responsible.
In which country are developers above the law ?
In every country the ruling party does not understand technology. It's very difficult to regulate something you don't understand.
The back door encryption thing is a fun example of this.
Yes, and this is the real issue to me. The end user having a computer science PhD or not won't change that.
How is that? If more 'ordinary' people understood that the only functional encryption is one that is resistant to MitM etc., and the undesirability of implementing backdoors, even for ostensibly legitimate reasons, there would be far more pressure on legislators to not keep advancing these proposals than there is now.
Again, knowing that privacy is good doesn't have anything to do with the "underlying tech" and doesn't require any technological understanding. You can read a book without knowing how it was printed.
> Our job is to provide them safe tools, not teach them about tech.
But, you can't really provide them safe tools without fixing some of the behavioral components, can you.
"Don't try to lick the sharp parts, especially when running the machine" is an implicit and important (albeit obscure) part of the safety to operating, let's say, a band saw. Unfortunately, the intellectual bar seems to be noticeably higher for "When a very urgent and heavily accented Microsoft Support representative calls you out of the blue, don't type into your shiny techno-thingy what they tell you to".
I'm generally all for sane defaults and constructing to make spontaneous use possible too, but a lot of the time there is ultimately no other protection against dangerously wrong use of tools than not using the tools dangerously wrongly. Too bad that's a tall order for very complicated machines that can do vastly different things depending on configuration.
Yikes. Really? Where do you live? I can’t imagine living someplace where I’m forbidden from picking up a wrench. Heaven forbid I buy some PVC pipe. Who knows what mischief I might get up to!
For the record, I do my own break pads. And have done the master cylinder (thing that powers the breaks) on my cars a couple of times. Not just without formal training. Without any training except what I could quickly Google.
Europe. When I lived in the US I saw cars with bald tires, clearly damaged frames, spewing insane amount of smoke &c. on the road daily, I'm glad I don't have to deal with that over here.
44 states have minimum tread depth specified in the law. Almost nobody has the tool necessary to replace a tire anyway, so nobody does that themselves. So what’s your point?
Not sure why you would assume that prohibiting people from working on their cars would increase the level of maintenance.
The problem is the authoritarianism. You are advocating for totalitarian control as a solution to the possibility that some individuals might misbehave. If there is one thing we should have learned from history by now, it's that that's about the worst solution to a problem ever.
We're talking about an app store, not the Final solution. And as far as I know in developed countries companies still have to follow the law.
So? I don't understand your point. Authoritarian solutions are good as long as they are not "the Final solution" because ... ? And what does having to follow the law have to do with any of this? Even "the Final solution" was law, and in a developed country at that, so ... yeah, could you explain what your point is there?
If any rule/law = "authoritarian regime" to you I think we can't stop the discussion now and save us both some time.
> And what does having to follow the law have to do with any of this
Google is free to handle its playstore as it please as long as it follow the law, I doubt google will pull a genocide anytime soon. Setting boundaries/rules doesn't make you an authoritarian regime. If you want to pull the "this reminds me of the darkest hours of our history" card you better find something more important than an app removal from a mobile phone app store if you want to be taken seriously. But I guess it's fashionable these days to compare everything to nazi germany/fascism/_insert_bad_people_, no matter how convoluted the comparison is.
> If any rule/law = "authoritarian regime" to you I think we can't stop the discussion now and save us both some time.
Can you quote where I said anything about a "regime"?
> Google is free to handle its playstore as it please as long as it follow the law,
Which is true, but completely besides the point? I am free to call you a clueless asshole. But if the discussion is about how to have a constructive dialog, me pointing out that I am free to call you a clueless asshole contributes exactly nothing to the conversation and at best shows that I have no clue what the discussion is about.
> I doubt google will pull a genocide anytime soon.
Your point being? Authoritarianism is good when it's not a genocide, because ... ?
> Setting boundaries/rules doesn't make you an authoritarian regime.
Again: Where did you pull that "regime" from? And also, no, "setting boundaries/rules" does not make for authoritarianism, that is correct. Why did you assume that I wasn't aware of that?
> If you want to pull the "this reminds me of the darkest hours of our history" card you better find something more important than an app removal from a mobile phone app store if you want to be taken seriously.
Why? And no, simply pointing out that one thing is worse than the other is not a relevant argument, that's simply straw manning, because noone claimed that one was as bad as the other.
Nazi Germany was a pretty developed country, and its companies followed the "law" pretty well ? Imagine how useful an app store would have been to identify the "indesirables" and how long / whether the app store owner would have resisted?
Right. That means you have to pick which domains those are. Picking some to learn about means not picking others, because there's an infinity of domains. Forcing everyone to become a security expert to survive limits all their other options.
I know people are going to quote Heinlein here, but civilisation exists so that not everybody has to be a specialist in everything.
With computers you can automate oppression.
What you're asking for is technology literacy, similar to science literacy. Adults generally don't care to learn this stuff. But you can teach the next generation.
Yes, and the tech industry is already several decades old and multiple generations have come and gone, but today's tech consumers seem to be even less confident of poking behind the surface than those of the yesteryears.
And do note that there was a point in history when even basic literacy belonged to a small few who argued in exactly the same manner than tech people do today, i.e., that most people will never be able to understand basic science and maths, and we cannot hope for any better than to be benevolent dictators. Later history proved the hollowness of those claims. Today the majority in most of the developed and some of the developing countries are basically literate and what their grandparents couldn't imagine doing, they do effortlessly today. I don't see a single reason why computer sector should be any different. I'm not talking about a deep understanding of computers, just basic literacy that would obviate the excuse for tight, walled gardens and locked down devices.
> but today's tech consumers seem to be even less confident of poking behind the surface than those of the yesteryears.
To be fair, I'm less confident poking around behind the surface because what used to be relatively straight forward has become --for various reasons, few of which are legitimate in my eyes-- absurdly complicated.
> basic literacy that would obviate the excuse for tight, walled gardens and locked down devices
You can do whatever you want on a platform like Windows because they make their money off of selling support for their platform, and selling their own products for it.
Google and Apple do not make money selling support for their platform, and only Apple really focuses on selling products for it. But they both make money by tightly controlling their platforms, in order to to squeeze money from developers, [in the case of Google] from manufacturers, from carriers, from users' payments, and from all the data they collect about it all. They don't have to care about the customer at all, and they can just focus on engineering. It's the programmer's dream.
Their business model is a walled garden, and they pick the fruits of that garden. In the case of Google, they run the Android platform so they have a way to still make ad money if Apple denied them access to that platform. In the case of Apple, they run the Apple platform so they can make money from expensive consumer devices, and also use it to control more of the services/products we use.
So, it really doesn't have anything to do with literacy. Even if everyone were a genius, their choice is still A) don't use a smartphone, or B) use a walled-garden smartphone.
>I'm not talking about a deep understanding of computers, just basic literacy that would obviate the excuse for tight, walled gardens and locked down devices.
I disagree on this. I have a friend who has "basic computer literacy" as in knows how to use MS Excel, KeePass, etc. And yet, she inadvertently got a virus on her laptop. It was puzzling how she could have gotten it. She doesn't visit the usual suspects of porn/gaming/gambling/etc websites. Just normal stuff like CNN, WSJ, etc. The only reason we found out about it was her email account got locked out by the ISP. Apparently, the malware found her MS Outlook email account and used a hidden background service to send a bunch of spam messages using her email profile. Understandably, the ISP monitors SMTP traffic sent from residential addresses and when it hits an unusual threshold, they lock out the account. To clean up the malware, I reformatted her laptop and got the email reset with a new password.
On the other hand, with her Apple iPhone and the locked-down walled garden, I really don't have to worry about malware to the same degree. Yes, the Apple app review process is not infallible and theoretically, she could get infected by downloading a fake bank app that steals all her money. However, the possibilities for that nightmare scenario are drastically reduced in the closed Apple ecosystem.
Even programmers, who we'd classify has uber-computer-literate compared to the general population can unwittingly get bit by malware:
Javascript programmers vulnerable to NPM package repository malware: https://www.theregister.co.uk/2018/07/12/npm_eslint/
Microsoft's uber geek expert Mark Russinovich got infected by Sony's rootkit: https://blogs.technet.microsoft.com/markrussinovich/2005/10/...
What's the solution for those programmers? Educate them on how to use computers? But they're already educated.
Yes, I get the hacker ethos of not having locked-down devices but we also overestimate the ability for the general population to maintain safe computing devices. Heck, I'm a techie that programs in Xcode and I'm not confident I'm really literate on all the vulnerabilities of the iPhone. Thus, it seems unreasonable I would expect non-programmers to "just be educated" to make the App Store's curation unnecessary.
I want to do this with my nieces and nephew, if they and their parents are willing. I think I already screwed up, though, when I bought Amazon Fire tablets for three of them for Christmas in 2017. Granted, they were around 3 years old at the time, so maybe they couldn't handle anything more. Still, I'm wondering what I should buy them next time. My sense of nostalgia tells me that I should buy them something at least as hackable as my Apple IIGS was. But that might not be practical. As one of my best friends pointed out to me, if I buy them an all-open-source computer, they're likely to protest, "But Uncle Matt, why can't it play [insert kids' TV show here]?". And they're not likely to accept my anti-DRM stance.
Buying three year old kids tablets for Christmas is already a fuckup imo. They're not even able to have logical thoughts, don't feed them digital heroin already!
In my opinion it's not the problem of software but the problem of hardware. You can more easily write software then produce phone hardware. From consumer perspective it's quite easy to make custom computer and use custom os on it cause most of drivers are open and you can see there are plenty of computer operating systems in the world, on the other hand most of phones hardware and os is proprietary what was not an issue when we were using it for calling not using it as alternative to traditional computer. So first we need to define what is broken, from my perspective broken is phone hardware.
I know plenty about software, privacy, security, and trust.
And I'm happy with these stores and couldn't care less about your cyberpunk libertarianism.
This isn't 1984. The moment they seriously misbehave, the law will come at them, and customers will leave. Therefore they don't.
You're indulging in fantasies because you would like to believe that what interests you is all-important. That's normal: all epidemiologists belief we should talk about the flu a lot more.
But it's just a tiny slice of what matters. So don't disparage people as stupid just because they spend their energy and time with more important things than recompiling kernels.
I guess this will get lost in the noise, but a few years ago Apple relaxed its restrictions on IAP donations and allows developers to offer a "tip jar" where IAPs don't unlock any specific features. I've been shipping a free and open source app with a donate button on the App Store since mid-2017 [1].
1. https://chatsecure.org/blog/sustainable-open-source-starts-w...
Does Apple take their customary cut? I am not interested in "donating" to Apple.
They do.
Ever use a credit card to make a donation anywhere?
Apple's cut is a hell of a lot more than 2.9% + $0.30.
Never said it wasn't? Just pointing out how silly this stance is.
Balking at the difference between 30% and 3% is just as silly to you as balking at the difference between 3% and 0%?
Yes, because the balk is at the concept not the amount.
Busting somebody's balls because they're not abstracting away something as significant as 27% seems unreasonable. It shouldn't surprise you that somebody who dislikes giving 30% to apple would be proportionally less concerned about giving 3% to Visa.
It's hardly unreasonable; if their problem is, as they've said, "giving money to Apple", then it's not the amount, but the fact that Apple gets a cut at all.
And none of this is surprising, merely inconsistently applied logic. I fully understand what is happening here, clarifying statements will not help.
> then it's not the amount
Says you, but obviously that's not how most people approach matters like this. Most people can reasonably be assumed to think that differences in degree, particularly an order of magnitude apart, are very relevant. At best you're being a pedantic pain in the ass, hassling people for not explicitly stating that a difference in degree is being considered, when such considerations should be reasonably assumed even when not explicitly stated.
Says me? No. Says the person I replied to. Their outrage wasn't sparked by the size of the payment, but that payment went to Apple at all.
Nothing is reasonable about what you're writing, not one thing. At best you're being absurdly pedantic yourself, and hiding behind a throwaway no less. At worst you're trolling. I'm guessing it's the latter, so stop trolling.
Interesting. As someone who considers making an open source app with a tip jar like that I would be very interested in hearing how much that actually nets you if you want to share that info (Maybe via PM if you prefer)
Quote: "They said it was because we're in violation of their "Payments Policy", presumably because we have a link inside the app that opens the user's web browser to wireguard.com/donations/"
C'mon people, is Google we talk about, you know, those who bow to might $$$ only. You should've made a donation link INSIDE google, so they can charge their 30% before you get the money, that's how you keep your app in their store </sarcasm>.
I mean you're being sarcastic but this is how basically every other app accepts payments to support the developer. There are plenty of "buy me a coffee" buttons in free apps.
My social-network/IM app (https://movim.eu/) got also removed from the Play Store because I had a link to the F-Droid app.
The Android app is basically a web-view pointing to one of the many instances of the social network https://nl.movim.eu/?login.
Regarding the time (and also money) spent to publish the APK on the Play Store and the hassle it is to discuss with the Google moderation team I didn't bothered putting it back.
That's interesting — not a donation page, but an F-Droid page (which as far as I know doesn't accept donations)? When did this happen?
That's probably due to the "can't link to other stores" clause. There's a reason you have to manually go to Amazon.com to download their app store, you can't advertise or link to a third-party app source via a Google Play-delivered app.
As far as moneitisation is concerned it really feels as though Google want you displaying their ads or have you funnel your users through their checkout process. Anything else seems to result in apps getting flagged for violating policies around payments or deceptive advertising.
A lot of people justify Google and Apple's 30% because they provide an app store and distribution.
But Android is Android because of these apps. Without them it would be like the Windows phone which was nice but didn't get enough apps on it and so it failed.
These companies depend on our apps as much as we depend on their app store for distribution.
Fuck apple for starting this walled garden and creating a parasitic relationship rather than a symbiotic relationship.
TBH Google Maps was the killer app that smartphones needed to get off the ground. Out of 13 apps on my home screen, 7 are Google apps. Both Apple and Google did a little more than building the framework and then sitting back...
So how do you decide what a fair cut is? Over the course of a month, given all your app and system usage, and all the pieces of software you've touched or relied on, what percent of the engineer hours required for that stuff to work came from Google/Apple vs coming from third party app makers? Is that how you decide the split? Because I have a feeling the time it took to build the 15 third party apps I might touch in a month don't come close to the level of effort required to have built the system and first party apps.
"Android is Android because of these apps" but "Fuck Apple"?
I don't understand.
I said:
> Fuck apple for starting this walled garden
IIRC apple started it and now all the big players are following suite.. including even Windows 10 which has it's own app store and similar cut.
I would like to point out how the PPSSPP project circumvents this problem. It's an open-source PSP emulator.
They have the a free version available on the Play Store here: https://play.google.com/store/apps/details?id=org.ppsspp.pps...
They also have a "Gold" version available: https://play.google.com/store/apps/details?id=org.ppsspp.pps...
These two apps are functionally identical, only difference is the logo and that the "Gold" version costs money.
So if you want to contribute some cash to this project, you just buy the "Gold" version. Other open-source projects could adopt this model too to evade this policy.
The price you pay however, is that a part of the money goes to Google. Which is obviously the reason why donation links are not allowed in the first place.
This is really unfortunate. If Google is ready to arm twist a popular project like Wireguard, smaller indie open source apps stand little to no chance than to bend over. This App store gatekeeping should be illegal. Selling the hardware/OS and marketplace by the same person is more like online dictatorship at this time.
Honestly. I'm fine as long as sideloading 3rd party shops is not actively sabotaged. I tend to search stuff on fdroid first and Play store later, and that's something I just can't do on iOS.
One of our apps (https://Yang2020.app) were rejected by Apple for the same reason - having a Donate link. Ultimately we removed the link on native apps (kept it on the Web) and the app was accepted.
However, before doing this, we corresponded with Apple Developer Support / App Review Team and asked them about the Acceptable Business Models of their developer guidelines, which states:
(vii) Apps may enable individual users to give a monetary gift to another individual without using in-app purchase, provided that (a) the gift is a completely optional choice by the giver, and (b) 100% of the funds go to the receiver of the gift. However, a gift that is connected to or associated at any point in time with receiving digital content or services must use in-app purchase.
They scheduled a “specialist” to call us from Apple and discuss this. However when they called a few days later, they repeatedly declined to give a single example of how this paragraph would ever apply. We tried asking many different ways, but they kept saying we would need to submit the app with the business model to get it reviewed. They would not give a single example of an app they approved with this business model. I personally was on the phone and said that we simply wanted to be compliant and it was very expensive to build something just to be rejected, so we wanted guidance about their policies. But the representative did not know anything. I asked if anyone else on their team knew but they basically said no.
So Apple seems to have certain “platitudes” in their Guidelines which companies can’t take advantage of.
Has anyone here seen a single exception to the 30% cut? I know ApplePay may be used to purchase “real-life” items and where you can’t afford to pay 30% less to the vendor. But what about services, like booking time with a teacher? What about digital services such as hosting a videoconference? Apple takes a 30% but you have to pay Twilio. That means any web-based app would cost 30% less!
We were hoping that maybe there can be some link to buy things with Ethereum and since Apple doesn’t offer that facility we can try to argue that we need transactions to be non-reversible etc. Doesn’t Apple allow apps that allow the user to send and receive bitcoin payments to some address? BOOM!
Another thing we can do is micropayments, maybe, and tell users how they can purchase credits elsewhere. But that last part is against Apple’s rules, isn’t it?
Screw the rules, I have cryptocurrency!
Who do you trust more, to secure their infrastructure? Google or F-Droid / a bunch of volunteers who may or may not be very security-conscious?
Not to downplay the effort that F-Droid contributors (or any Android FOSS groups) make, but it's a very legitimate concern.
Would an attacker have an easier time infiltrating Google or a member of F-Droid the development community?
Are users of F-Droid higher value than users of Google Play, to warrant a direct attack? If one wants to pick off users who are fairly technically inclined, other developers, system administrators, etc...F-Droid is a pretty good place to start.
Easy answer. F-Droid.
At least read up on how f-droid does their reproducible build infrastructure before you spread FUD.
What about my comment is FUD?
Regardless of the fact that builds are reproducible, F-Droid has infrastructure. How is that infra secured? How are the servers that store signing keys secured? How are the build servers accessed? How is the access secured?
Okay, so the builds are reproducible -- is someone maintaining a concurrent system that verifies reproducibility and provides notification of a collision when things don't match up with built and served binaries?
After reading so many similar stories, here is what Google/Apple/etc should, in my opinion.
If an automated process blocks/bans/rejects something, then the message to the developer MUST say "Our automated scanner discovered..."
Any time something is blocked/banned/rejected, the message to the developer MUST explain exactly why. In the case of this article: "Your update was rejected due to a link to a third party payment system. This violates section N of our terms. The link we detected was <insert link here>."
There should be two kinds of appeal processes. Automated, and manual. You should be able to appeal or resubmit to the automated process as often as you need to.
The manual process should involve real time communication between the developer and an appeal agent. Via phone or chat. To prevent the system from being overloaded, only allow developers a few free appeals, then start charging a fee.
Developer accounts should only be fully banned after multiple manual appeals and the appeals agent determining that the developer is operating in bad faith. Automated processes should never be able to fully ban an account. It must involve a real person. Full bans also must include a detailed email to the developer explaining exactly why they have been banned.
The biggest, and most important, change these companies really need to make is including exactly WHY something happened. No more of these general "you violated our TOS" without any explanation of how the TOS was violated messages.
If only there was an alternative to the Apple app store like F-Droid is for Google Play...
Actually, F-Droid is not panacea. F-Droid apps do not have access to Push notifications. Coupled with crippled background app performance in recent Android version, it extremely limits certain classes of apps, especially all messengers.
There is, F-Droid on Android. Stop using devices you don't have root access to.
AltStore is a thing, assuming you have a Mac...
Apple can still shut it down, and you can bet they will if it gets any sort of popularity.
> Testut imagines Apple could disable the ability to sync over Wi-Fi, but that would just mean plugging in your phone once a week to continue using AltStore
How about limit the number of disable WiFi syncs and force you to plug in once every 8 hours?
I just noticed a beta version for Windows on their homepage.
Does Cydia etc no longer exist?
That requires jailbreaking the device, which may or may not be possible depending on the device and the version of iOS it's running. Recently there was a bootrom exploit called checkm8 that made possible "tethered" jailbreaks to be created for a large range of devices. But even that works only till iPhone X (and not on newer devices), and the jailbreak (if/when available) would have to be done every time the device is restarted.
If you jailbreak you also usually have to run on an older iteration of the OS and have to wait before updating. It's not really a very attractive option.
Signing up as developer, paying the fee and building the app yourself is probably the better option. Even if you have to rebuild it every xx days.
I have been disappointed in the Play Store for a while now. Last I checked, they don't display licenses either, so you can't easily tell what's free software. I get everything from F-Droid these days, and on my primary devices I never even install the google apps after flashing LineageOS.
One thing I've found to be true throughout my career: the culture and ethos of organizations is usually a direct consequence of the culture and ethos of the leader who built it initially, and remains as such loooong after said leader is gone.
Well guess what ... the android team at google and the entire android ecosystem is the brainchild of Andy Rubin, who has recently been outed publicly as a total asshole (and who everyone at Google knew was a total asshole since pretty much the start of Android).
All the things wrong with Android, including the iron-fisted management of what can and cannot run on the platform ("I know, I'm squeezing your balls til you pass out, but don't worry, it's for your own protection") can easily be traced to him.
All of these really motivates me to push for decentralized projects. If the future Is basically full of gate keepers choosing what apps can be used or not and we don’t have any platform allowing freedom then it would be a very sad future indeed
Donated via PayPal. Thanks for your work, would be great to see it in the kernel soon.
And yet games with hundred dollar microtransactions stay up fine. It's almost as if Google turn a blind eye to that which makes them richer. oh wait, that's exactly what it's like. The bastards.
Though easy to phrase it as a moral problem, I think the matter requires an unemotional analysis. At first hearing it looks like shutting down avenues by which open source app developers can gather donations, but perhaps the measure was targeted at shady money laundering operations.
Perhaps the right thing to do is for Google to offer a discounted cut to legit open source apps, from the usual 30% to a lesser value or entirely waive it off so that they can still seek contributions through Google play billing.
Just link to:
http://www.google.com/search?q=wireguard+donate
Problem solved.
I've been a regular Wireguard user for the last year and love it. Google just gave me the motivation to finally make a donation.
Thanks for the great work!
No idea why, but this app offers purchases via good old Bank Cards, without any Google mediation.
https://play.google.com/store/apps/details?id=com.navigation...
Recently, new versions "Simple ..." line of open source apps from "simplemobiletools.com "on the F-Droid app store have started popping up requests for donations. Those now need to be checked.
For anyone else publishing mobile apps: Neither Apple nor Google allow bypassing the store's purchase system by linking to external donation pages. No matter the app type, it will result in rejection.
Donation pages, maybe. But there is a lot of categories on the play store where you have to use your own payment method or can if you want to.
Some examples are purchases that can be used outside the app, eg. cross platform purchases and things like transportation and finance.
Google Play In-app Billing does not support donations.
> Here are some examples of products not currently supported by Google Play In-app Billing:
> One time-payments, including peer-to-peer payments, online auctions, and donations.
https://play.google.com/about/monetization-ads/
I wonder what would happen if you link your your home page and you have a donation link there.
How deep does it have to be before they cut you off? Can you link to a page that is only linking to another page where the donation happens? How much extra text would you need to "pass inspection". I find these kinds of arbitrary rules very unsettling. It's definitely time to break up the tech giants.
It is odd that they remove this though, I use at least two more open source apps that asks for a donation and will send me to their donation page if I click.
Break up the tech giants? How is that going to result in having 5 Androids and 6 iOSs? The nature of the technology and market is what drives consolidation. It's a testament to the quality of both platforms that we even have two options.
It was a generalised statement of how they now have too much power to decide what can and can not be put on our devices.
And before the "android can sideload" argument, how many normal people are going to do that with all the dark pattern warnings that google displays when you try to enable the feature.
The same app has the same link on its iOS app and just in the last week was updated twice.
It is however forbidden. Just because they didn't get caught does not mean anything.
Spamming users with notifications is also against the rules and everybody does it anyways.
They both say they allow it, but don't.
Both are lying to you and everyone else. They instead demand their private tax while lying to you about it beforehand.
that plus app store monopoly on each platform should mean several billion dollars in fines, if we actually enforced antitrust laws
https://abc.xyz/investor/other/code-of-conduct/
"Do the right thing"
> I appealed using their website appeal form. Thirty minutes later (was this automated, unlike the manual app review process?), I received a rejection of the appeal.
Google in a nutshell.
Again making a case for alternative app stores. Yes having a centralized software repository has its benefits, but it's starting to show it's limits ...
This is Google wanting their 30% cut. It's that simple.
Now, if only Google can remove the apps that can be downloaded and installed on youtube video interface. Those pesky apps can be install even by little children.
I would much rather donation links than the horrendous ad spam that comes with most apps.
But of course this impact googles bottom line so the sane approach goes out the window
So if a Facebook profile or article inside an app has a donation link it should get de-listed? All of Facebook fund raising should get burnt as well?!!
So... what is next? Mentioning/linking patreon profile in YouTube videos could also be bannable if one disable ads in their videos?
Uh oh, we have open-source app on Google play with Patreon banner. Seems like we have to expect trouble soon. Thanks, Google!
It's really time for a decentralized / distributed version of the play store to replace the Google provided one.
What is a FOSS app even doing on the Play Store ?!? Didn't these devs get the memo about the GAFAM boycott ??
Can we just stop distributing "donation-ware" FOSS and use F-Droid for that instead? It is not as if Google Play Store is a credible source anyway given all the hostile content (for both privacy and security). Today I learned they even remove the orig. signature [1]
[1] https://news.ycombinator.com/item?id=21268717
I can see the headlines already
> Google Project Zero researchers find 100 ZERO-DAY vulnerabilities in unofficial app store "FDroid"
Why? Google Play Store has a much larger audience and so the apps will be seen by many more people. Many people use Android and they also should be able to use FOSS apps, regardless of the platform’s privacy and security issues. Is there a reason to not join the Play Store besides something philosophical?
This OP is about an app being dropped from the Play Store because they're asking for donations. That's a pretty good reason.
(What you describe is the issue of the Google Play Store network effect.)
Because that way, we can install these applications from F-Droid, by default. That allows us to cope out of the network effect of Google Play Store, allowing the more fair F-Droid (which specifically allows donation-ware) to increase its network effect.
Totally right move! I'd rather see genital enhancement ads than those disgusting, immoral donation links.
In other news, my Pixel 3 with Google Fi keeps reconnecting to Google's VPN without asking me permission.
It's one thing if a government regulates a market, yet another thing if a company regulates it ...
A bit of a tangent, but does anyone know how Netflix gets away with not doing in app payments?
Does patreon link count?
Would linking to Patreon also be against terms and conditions?
Please make wireguard available in App Store China region.
in the same time there are dozens of free "Zodiak" and "Calendar" trial apps that charge 100+ usd a month after the first week....
The title reads like a not the onion post
How does AndOTP compare to FreeOTP+?
Aegis authenticator is much nicer than both. It also has some extra security features:
https://www.reddit.com/r/androidapps/comments/b45zrj/dev_aeg...
https://beem.dev/
And so... What ? They removed some of my apps to for this reason.
Our freedoms are being taken away one by one by those who say they are protecting our freedoms just because of capitalism -> money -> greed.
Because "there's no free lunch" in capitalism.
https://www.reddit.com/r/assholedesign/comments/dhir1i/in_th...
The question should be: When will society accept that capitalism always will kill any form of "don't be evil". There is no choice.
The Apple/Play stores are essentially a totally broken implementation of something that had existed for over a decade before: package repositories. It's embraced and extended Linux/BSD package/ports trees, except without things like the ability to add a 3rd party repository with other authors signing keys, pin certain versions, etc.
https://battlepenguin.com/tech/android-fragmentation/#packag...
We could go on about how regular users wouldn't understand or care and blah blah blah and we'll keep getting software that's neutered, tracks us and becomes more like the proverbial car with the hood welded shut; where people who know about cars have to attach several sidecars just to keep our vehicle doing what we want it to do.
Don't conflate Apple's monopoly with Google's store. Anyone can go install F-Droid or Amazon or whatever on their Android phone. The only thing stopping people is satisfaction with the status quo and/or ignorance.
However, Apple totally rules their walled garden, with some added gross exploitation to boot (recent "Sherlocking" story for Luna Display).
I have to say, I'm really disappointed how few open-source projects are even on F-Droid. It feels like every time I hear about a new OSS android app, I look for it on F-Droid and find it's only on the Play Store.
It's partially on fdroid.
It's not always trivial to submit new apps and ensure it compiles correctly on their build servers. Same goes for updates, which can be silently dropped due to any number of tool issues.
If you are a front or backend developer please consider investing a weekend or two helping fdroid improve their systems.
Are these issues documented anywhere? Otherwise it's kinda hard to fix.
E.g. I tried to submit my app to F-Droid, but I wrote it in FreePascal+Lazarus, and they did not want to include it, because they did not have FreePascal+Lazarus installed.
Not even as an .apk ?
>Anyone can go install F-Droid or Amazon or whatever on their Android phone.
F-Droid/Amazon/whatever can't automatically update installed apps unless the phone is rooted. It's not an even playing field - Google has a de facto monopoly on Android.
> unless the phone is rooted.
That's absolutely not true at all.
All that happens is that, the first time you try to install from such an application (or any other application other than your store, eg: the first time you try to install an apk after you download it from your browser), a settings windows appears telling you this application can't install more applications on your phone until you give it permissions. From there giving the permission is a two click matter, and you don't need to look for it the link is given. See the exemple 2 pictures (and that's the only two steps - note that the "settings" button in the first takes you directly to the second picture, aka straight to the right settings page for the correct application, no looking around needed): https://imgur.com/a/Vafqyic
Then you press back one time after giving the permission, which is the normal way to go back to what you were doing on android, and it works at expected, aka it goes back to the install screen except this time it enables the install button.
Any porn site like youporn and pornhub, or epic with fortnite, etc ... Do it this way with no major issue, because the messages are super clear, and where to click to allow it is super clear, no need to look for it.
If anything, this is almost too easy and I'm surprised there is not a bigger spread of malware through browsers using that, and I would be for it asking you to confirm your password before enabling that permission.
EDIT: it appears I missed that parent was talking about UPDATING apps, not installing.
That's absolutely true.
To install apps without user prompt on Android, you need INSTALL_PACKAGE permission. Guess what? You cannot use that permission on third-party apps (meaning any app installed by the user, in opposition to apps that are pre-installed on the ROM), since it's for first-party apps only. The documentation backup this claim: https://developer.android.com/reference/android/Manifest.per... Without that permission, you cannot have automatic updates.
The feature you are referring to and shows in your screenshot refers to the ability to launch an APK install prompt (that the user have to click through) using an Intent. It cannot be considered as automatic update. So, yeah, it's not an even playing field.
May be you're right but many people don't need automatic updates. I'm using iPhone and I don't update apps automatically.
Still not quite comparable. On iOS it takes 1 to n clicks to update n apps (click “update all” or “update” on each app). On a non privileged install of f-droid it takes at least 2n+1 clicks (“update all” to download the new apks, then “update” and “install” on each app, more clicks if any permissions changed).
Comment you replied to was talking about automatic updates, not installing apps. Google Play and vendor installed apps can automatically update apps in the background without needing to prompt the user for permission to install each individual update, while a typical f-droid install requires the user to click through each update and press “install” at the prompt. This can be fixed by making f-droid a system app, which requires root or an unlocked bootloader.
Yes and that is just a story. The ability to use your iPad as a second screen was first introduced by a third party app less than a year after the iPad was introduced in 2010.
This is one aspect and admittedly Android is better than Apple, but the other aspect (and more fundamental) is the ability to gain root on the system and do whatever you wish, and here both Google and Android (in the former case if not Google themselves then all the 3rd party Android vendors) lock down their devices. Rooting through exploits is not an acceptable solution.
All Google phones and Android One devices have unlockable bootloaders.
Rooting the Pixel 2 (I haven't tried the other Pixels) is not trivial for the average user, it still involves downloading third-party software and doing stuff on the command line.
I had hoped that the pure-Google devices would have just had a switch: "I am now root," but alas it wasn't to be.
I don't believe that is correct. All you need is adb and the various Android command line tools. Those are all first party. If you downloaded a third party tool to make it easier, that's fine I guess, but it's not a requirement.
Some of this I can understand. Root permissions does introduce some additional security considerations. We haven't fixed this in decades of computer usage in a way that preserves security, ease of use, and giving people easy access under the hood.
My mother would click any number of scary UAC prompts in Windows just to get to the webpage she's trying to get to. That's not Windows' fault, but it is reality.
I think what he was referring to was the need to use "complicated" tools not built into systems to gain root
I do think it is a good thing though. For people like you and me, it's easy to do, but we also understand what root is and the dangers of it. For someone who doesn't, it's better off for them to not be able to root their device in the first place.
Of course, we could bring up the catch 22 that is learning. If I hadn't tried out rooting, the terminal, modifying the filesystem etc back when I was younger and didn't know anything, I probably wouldn't know much about that stuff now.
> My mother would click any number of scary UAC prompts in Windows just to get to the webpage she's trying to get to. That's not Windows' fault, but it is reality.
It kind of is Windows' fault, because it's pretending to protect you from things it doesn't actually understand.
I have had trouble getting people to install Signal on their phones because it wants access to your texts and contacts. But it only wants that because it's a messaging app. It's not as if it uploads your texts to the Signal Foundation -- its very purpose is to do the opposite, and the source code is published so that anyone can verify as much.
But because the validation provided by mobile app stores is theater, it doesn't understand that and treats Signal the same as any random flashlight app written by Some Guy in Russia who wants to sell your contacts to Viagra spammers in order to buy a new Mercedes.
If this idea of validation and curation is to mean anything then it should be that it validates that Signal has both a legitimate reason to access your contacts and doesn't do anything untoward with them, and then allows Signal to access your contacts by virtue of you having installed it, but not so for a flashlight app. There shouldn't be a pop up allowing naive relatives to either break Signal or volunteer your contact information to spammers. Even if it's possible to grant the flashlight app greater permissions, there is no need for that interface to present itself in a way that allows users inclined to mash buttons an easy way to do the wrong thing. Use better defaults and then making changes can be six taps deep in a scary system menu that the app itself can't launch.
Which is how Linux package managers already work. If you try to put an app that hoovers up your contacts and sends them to spammers into the Debian repositories, it'll get refused. And packagers can restrict apps to by default only doing the things they ought to be able to do using apparmor and the like, instead of relying on the untrusted author or the unknowing end user. The user can still override it manually, but then you're typing things at a command line, which deters novices who don't know what they're doing and gives experienced users a red flag that there had better be a good reason why they have to do it that way.
That's correct. adb doesn't give you root privileges. For example, you cannot install system apps with adb unless you have a rooted device already.
You certainly have access to a lot of things with adb, but it can hardly be considered root on non-rooted devices.
> adb doesn't give you root privileges.
That's not true. It does have root support built in with 'adb root' that then runs future shell commands as root.
The factory image has this disabled, though, so you do need to flash a build that supports it. That would be a 'userdebug' build variant ( https://source.android.com/setup/build/building#choose-a-tar... )
So strictly speaking you can have root through purely first-party, open source, AOSP tools exclusively. It does, however, require doing a full build & flash yourself. That process is at least documented, though, so there's that. Just think of it like Gentoo
Not only does it not require third-party software, Google actually documents how to do it officially:
https://source.android.com/setup/build/running#unlocking-rec...
You're correct it's not trivial for the average user, but the average user should also not have a rooted device (nor does the average user even want a rooted device).
Is the learning curve perfect for the semi-advanced user? Probably not. But third-party software also fills this gap just fine. I don't think Google should be a required party here. They do provide officially supported tools & documentation for the process itself (and those tools work on all major platforms at that), just not a shiny GUI to do it. I think that's a reasonable point to be at.
I'm not sure that's important. If you make it too easy, it's a security hole. So, you have to wipe the device, which makes since in preventing a hostile actor from pressing the, "I am mow root" button and either dumping everything or installing malware. I also don't see an issue with google not putting a fancy gui front-end on their dev tools. They're built for advanced users, and in some ways, that's a barrier to entry to the avg. guy can't mess up his system or get phished into pressing the "root button."
> I had hoped that the pure-Google devices would have just had a switch: "I am now root," but alas it wasn't to be.
An unlocked bootloader is strictly more powerful than simply gaining root. You can even install other operating systems. The ability to safely gain root falls out as one of the possible uses of an unlockable bootloader.
> not trivial for the average user
That is a very good thing. I wish they also made "install from unknown sources" a bit harder.
Don't get me wrong, I love openness. But there must be a barrier of entry.
That would have been acceptable if in parallel Google didn't own Google Play... Remember how installing apk's was claimed to be a viable alternative to Google Play for even the average user ?
Yes, that's a real problem. At the same time, as long as Google is very clear why they are doing that I think they will be okay. After all, they already do this on Chromebook.
Now, why should they do this? Because I have seen malware sites tricking people into first enabling 3rd party apps and then installing their apk.
Not unless they are sold through a wireless carrier that aggressively locks down bootloaders on even the Pixel phones
Yes do NOT buy a Pixel from ebay/amazon because they are all Verizon or Sprint bootloader locked, even if they can work on other carriers. Carriers lock bootloaders so you can't circumvent their tethering paywalls.
Only Pixels from the official store are rootable.
Unlocking bootloader is not the same as rooting.
> Unlocking bootloader is not the same as rooting.
True, but having an unlocked bootloader makes rooting trivial.
Those wanting to root devices with locked bootloaders have to depend on exploiting security flaws in their OS to do so. This means intentionally ignoring security updates and potentially maintaining a vulnerable device just to be able to retain root. These exploits tend to be device specific as well and often carry a risk of at least soft-bricking.
Those with an unlockable bootloader can just unlock and flash in something like Magisk in a pretty much universal fashion.
Unlocking bootloader makes rooting safely possible.
Nevertheless, rooting has artificial disadvantages due to "Safety"Net. So the situation on Android isn't acceptable either.
Blame the companies that want & use DRM, not the DRM provider.
It's the same thing that happened on PC ages ago. If you don't like DRM, don't support games & apps that use DRM. Complaining to SecuROM that they are supplying market demand isn't useful. At least SafetyNet isn't a badly made rootkit that destroys your hardware and it's only real flaw is being semi-functional DRM.
> Blame the companies that want & use DRM, not the DRM provider.
I've got enough blame for everyone involved, don't worry.
> Complaining to SecuROM that they are supplying market demand isn't useful.
Appealing to the ethics of an entity that doesn't have any is not useful. But I wasn't writing to Google.
> At least SafetyNet isn't a badly made rootkit that destroys your hardware and it's only real flaw is being semi-functional DRM.
"Whatabout SecuROM"?
> "Whatabout SecuROM"?
I don't understand what you're attempting to get at with this.
PC DRM back in the day was notorious for rootkit vulnerabilities and even bricking CD/DVD drives (example: https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootk... ). The point was just at least SafetyNet isn't straight up broken like the wild-west of arbitrary DRM providers of yester-year.
This is whataboutism. Please stop.
I'd suggest you re-read that wikipedia page on logical fallacies a bit closer before attempting to accuse others of "whataboutism."
But clearly there's no value to be had to anyone by continuing to debate with you, so sure I'll stop.
Call it whatever you want: The extent to which SecuROM was harmful doesn't influence how we should judge Google's DRM. So why bring it up?
The sherlocking story is as gross as, say, systemd implementing systemd.timer so that users don’t need a crappy, third-party, paid version of cron anymore (okay, the analogy breaks down since it’s pretty hard to find something less gross). Not that I’m a big fan of systemd, or stopped using cron.
Android/Google don't make it easy though. Installing an APK requires a security setting change. Search results for "install f-droid on android" on google are very unhelpful for a general user compared to search results from DDG or Bing.
I’m fine with that being difficult. My grandmother, bless her wonderful heart, clicks on everything no matter what you tell her or do. I like being able to give her a lockeddown android device and I know that she has no reasonable way to escape the android market (which is what she wants) but I can still drill into the menus and do as i will
Nudging non-technical users to a trustworthy default store without actually restricting alternative sources is a pretty good solution for protecting non-technical users without limiting users' freedom. But it still gives the store operator an extremely strong market position, making meaningful competition very unlikely. In fact, for non-technical users it's a monopoly because they aren't in the market for apps but for apps they can trust aren't malware.
So this is no excuse for Google banning apps to protect their profits at their users' expense.
I've never used f-droid, but decide to try it on my (original) Pixel XL. I clicked "Download" and the file saved. I pulled down the top drawer and opened the file with "files". I clicked the APK and got a security warning with a link to the exact "settings" page where I change it. I clicked the security option off. I returned to files and clicked the APK again and it installed.
This is very wordy and sounds a bit complicated, but it was simply a few extra taps and it installed. A pretty good balance of not too easy that a novice might do it by accident and still accessable.
This requires users actually reading warnings and messages, which we know they don't do.
I can. But it's more a workaround. I have to allow all non-google-appstore apps to do this. Why not just allow this specific store? Similar to how repositories work.
Google neutered F-Droid's ability to do automatic updates.
Your analogy is certainly interesting... but expecting everyone to want or know how to look under the hood of their car is a little delusional. Most people don’t even know or care to check their oil. They drive from A to B and only take their car in for service when a light is illuminated on the dash or if it’s making a funny noise.
Personally, I do all my own maintenance and love to look under my hood. My wife? She’d drive a car until it was devoid of oil or coolant and the block seized up without even batting an eye lash. I’m not passing judgement here, just offering a more realistic viewpoint.
The same is true for users of apps. There’s a reason the stores have grown to be so successful, and a reason the Google store is evolving to be more and more like Apple’s.
I don’t think that they are perfect, but I also would never consider the open source package systems to be perfect either. Everything has a trade off, you can’t have your cake and eat it too.
A better analogy might be a hood locked with a separate key only Apple has. Your wife wants to visit an experienced local car shop? Pound sand.
It's best to avoid analogies. Computing devices nowadays contain all of one's information including sensitive photos, passwords, ability to authenticate, location data, and other security risks that a car doesn't pose.
Tesla.
I do wonder how crappy an opensource package repository would get if it faced the kind of sustained attack by con-men that Play & Apple have to deal with.
kind of like npm
For a brief moment in time, there was an alternative in mobile space having best of the both worlds. Back then Nokia was still a thing, Meego/Maemo OSes on some -very few- Nokia devices had apt & rpm. Nokia repository would be there by default, and you could easily go and add any package repository through their UI. Just like good ol' Linux package managers, because it was one.
In fact this capability even enabled the community of these OSes to support the platform much longer than Nokia intended to. They made emulators, enabled hidden functionality (like FM Radio), even the bootloader was unlocked so you could go and install Android -but drivers were not open-source- if you wanted. It was liberating.
Too bad it got killed prematurely, and from its ashes Windows Phone was born.
WTF Europe is waiting for ?? We have to resurrect Meego/Maemo!
It lives on as Jolla: https://jolla.com/
The primary goal of package repositories is to make available the software users need. The primary goal of Apple/Play/whatever stores is to make money.
Shocking they can ban an app that has a voluntary donations link.
“Totally broken implementation” is very close to BS, at least strongly exaggerated. They’re both highly successful distribution models. Of course, every system has downsides. You’re free not to participate
Really? It's basically impossible to distribute apps for iOS outside the AppStore and very difficult (all security, warranty warnings, settings, etc.) to distribute them outside the PlayStore.
Yeah... really. As a user, I (and >99% of others) just don't care about the distribution channel. The stores work. I've never been hit by a security issue. Choice is plentiful. Prices are ok.
So "totally broken" just isn't a rational description.
Thankfully so. Apple keeps the App Store pretty clean, legacy apps, that are not maintained enough don't make it to the next iOS release and their capability system means I don't have to trust third party apps with anything.
Of course, there are cases that essentially suffer from this, but for me as a user, I've got to say I'm pretty satisfied.
Yes, by using Apple you knew what you were getting into, however we're still butthurt from the Android bait and switch...
This might be a fine answer to dealing with a commodity product in a market with strong competition, but a terrible one for any system with limited choice and an extremely strong network effect.
Thank goodness F-Droid exists and allows additional repos to be added, and even put donation links in the app listing when possible.
Package repos don't provide analytics for developers, search for discovery, malware and abuse detection that scales to millions of apps, and loads of other features that the app stores offer. They aren't equivalent.
> Package repos don't provide analytics for developers
They can. Debian does it on an opt-in basis: http://popcon.debian.org/
> search for discovery
You can use text search on APT repositories, and probably other ones.
> malware and abuse detection that scales to millions of apps
We don't need millions of apps.
A thing I like with distribution repos is curation: only trusted people can add new packages. Of course it means less packages, but it also means there is no junk at all.
Also, whenever I needed to do something, either F-Droid already had an application for it, or there wasn't any open source app doing what I needed.
Wait.
People complain about app stores being restrictive and then you suggest only trusted people being able to distribute code that I can use? That's way worse.
Part of the complaint is also lack of transparency when a Google Play app is removed.
When I want to use some popular software and it's missing from Debian, I can usually find a thread on Debian's bug tracker with a detailed discussion on what the issues around providing this particular software are.
Doesn't F-droid (and other stores) count as a '3rd party repository'?
According to [0]:
F-Droid also allows to source multiple repositories within one app. [1][0] https://f-droid.org/wiki/
[1] https://f-droid.org/wiki/page/Known_Repositories
Huh? The "hood welded shut" analogy has always been about proprietary software. That's 99% of the Apple/Play stores already. We're already there.
My guess would be some idiot in Legal got their panties in a bunch over nothing.
all process is manually done
Deleted. Wrong thread.
Wrong thread? :)
Yes. Absolutely. Let me see whether I can delete it.
Unsurprising - Google obviously wants you to be within their walled garden. You could probably add an in-app purchase but this has been a known thing for a while now.
A lot of these threads feel like complaining that McDonalds doesn't offer more sauces, or that they don't let you leave their store with the sauce. It's their store, it's their sauce. I don't think you can even claim monopoly, because nobody needs to use these devices. We can still use dumb phones for voice and texting, and regular computers for the internet.
You have to accept that these are commercial products for commercial gain. They are not a product of or for a community. Massive corporations use these systems to create products that drive their revenue. They will do whatever works for the majority; the fact that a minority wants certain kinds of changes does not impact their bottom line, so why should they consider it? They do not care about your outrage or opinions, they care about cash.
When is an alternative Android play store coming?
To all the entrepreneurs reading this: please create one. To all the VCs reading this: please fund one.
It's badly needed. I heard Huawei is working on one but I wouldn't bet on it.
There are many: https://medium.com/pen-bold-kiln-press/best-google-play-stor...
F-Droid already exists.
Too bad you need a rooted phone with F-Droid Privileged Extension installed in order to have the same functionality as Gplay.
Yes but none of my friends and family who own an Android device know about it.
I'm talking about a mainstream alternative android store. The design of f-droid is not appealing enough.
> I'm talking about a mainstream alternative android store. The design of f-droid is not appealing enough.
Make it mainstream. Spread the word. Install it on family devices.
How else you think mainstream will happen?
1. F-Droid can't be published on Google Play Store, because they're an "alternative market".
2. Please, make it appealing for you and others! https://gitlab.com/fdroid/fdroidclient
FTP was fine. Plus it was easily mirrorable.
F-Droid has a pretty strong foundation in my opinion. It just needs more resources to be able to publish app updates more quickly. It also needs a redesign, like you said, but I don't think there's a need to start from scratch
Yes, that would be nice, but at this point it would take a few billion to replicate all the functionality - who is going to be willing to pay for that and be still tied to Google? Might as well start a brand new smartphone/OS company...
So do you mean a store run by a company that has the money and intent to promote such a store enough for everybody knows about it, e.g. Facebook, Amazon, or Microsoft?
I don't think this is a solution.
Amazon has an app store but it's just an inferior play store really. Nothing exclusive, I don't think, and just Amazon takes 30% instead.
F-droid only hosts free and open-source software, which is a very small portion of the app market.
What else would you expect? Any other commercial app store - especially VC-backed - will eventually follow suit with Google's and Apple's stores in order to maximize profit over everything else. This includes denying any kinds of donation links.
Google (Or Apple) is pretty serious regarding their app stores rules and regulations.
Google owns the app store. So, developers should abide rules imposed by Google although the rules do not seem reasonable all the time.
My suggestion is, developer can still implement in-app billing, removing "donation" wording. For the in-app item, make it as good-to-have feature like "unlocking additional app color theme".
With such, he will still abide the rule, yet able to get his monetary reward.
> Here are some examples of products not currently supported by Google Play In-app Billing:
> One time-payments, including peer-to-peer payments, online auctions, and donations.
Source: https://play.google.com/about/monetization-ads/
I know this will be against deeply against HNews but I'm open to discussion.
I don't see anything wrong with this. Charging vs Donations, I don't see what the difference is. It's people paying money for good/services/software. The primary difference is the open ended pricing model.
Google, Apple put up networks and there's value in that network. Whether someone chooses to release their app for free or charge money for it, that app is dictated by the network fees. This network is extremely powerful in terms of its distribution reach. Does it warrant 30%? That's what the market is willing to put up with, but if we're debating 30% - it should be for the whole network not just because someone has an open ended pricing model.
If this app is registered as a non-profit (which it did not look like based on the website?) then I am 100% in the wrong and do believe the app should be able to operate under different pricing schemes.
At a philosophical level - what is the difference between a free-to-use app that has open ended pricing vs a FOSS with donations?
If there is a difference, let's discuss it.
You're stating, essentially, that anyone who wants to publish FOSS software with a donation link should be forced to go through some convoluted procedure and register as a charitable organization. (where? in the US? in their specific region? does it matter? how much time will it take for them to figure out? is this even possible in all regions? does this require ongoing effort e.g. accounting, document submission, general bureaucracy?)
This is simply not how the real world works. If it ever does, you've created a dystopia.
Google are being bureaucratic twats here. There's plainly and obviously a difference between WireGuard and the 10,000,000th iteration of some bullshit F2P casual game, and there's obviously a distinction between donations and purchases - the intent of the user, for one.
That they put prole-tier support on the case and 'accidentally or otherwise' sling the banhammer at pivotal pieces of software is their problem to figure out.
True, I'll agree that going non-profit is a nightmare.
But again, what is FOSS with a donation link vs free-to-use software with pay-as-much-as-you-want.
One sounds like a non-profit while the other sounds like a for-profit.
Perhaps if you can directly show your software is FOSS via licensing etc that there should be a special exemption?
Seems like there needs to be a sole-proprietier non-profit... but man that seems like rife for abuse.
Sure, there is very little distinction. I'd argue that both are donations. Pay-as-much-as-you-want (if $0 is an allowable price) represents a donation with a slightly different funnel.
The for-profit vs non-profit distinction is immaterial to me; the distinction is between actually paying for products (e.g. buying an ingame item or support or a subscription or whatever; some sort of 'contractual' thing), and literally giving money away with no strings attached.
Google's particular funding model for their App Store is a different kettle of fish entirely - they can decide that apps beginning with the letter A pay a 90% fee and that's just how it works.
To purely play devil's advocate, there are a number of 'home restaurants' (operate out of my home) that are pay-what-you-want and operate quite profitably. I believe 100% they should be taxed (i'm totally conflating taxes and apple/google profit share but it's a form of a network fee?).
Through this discussion I do wish there was an exception for FOSS for individuals at a legal level.
I can 100% agree though that the fees which google/apple charge are extortionist.
How taxation is collected is a completely different issue and has a trillion nuances.
Not for profit status is susceptible to abuse so I'm glad the process is strict. But you're proposing that app developers should be able to self-describe as charitable in order to dodge fees? And how well do you think that would work exactly?
Having a donation link in your app that is completely voluntary and confers no benefit other than fuzzy warms (and yes, indirectly, if enough donations are acquired, continued development) should not carry fees.
I don't believe that the app stores would cease to function or even suffer appreciably decreased profit by doing so. In-app purchases result in new features or items or something being unlocked.
Donations do not. They are gifts.
I disagree with the concept of fees for the Google and Apple play stores because they are monopolies within the platform entirely, but if they must exist, attempting to charge fees for donations is just bad form.
this exactly is how the world works. if you receive money, wherever it comes from, in more and more countries it must be taxed as income. if you want it tax free, you must prove that you are eligible to do so.
the question is whether or not it is right for google to act as a gatekeeper here. i think not.
Gifts are trivially tax free in the UK excepting cases of Inheritance Tax whereby someone pretends to 'gift' an inheritance before dying instead of having it taxed normally.
It would surprise me if that were not true globally.
A donation is definitionally a gift. If it's not due to some legal wankery, rename it, doesn't matter.
it's not.
as far as i know, at least in the US only donations to registered non-profits are tax free. any other donation is taxed like any other income.
if it's a one-off, sure, calling that a donation may be trivial, but if you start getting donations on a regular basis, you have to prove that they are in fact donations, and not hidden payments for a service. if it weren't so, we would not need to have entities register as non-profit.
You can't just freely receive donations and not pay any tax. There is definitely an argument that you are donating to ensure future development of the software, essentially quid pro quo.
Edit: Wireguard literally make that case while soliciting donations
>We're extremely grateful for all donations, which enable us to continue developing WireGuard as free open source software. We are happy to receive donations from interested companies who would like to see WireGuard development continue and thrive, as well as individual donations from folks who would simply like to say "thanks".
Well, if I'm not on antidepressants yet, I will be soon.
There is no need for a philosophical debate, because Google Play In-app Billing simply doesn't support donations.
https://play.google.com/about/monetization-ads/
I have done open source development for well over a decade, thousands of hours, tens of thousands of lines of code, and I can tell you:
Considering the amount of donations I got, it would have been much more profitable to clean toilets, to just go begging in the streets, collect bottles from public trash cans for the deposit, or just sell my body.
In fact let's have a look how much I got during the past 12 months for 250 hours of work:
$0.
Had I been working as someone who climbs onto roofs and cleans the dirt off of them I would have gotten this much for that in this country:
$16500
And then, as a cherry on top, you now demand that a giant monopoly, which is trying very hard to soak up as much of people's data as possible - without paying them for it! - should get a cut from donations for my work which I genereally give away for free.
Now I can understand that you did not know this when you wrote down your opinion!
But given that you do now, do you understand how insulting this feels? :) It actually itched me so much that I created this account solely for the purpose of telling you, and I would be very happy if you could change your mind :)
Thanks for making an account to comment. I went to sleep (live in Singapore).
100% open source does not pay money for the vast majority of people, and thank you for your contributions to the community.
I also hope you understand that I get that FOSS donations won't make a liveable wage. At the same time, we want to be thanked for our contributions to the community - I get that.
My point is - by throwing up a donation link, we're circumventing their process. What's the difference between throwing up a donation link vs a Apple/Android pay link in app? It's the network fees. We're trying to avoid those because we feel they're unfair (which they 100% are).
If the Apple/Android pay fee was the same as the donation link, the majority of the time, we be using Apple/Android pay. Why not?
We want the benefits of the Apple/Android distribution network without paying their fees because "We belong to FOSS".
It is useless to discuss market or even fairness as long Google and Apple are (de-facto) monopolies for the respective phone owner.
It's a major failure of governments to allow monopolies.
100% agree that what Apple and Google take for their network is extortion pricing.
>Charging vs Donations, I don't see what the difference is.
Charging: Person paying gets something in return Donating: Person paying does not get something in return
>The primary difference is the open ended pricing model.
What does "an open ended pricing model" mean?
By "open ended pricing" i mean - pay what you want. This is very common in food industry, "house restaurants" if you will. I get a meal and very well can pay $0 or $1000.
Agreed, donations do not necessarily mean I receive anything in return and I purely want to support like clean water efforts in 3rd world countries, but policing the difference seems unrealistic.
But that seems like it should be a special non-profit category. I think I'm beginning to convert to a 'middle' ground that there should be a sole proprietor non-profit, but that seems insanely hard to police.
In most legislations they are taxed (and deducted) very differently and must respect specific characteristics (eg donators must not receive nothing of value in exchange, must not be asked to donate a minimum amount or a repeated amount, etc)
While it doesn’t touch on donations, for the “value prop” angle I strongly suggest developers read and internalize Apple’s point of view as expressed in “iOS App Store Principles and Practices”:
https://www.apple.com/ios/app-store/principles-practices/
Also on the value prop front, worth noting a variety of digital app stores at scale have found operation costs 12% to 18% fees before the hands on “40% rejection” level of oversight that Apple is providing to end users.