I despise the tell them nothing approach and I think it's despicable, but that said I think there is a more legitimate reason than the lawyers. If the person is a spammer or otherwise not legit and you tell them what they did wrong, it's a lot easier to hack around the problem and beat the automated moderation and get your malware into the store.
I don't think that justifies the harm it does to regular people, but it is a lot less sinister than just CYA.
I actually blame tech media who capitalize on every "malware in the Play Store!!!" story a lot more, and the Apple apologists who use any news of malware on Android (even if it only applies to people downloading pirated apps and sideloading them with root) to trumpet how insecure Android is. Personally I think that bad press is the primary driver behind the modern policies.
"You can read through the Malware policy page for more details and examples of common violations." is not an explanation. It's not even specifying which part of the malware policy the app violated, just that it violated it. That's the sort of thing I'm talking about- that's not an explanation, it's a simulacrum. You can see that the replies from "Cindy" are canned. I'm saying that Google owes developers some sort of explanation that is not canned and actually at least references some sort of behavior or code contained the actual app in question.
"Your app is bad and we don't like it, look at our bad things policy for examples of bad things we don't like" is not an explanation, "Your app is going this bad thing so we don't like it" is.
It's like being fired for violating company policy without at least an explanation of what happened or what policy it was. Sure, maybe that's totally legal and above board, but companies don't have to behave that way- they can choose to write a good-faith paragraph about 1) what the bad thing was and 2) which policy it violated and 3) why it was a violation. I don't see any of that in their correspondence.
I'm not saying this needs to go to an independent arbiter[0]. Google can choose what apps to allow. I'm saying that Google really does owe long-time developers explanations when they nuke their apps from orbit.
[0] though, you know, the more they behave like this, the more politics may force it on them
It was indeed against the developer agreement to do this.
But more importantly, we simply don't know whether Android is actually protecting customers or not.
If people are just clicking through a warning and having their address book copied against their wishes, that may technically shift responsibility onto them, but it doesn't mean they are 'protected' by a 'correct' platform. It just means that Android is protected from accusations.
This rubs me the wrong way. The developer is breaking his customers' apps with his copy protection, and then expects to get credit for "solving" a problem that shouldn't have existed in the first place.
Don't assume malice when it can be explained by stupidity; it is probably a confusion as there are many apps with very similar names and in the phone the publisher is usually not listed (I checked mine), so people with the malware app gave reviews to other apps.
A principle reason they give as a defense of their app review policy and walled garden approach is that it is necessary to protect users from bad or malicious apps.
I think he's inferring (or pointing out the irony) that perhaps it's not the 3rd party ones they need to be so overly concerned with.
I think a case should be made for pragmatism. Informing an app maker they are breaking rules when their app is installed on hundreds of millions of devices is the right move ... for your customers.
Would love to sympathize but I can’t agree with their “neighbour” analogy. A more apt analogy is this: If someone has illegal dealings in the past, and you conduct business with them in the present, the authorities are well within their rights to investigate you. If you didn’t know beforehand, the investigation should convince you to cease further activities. If you did know and still proceeded, it’s your own damn fault.
Tl;dr: Cut ties with the app developer, create a fresh google play dev account and deploy your app.
I do agree that Google’s customer support is sorely lacking. If they’re collecting 30% of every purchase, they need to hire real people to deal with these issues. That’s a big chunk of change to collect and not provide any service against.
Edit: While it’s tempting to play the victim, business in the real world also works this way. Businesses can end up tainted by association with sketchy parties or other businesses that act poorly. A good chunk of business is word of mouth and trusting the other party. No one wants to do business with someone untrustworthy.
The site advertises itself as free for all and unlimited usage. To suddenly return malicious responses to intentionally break these apps might very well be illegal in many countries, or maybe would make them liable for damages claims. These clients are not violating any TOS or doing anything not allowed, after all.
It does not matter what the purpose of the app was. What matters is the fact that they messed with users' phones without their explicit consent. A proper way of handling the situation would've been to warn the users and then prompt to remove the app, do you not agree?.
Why would anything have to change about this article? The developer wasn't accused of spamming or malware. You seem to be saying that if an app fails any Google policy, then that is the same as if it was spamming or malware?
Whatever their reasons may be, they may be legitimate.
But using this sentence is simply not OK:
> Because this information could be used to circumvent our proprietary detection system, we’re unable to provide our publishers with information about specific account activity.
The developer/publisher must be given a chance to correct the issues. This is simply not fair.
I'm pretty sure Google can do better than to rely on security by obscurity.
---
> Unfortunately we also have to inform our users that we could no longer support AdMob for use in their own apps either, because we can't test it anymore and can't guarantee that Google won't treat them in the same brutal way.
Couldn't it be possible that one of those users was using AdMob in a fraudulent way, and that this was then linked to Droidscript? I don't know how Droidscript works, how it creates those apps, but it could be possible that Droidscript then was responsible for the fraudulent use a user did.
I absolutely agree that from a developer point of view, this is awful, but just to play devil's advocate here, the reasoning generally given for these is that bad actors tend to tweak their apps to bypass rules a lot faster and efficiently if you always tell them exactly what to fix to get unbanned. I agree developers shouldn't be treated like this, but it still is true that malicious apps are a real problem and bad actors continually try to break things and minmax ways to get around the rules.
As users and developer, that's a side that we don't really get to see, so it's hard to judge how justified these techniques are. What alternative solution do you propose that would help developers without at the same time making bad actors lives easier.
Just because you have not experienced it doesn't mean it is BS. There are countless horror stories out there about people getting their apps removed by an automated process, receiving templated emails with ambiguous reasons for the removal that is impossible to pinpoint the exact cause, and having no way to contact any real person to ask about it.
Those situations are in no way comparable. It's wild to me you think they are.
No one is saying they are responsible for promoting your app. What we're saying is that if they're going to lock down their platform so that you can't install apps without going through their store, then they shouldn't arbitrarily, with no explanation, destroy years of good will thats been built up by genuinely building and delivering a high quality app people love.
I think you're suffering from the "just world bias", honestly. Look it up if you haven't heard of it. TL;DR is that as much as you want to believe they don't, shitty, unfair things happen everyday. Pretending they don't doesn't help the situation.
This is terrible and I feel for the developers. I trust that they are honest in their description of their side. I also acknowledge that Google have a long way to go in terms of communication.
That said, I’ll offer an alternative history...
The author hired developers who have previously uploaded malicious code to the Play store, or actively tried to circumvent restrictions on it. That developer uploaded an app, Google banned their account and all accounts that they have been contributors to.
This is a reasonable action for Google to take. It’s not like the Play store account had a long history of playing by the rules, with 1 developer being added right at the end and behaving badly. This is an account that is essentially fully tainted.
When appealed, the reviewer looked at these facts, and upheld the closure, as I believe would have been the right action.
In terms of getting further information, I would guess that Google are vague for 2 reasons: to provide more information may open them up to being sued more easily (rather like how most companies won’t say why someone was fired, or give performance information in referrals), and secondly in Google’s mind this developer is malicious, so they don’t want to provide any information that could be used to further circumvent the ban.
Now, this does put the developer who has been essentially scammed but is acting honestly in a tough position. My advice to them would be to push hard on the developer advocate and marketing side of things. Ideally they’d have done this from well before release and had a good working relationship with someone on the inside throughout the process. People say Google are bad at support, but this does happen, Google can be great at developer engagement, as can Apple, etc. I’d frame it in terms of getting a new account set up, guaranteeing that the account will not be delegated to any external entities, and probably pushing hard on the fact that the app is out and doing well on iOS. I’d push for building a relationship and being open with communication, as these are exactly what the hypothetical bad actor that Google believes in would avoid. It might take some time and perseverance, but I reckon that might be enough.
I get RH might be paying money to cleanup play store reviews, but how much is enough to justify the negative PR ?
There is another angle though - may be RH or some higher power is threatening to sue Google if they didn't help cleanup based on their own terms, which might have clause of active sabotage - I am sure they claim this is one such event.
"You may have encountered social engineering in a deceptive download button, or an image ad that falsely claims your system is out of date."
Weeeellll...I see 99% of these in Android in-app ads. So - a) this should be the end of it, or b) someone is being a bit hypocritical here. I sure hope for the former.
I don't think that justifies the harm it does to regular people, but it is a lot less sinister than just CYA.
I actually blame tech media who capitalize on every "malware in the Play Store!!!" story a lot more, and the Apple apologists who use any news of malware on Android (even if it only applies to people downloading pirated apps and sideloading them with root) to trumpet how insecure Android is. Personally I think that bad press is the primary driver behind the modern policies.
reply