> ...after taking into consideration the information that you have provided, we have confirmed that we are unable to reinstate your publisher account.
I hate when using euphemism slides into flat out lying like this. They are not "unable" to reinstate the account, in fact they are the only party able to reinstate the account, that's why the account holder was contacting them instead of someone else. They are "unwilling" to reinstate the account.
I know it's all just bullshit but it bothers me anyway.
It's not lying because there is some implicit information in the "we are unable" statement. What is implied in statements like this is that they're unable due to their policies.
If not for implications like this, almost every single use of "unable" (or "can't", for that matter) ever in a sentence would be "lying" unless something is against the laws of physics.
I disagree. If you buy a product from me with 30 day warranty and it breaks on day 31 and you contact me, I will not give you a refund because: a) I haven't agreed to do so b) I'm not bound to do so c) I don't think it's warranted in this case.
But I'm not "unable" to issue a refund.
In another case I may say "hm it's out of warranty but you know what, it really shouldn't have broken like that and you're a good customer, so I'll give a refund anyway." I can do that because I am able to issue a refund.
As for their policy, they are both the authors and interpreters of their own policy, so the "my hands are tied" argument is pure BS. If they are unable to reinstate accounts, why do they have an appeals process at all?
A pet peeve of mine is the deferral and personification of "policy". Policy is just your opinion that you happen to have written down in the past. It holds no power over you, you write the policy! It's not like the US law, which while also just words on paper, is enforced (and often chosen by) other people over you. Me deferring to the law (vs. my own opinion) has meaning because they can be different. The way we really know this is that we repeatedly see policy broken all the time -- again, because it's just a pretend separate agent, not an actual entity that wields power over you. It does in fact ultimately just serve to disguise an active action as a passive one "Oh, I checked the book of rules (that I wrote) and it said I can't let you do that. Shucks. Man, that book, its a tough negotiator. Nothing we can do I'm afraid." I think it is their right to write the rules, but just own up to it. Say "we aren't doing it because we don't want to," that's the truth, because if they did want to, they would, regardless of the "policy".
You're right, but I think you're not doing justice to the OP's complaint.
You're right that this isn't solely a faceless corporate thing. People say "I can't" when "I won't" for the same reasons Google did. We even ask "can you watch my kids?" Again, the same reasons drive the language. It lets a false but face-saving implication stand: You will pick up my kids if you can and if you won't than I'll assume you couldn't.
We also "ask" our employees or waitresses to do things, even though it's technically an order.
All this is good and fine. Language is supposed to embed cultural niceties that speak to our values and smooth relations between people.
The Orwellian shit comes in when it comes in. These cross from figures of speech into euphemization and the Orwellian point is that these things run deep. A bank manager is literally unaware of where her own prerogatives, organisational norms, hard corporate policies and regulatory rules begin and end. They are constantly implying (and thinking) that whatever is annoying/abusing their customers is not because of them. Usually it is.
You aren’t wrong, but (taking the corporate entity in question as a monolith, which is fair from the outside) “unwilling” is a much more honest word choice in cases like this since it clearly communicates that there was a real practical decision that could feasibly have gone either way. “Unable” lines up better with things that are infeasible, e.g. Apple can’t recover the data on an encrypted hard drive without the password or recovery key because it’s literally impossible or would at least require nation-state level computing resources to have a realistic shot at cracking even a weak password.
“Unable” is dishonest because it passes responsibility beyond the veil of the typical user’s ignorance. We’re so used to this sort of language that we’re conditioned to allow it even when we know it’s bullshit. It shuts down discussion and allows its wielder (inevitably a corporation) to avoid explaining itself. In the developed Western world we have a big problem with letting corporations do whatever the hell they want without explaining themselves, so I don’t think we should let them get away with this sort of thing anymore, and not being satisfied with mealy-mouthed evasion is one of the first steps down that road.
Well, I am unable to give someone your money because you won't agree. It's not against the laws of physics, but I still can't do it. Google can do it, they just don't want to.
Hell, they can even change their policies if they want, so they aren't really "unable".
Yes, but it is a dodge. Like an apology wrapped in an excuse. I read this post and I made a mental note to try to never say I am "unable" when I am unwilling. It's corporate speak that I have used myself.
But there lies the lie. When they use 'unable' they are implying that an external factor is blocking them, so arguing further is not possible and unfruitful.
As a cashier, I am certainly "able to" just hand you the goods and let you leave without paying, but in reality due to laws, regulations and good morals I am unable to do that.
As a cashier you are not empowered to make this decision. You are not "able to" violate store policy this way and keep your job. If a store owner or manager wishes to give someone a product for free or issue a full refund, yes they are "able to" do that.
The rep in TFA uses "we," referring to Google. Google is able to reinstate accounts, and The Google Ad Traffic Quality Team is able to reinstate accounts depending on their judgement of whether someone is violating policy. If they are not able to reinstate accounts, can you explain to me why they're adjudicating account ban appeals? Do they say "no" to everyone?
The key point here is that the agent(s) are responsible for interpreting the policy. They have decided that Droidscript violates their policy, and I personally have no opinion about that. But to imply that it's "out of [our] hands]" is dishonest.
Just say "upon review we've determined that your app violates our policies so we will not be reinstating your account."
It's reasonable to say you're unable to do something because it's against the law and doing it would make you a criminal. Equally its fair to say you 'can't' do something that would go against your morals.
That is not equivalent to what's happening here. There is no law preventing Google reinstating the account, and corporations don't have morals because they're not people. The only thing preventing them doing it is that the employees involved choose not to.
It would be correct correct for the Google employee to say "I am unable to..." because that is against their employer's policies. But they say "We are unable to...". "We" meaning Google, and Google is certainly not unable to reinstate the dev's account because they are unwilling to do so, which is what "against Google's policy" means.
No, you _will_ not do that, and made that decision so long ago it feels inviolable to you.
When someone points a gun at a cashier and says "this is a robbery and I'm gonna shoot you if you move a muscle," the cashier usually uses their ability to hold still out of concern for their safety.
We've gone from a world where we can run any software on our devices, to one where Apple and Google tell us how we can make money, what we can run, and what speech is permitted.
It's Orwellian, but with corporate greed instead of nation state fascism.
For a startup community, where founders will often be in a customer support role, the wording and tone of user communications (especially those with an unwelcome message) is often top-of-mind, so a language discussion can be relevant.
I’ve sometimes spent hours crafting a single reply to politely decline a request. It’s not even proportional to the prospective importance of the customer, it’s a matter of respect for all potential users.
Also, sometimes, investigating the issue to determine the right words has revealed hitherto unknown problems, uncovered new possibilities, highlighted alternative solutions that may be palatable, or even changed the outcome entirely.
Discussing the language used is actually thereby more productive & constructive than simply piling on Google for being careless, callous and pompous yet again.
Yeah I don’t get why it’s top comment either, I just meant to vent about an annoyance that’s frankly not material to the question at hand. I was unable to refrain from laughing at your quip incidentally.
Plain English is a wonderful thing. I wish it were used more often.
Non-plain English is usually a flag that the person you’re dealing with is not smart.
The usage of plain English words is something we do strive to see more often. We do hope that it can be utilised more often going forward. Unfortunately at this time we advise that the occurrence of non-plain English may indicate a violation of our MTC (minimal thought capacity) guidelines.
> Non-plain English is usually a flag that the person you’re dealing with is not smart.
I don't think it's that they're not smart. It's that they have a separate agenda, often deflecting responsibility. People often use this sort of indirect wording even without consciously realizing it.
This stuff is on the rise. I used to be able to resolve issues with customer service And they would admit fault. It’s becoming a liability shield where no one accepts fault.
The comments created by this “unable” vs. “unwilling” matter exemplifies but one reason I love HN. I know of nowhere else I can read intelligent back-and-forth arguments in Philosophy, Linguistics, Information about a Google Ads email—-one I find of importance as, I too have received such emails from big G over the past decade... And, like DroidScript, the experience was devastating for my business. But the more painful, the better. Failure is feedback. And because of my painful past experiences with Google, it’s impossible for me to forget. It’s a case study in Diversification vs. Focus. The downside of Focus is... “A business of one is a business of none.”
Yes the wording is intended to soften the interaction.
They use “we” to refer to the team you are interacting with emphasis on bound by the company policy/process
You may see “we” as the company itself setting its own policy/ process
> In your case, we have detected invalid traffic or activity on your account (Publisher Code: pub-********) and as a result it has been disabled. Because of this, the ability to serve and monetise through all products which depend on AdSense will also be disabled (for example, AdMob and YouTube).
> We understand that you may want to know more about the issues that we’ve detected. Because this information could be used to circumvent our proprietary detection system, we’re unable to provide our publishers with information about specific account activity.
> Once you’ve made changes to your site(s), app(s) or channel(s) to comply with our programme policies and terms of service, you can reach out to us using our appeal process. Please make sure that you provide a complete analysis of your traffic or other reasons that may have led to invalid activity in your appeal.
I realize that the term Kafka-esque is a bit overused nowadays... but this sounds exactly like a plot summary of Der Process.
I used to work detecting ad fraud. Publishers would do bad things, call in, and try to get their account rep to get details.
Obviously I can't say "of the last 2500 ad clicks zero of them had any mouse movement over the ad before the click event" because then the publisher obviously just fixes their fraud software.
This isn't specific to Google or even advertising. Every company has figured out when dealing with abuse and fraud sharing the minimum amount of information is beneficial to the health of the ecosystem as a whole.
There are several similar examples on android development subreddit. The best one which comes to my mind if when a developer got their account suspended because they were using a trademarked name in their metadata. The trademark name was "Windows". The developer was referring to house windows, not the Microsoft Windows....
Note that apparently there's a late-ish ‘restoration’ that seems to correct some of Max Brod's editing decisions so that the plot is more straightforward, if that can be said of the novel. Literally the chapters' proper order is unknown.
I listened to the audiobook of that (read by Geoffrey Howard), and while the reading itself is fine, you'll want to avoid the editors' preface because it gives out some plot points and the ending. (PSA: if you make audiobooks, don't put editors' or critics' opinions anywhere before the end, even in ‘footnotes’. Only clarifying notes for unfamiliar terms.)
This article is big news, because it shows that Google will permanently yank your Android app if your website violates AdSense's secret fraud detector! If you're running Google AdSense ads and you have an Android app that you care about, take down the ads immediately and switch to another vendor.
AdSense is the product where Google pays you for running banner ads; they can and frequently do kick people off of it for secret reasons. When my company was kicked off of AdSense back in 2010, I wrote about it extensively. https://www.choiceofgames.com/2010/08/were-banned-from-googl...
Google will never tell you why they ban people from AdSense, and there's no effective way to appeal. (They have an "appeal" process, but what are you supposed to write in the appeal when the charges against you are secret?!)
At least we can still publish Android apps, right? (We now run Facebook ads instead.)
But Google's email to DroidScript saying that the DroidScript app was removed from Google Play Store for "Ad Fraud" says otherwise.
Publishing status: Suspended
Your app has been suspended and removed due to a policy violation.
Reasons of violation
APK:206 Ad Fraud
App violates Ad Fraud policy.
Surely Google could have just revoked DroidScript's access to Google ads, while allowing DroidScript to ship on the store, like they did for us.
If Google ever yanked our Android app over "ad fraud," we'd have no recourse. We've appealed our AdSense rejection a dozen times over the last 10 years and we always get a form letter rejection. We have no idea what they think we did wrong, and we never will, so we can never fix it.
Thank god we don't run AdSense ads anymore. Based on this, I never want to run them again!
Maybe, but in this case they had advertising in the app which Google is claiming may have been fraudulent, and it seems everything ballooned out from there. There’s no indication that this has anything to do with advertising on their website.
Yeah I think claiming Ad Fraud is pretty much on the libel side of things, also I'm not sure why hasn't any developer taken legal action against outlandish Google practices yet.
There was at least one small claims case (exactly about the unexplainedness of the termination), where in the end Google produced logs that showed that the ToS was violated.
if you don't interlink your app account and your website's adsense google account, then this _shouldn't_ really be an issue right?
So i say always maintain separate google accounts for individual apps, for individual usages. Separate your personal google account from your business account, from your ad-network account etc. And i would argue that each individual app should own their own account (you pay for this of course, because of the fee per account i guess).
Google are wise to this; they'll hit you with an "associated account" ban. All your company accounts, app accounts, ad accounts, personal accounts, your spouse's, dog's, dentist's account - all banned.
This looks like the best course of action in the current situation.
Now the different accounts would still be linked to the same entity, and as stories like this make the news, more people would split their services on multiple account. As a response, it doesn't look like a stretch to me if next time Google would go after all account owned by the entity the deem responsible.
I mean, they already crossed the line of banning all services associated with an account. Wouldn't be surprising if they cross a few more lines as long as there is no critical impact for them.
And blood-black nothingness began to spin... A system of cells interlinked within cells interlinked within cells interlinked within one stem... And dreadfully distinct against the dark, a tall white fountain played.
"DroidScript is an easy to use, portable coding tool which simplifies mobile App development. It dramatically improves productivity by speeding up development by as much as 10x compared with using the standard development tools. It’s also an ideal tool for learning JavaScript, you can literally code anywhere with DroidScript, it’s not cloud based and doesn’t require an internet connection. Unlike other development tools which take hours to install and eat up gigabytes of disk space, you can install DroidScript start using it within 30 seconds!"
So... having read through their marketing material, this is an on-device tool that opens up what appears to be most of the Android application API to at least the user of the device, and potentially to any Droidscript applications they grab from other sources, and... maybe to other apps on the device? It's not clear from a quick read how extensive the runtime control is.
So just right out of the gate this is defeating basically the entirety of the Play Store vetting process. Droidscript itself may not be engaged in advertising fraud, but it makes advertising fraud trivial to deploy. (And it needs to be said: this is the kind of app that would never have been legal at all on any version of iOS.)
Add to that that it's a closed source IDE for an open platform, and my intuition sides with Google here. My guess is that when details come out it will turn out that at-least-plausibly harmful Droidscript garbage was being pushed to users and Google decided to kill it.
> this is the kind of app that would never have been legal at all on any version of iOS.
Pythonista is a complete Python programming environment which provides access to camera, music, contacts, the network, and so on, and has been available for iOS since 2016. What specifically distinguishes Droidscript from Pythonista such that you think Apple would reject Droidscript?
I think your thoughts on this are plausible, if not likely. However, the usual complete lack of communication by google is the actual problem. Perhaps droidscripts could mitigate googles concerns, if they had the decency to explain them.
> Add to that that it's a closed source IDE for an open platform, and my intuition sides with Google here.
If I can't ship my closed source IDE on the platform is the platform really open?
> My guess is that when details come out it will turn out that at-least-plausibly harmful Droidscript garbage was being pushed to users and Google decided to kill it.
Of course they will say it was because x, y, and z were done to protect the users. But is it really for the users' benefit or just about control over their walled garden?
Yes...Droidscript allowed one to use the tiny computer in their pocket similarly to the way one could use the large computer on the desk. One could script small apps on their tiny computer and they could access most of the same api as java apps. It was pretty awesome.
> My guess is that when details come out it will turn out that at-least-plausibly harmful Droidscript garbage was being pushed to users and Google decided to kill it.
Yes, I'm sure Google will carefully release details that paint them as the good guy. Certainly, we don't want to be needlessly unfair to them, but there is zero reason to give them free trust them at this point.
We're talking about a development tool. Of course it's going to make any use of the device possible -- that's the entire point. If the point here is that any development tool shouldn't be allowed in the store (which I think google and apple are mostly fine with), that's a pretty sad thing in my opinion. Maybe google is "right" in enforcing their policies, but is it helping anyone?
> Droidscript itself may not be engaged in advertising fraud, but it makes advertising fraud trivial to deploy.
No more than being able to build an app on my laptop and push it over ADB.
> (And it needs to be said: this is the kind of app that would never have been legal at all on any version of iOS.)
It also needs to be said that this is why I don't use Apple devices. What they inflict on their platform is not an argument for what should happen elsewhere.
> Droidscript itself may not be engaged in advertising fraud, but it makes advertising fraud trivial to deploy.
I think that this is what has happened. The author of DroidScript claims that
> Unfortunately we also have to inform our users that we could no longer support AdMob for use in their own apps either, because we can't test it anymore and can't guarantee that Google won't treat them in the same brutal way.
So apparently users were able to do stuff with AdMob on DroidScript's back, and maybe AdMob registered these fraudulent actions with some Google-ID which was assigned to DroidScript.
I don’t get your point. Sideloading apps was always possible on Android even without a jailbreak. We’re not in Apple world, so it’s unclear which Playstore rules got broken here.
The fact that Android Play Store had apps like that all the way back to the earliest days is precisely why some of us have an Android phone rather than an iOS one. There are full-fledged Lua, Python, C++, Java etc IDEs there.
Chrome is closed source and has developer tools, and has damn near every permission Android provides. You can app your apps on it, as long as they are of the web variety. Should we not ban chrome too?
If droidscript enables ad fraud, isn't it an issue with how the android sandboxing model is fundamentally broken? Given that there are far more people using phones than computers, and a lot of new smartphone users will have never used a desktop or laptop computer, droidscript might be their first venture into programming and/or hacking. Let's not shut it down.
Whatever "open platform" might mean Android is becoming less and less of one as Google has made huge efforts to move more and more core operating system functionality into closed source Play Services and continues to remove developer access to many APIs in the name of security. In fact what you're advocating for in this comment is to make the platform less open.
> (And it needs to be said: this is the kind of app that would never have been legal at all on any version of iOS.)
Exactly, iOS is not an open platform and Google has decided they want to be more like iOS.
Still seems strange to me they focused so hard on the ad fraud part of it, unless they had a sudden change of heart and needed an excuse to get Droidscript out of the Play Store. They could just as well simply have said that any app that allows for easy, arbitrary code execution is a security liability and won't be accepted on the Play Store, which does include a fair number of root-required tools that have been removed at some point before. I don't necessarily agree with it, but that'd be a pretty believeable justification.
My gut feeling says these devs aren't telling the whole story.
> So... having read through their marketing material, this is an on-device tool that opens up what appears to be most of the Android application API to at least the user of the device, and potentially to any Droidscript applications they grab from other sources, and... maybe to other apps on the device? It's not clear from a quick read how extensive the runtime control is.
When did we collectively decide that programmable computers were a Bad Thing?
Interpreters are problematic as they all are for executing what amounts to arbitrary, un-vetted and unsigned code. Weather or not to allow them should be up to the user and it is. Google is saying here, if you want this, you'll have to sideload it.
This is my primary hacking tool for throwing little scripts together on Android. You can bring up an IDE in chrome on your PC and interactively execute it on your phone. I hope this gets fixed.
I wouldn't really be surprised if EVERY scripting/programming app in the play store technically violates some play store rules, though.
Well damn, now I want to download it. I've never gotten into mobile development because getting started always seemed like a chore, but this sounds like it would be fun to play around with.
Was it used to publish malware? Given that it's a general purpose scripting tool I can imagine that some people would abuse it and use it as some sort of backdoor to get clueless users to run malware without having to publish it on the app store.
If that's the argument I can sort of see Google's point here. The Play Store is supposed to be curated and the application should follow certain guidelines. This tool as I understand it effectively provides a loophole that lets people run non-curated code without jailbreak. I know that Apple removed apps for similar reasons in the past.
TFA is a bit misleading, the whole "AD FRAUD" angle is frankly irrelevant, it's just that since Google considers that the app violates the guidelines it can't be eligible for the ad program.
> This tool as I understand it effectively provides a loophole that lets people run non-curated code without jailbreak.
Installing non-curated apps has always been supported on Android - no jailbreaking required. Just get an APK either straight from the developer or through any number of alternative app stores, open it, click the "yes, I'm sure" option in the security popup and you've got yourself an app.
One of the specific features of DroidScript is that it is a remote IDE. That is, when you start DroidScript on your phone it will serve the IDE UI via HTTP and you can then connect it by using your phones IP address (DroidScript conveniently gives you a URL to use). Maybe that is the reason for Google's decision.
Also, according to DroidScript itself, Google accused them of ad fraud, so maybe there is something there.
This is the same story that HN readers have read hundreds of times over the past couple of years, just with different subjects.
Independent developer/small organization gets their app/YouTube channel/Google account shut down overnight because of false positives triggered by their system.
It takes weeks and insistence with bots to just get to speak to a human.
When you get to speak to a human, they usually respond with template responses and refuse to provide further information.
Rinse and repeat the same kafkanian process again and again.
In all honesty, what the hell is everyone waiting to get off Google? Gmail accounts, app stores, YouTube, ad networks... Alternatives exist nowadays for all of the products developed by a shapeless and faceless corporation that listens to nobody.
I wish a long and successful journey for the Droidscript guys on F-Droid or any alternative store. Time for Google to understand that without the content uploaded by us (users, creators and developers) they are nothing but a useless empty box.
The idea that there are alternatives for anyone but a fringe market without Google is pretty short sited, for example my phone warned me 4 times before it would let me install and use f-droid, each message made it sound like proceeding was compromising my phone.
It's a synthetic but effective barrier to prevent the majority of people from setting it up.
The mobile environment is as bad as chit, and company stores. This won't change by the will of the people alone.
DroidScript users already sound like a fringe market. Seems like the perfect candidate for F-Droid, however I don't know what the F-Droid policy is on showing ads (which sounds like they are not too concerned about keeping in the app, anyway).
Google is 1/2 of the mobile duopoly. No app developer can avoid Google Play Store (for publishing their apps) and Firebase Cloud Messaging (for sending push notifications to their apps).
I have ~800 applications installed on my phone and there are fewer than a dozen of them that I would not immediately uninstall were they to send me a push notification. I don't buy that "no app developer" can avoid using FCM, the overwhelming majority of applications have no use for them besides spamming users with desperate pleas to return to a screen that can serve advertisements.
I wonder if it's even a false positive. Imagine some ad fraud agency is using droidscript as a means to click on ads programmatically in a completely different app (which seems possible based on the overview) - how does Google distinguish between that and any other app using the same APIs to fraudulently click ads? What if there's actual malware that uses droidscript as a vehicle to do this to unsuspecting users' phones at night?
Well there's theoretically a very easy way to do it: static analysis of the source code, especially if it's open source like in DroidScript's case :)
Does it look like any of the references to the malware domain could come from the app itself? Then it's the app's fault. Otherwise, it's the user's fault.
You can also use Python to write ad bots and malware, but that's not a sufficient reason to ban the whole Python language (or any other programming language).
There's a good chance this app was being used as a vector for hacking, spamming or ad fraud. Not by the developers of this app, but by others who found this app being a useful way around the security of the Google Play store approval process.
> Alternatives exist nowadays for all of the products developed by a shapeless and faceless corporation that listens to nobody.
Do they exist? True. Are they "good enough" for the average person? False.
To add insult to the injury, they have nowhere near enough reach to build a network effect outside the narrow community of tech geeks or communities that are somehow underserved by the status quo (including communities built around repulsive things, which gives bad reputation to open and uncensored solutions).
Nonsense. Google is very large and you'll find situations like this in any large sample size. There's really not much more to be said; on the whole google works great for most people. Maybe this particular case has a legitimate grievance (in which case it's a false positive but many FPs exist at scale) or maybe they're opening up programmable interfaces in a way that was never going to fly with play store.
Whatever their reasons may be, they may be legitimate.
But using this sentence is simply not OK:
> Because this information could be used to circumvent our proprietary detection system, we’re unable to provide our publishers with information about specific account activity.
The developer/publisher must be given a chance to correct the issues. This is simply not fair.
I'm pretty sure Google can do better than to rely on security by obscurity.
---
> Unfortunately we also have to inform our users that we could no longer support AdMob for use in their own apps either, because we can't test it anymore and can't guarantee that Google won't treat them in the same brutal way.
Couldn't it be possible that one of those users was using AdMob in a fraudulent way, and that this was then linked to Droidscript? I don't know how Droidscript works, how it creates those apps, but it could be possible that Droidscript then was responsible for the fraudulent use a user did.
TL;DR: They are being accused of ad fraud, without any evidence provided, and they are asked to reply with an analysis of why they think their traffic ?? is legit (when they have no idea what is it that Google considered "not legitimate").
The biggest issue here I don't think is the malware tag, but the ad fraud accusation.
Even thought as somebody pointed out the page linked can be biased, based only on what they state and the emails from Google, this is another case of David Against (automated) Goliath.
From my point of view this is just another drop in the pound of what is already being built as a case against Google (and also Apple) for monopoly.
P.S.: I've used Droidscript in the past, and I do think it's too powerful an app that can be abused. But that happens to a lot of things in life, right?
the ad-fraud accusation is my biggest concern as well.
they provide no information or clues leaving the author to guess.
the author guesses that somehow someone extracted their identifiers from the apk.
google comes back and says more clearly that it's something to do with how the ads are positioned, essentially accusing them of trying to trick people to accidentally click.
this information should have been provided before the appeal, and google gains literally nothing from hiding this information from the author.
the malware claims have more validity, but the way they handled the ad-fraud claim is inexcusable.
Ad fraud will just fix their errors if Google provides any information about how it detected the ad fraud. They're fine with some false positives if it means 99%+ of ad fraud is squashed.
It is extremely possible that from Google's point of view, an inability to give such an analysis is itself justification to remove the app from the Play Store.
If Droidscript is flexible enough to allow end-users to create an ad fraud engine, it's too flexible for the store. Play Store is relatively consistent in its position that a tool that bootstraps policy violations is itself a policy violation.
But it would be great if Google could offer a concrete reproduction case, and from a developer-service standpoint it completely sucks that they don't.
Is there a service where I can host a raspi on my network and let people send it instructions about which ads should be clicked on and it gradually earns crypto over time?
I'd love to make some money while fucking with ad networks... :)
The only thing approaching malware I've experienced on Android was delivered via Google's own ad network. Given what little happened after reporting said malware one can only assume that they apply a very different set of rules to app developers.
Readit News
I hate when using euphemism slides into flat out lying like this. They are not "unable" to reinstate the account, in fact they are the only party able to reinstate the account, that's why the account holder was contacting them instead of someone else. They are "unwilling" to reinstate the account.
I know it's all just bullshit but it bothers me anyway.
If not for implications like this, almost every single use of "unable" (or "can't", for that matter) ever in a sentence would be "lying" unless something is against the laws of physics.
But I'm not "unable" to issue a refund.
In another case I may say "hm it's out of warranty but you know what, it really shouldn't have broken like that and you're a good customer, so I'll give a refund anyway." I can do that because I am able to issue a refund.
As for their policy, they are both the authors and interpreters of their own policy, so the "my hands are tied" argument is pure BS. If they are unable to reinstate accounts, why do they have an appeals process at all?
You're right that this isn't solely a faceless corporate thing. People say "I can't" when "I won't" for the same reasons Google did. We even ask "can you watch my kids?" Again, the same reasons drive the language. It lets a false but face-saving implication stand: You will pick up my kids if you can and if you won't than I'll assume you couldn't.
We also "ask" our employees or waitresses to do things, even though it's technically an order.
All this is good and fine. Language is supposed to embed cultural niceties that speak to our values and smooth relations between people.
The Orwellian shit comes in when it comes in. These cross from figures of speech into euphemization and the Orwellian point is that these things run deep. A bank manager is literally unaware of where her own prerogatives, organisational norms, hard corporate policies and regulatory rules begin and end. They are constantly implying (and thinking) that whatever is annoying/abusing their customers is not because of them. Usually it is.
“Unable” is dishonest because it passes responsibility beyond the veil of the typical user’s ignorance. We’re so used to this sort of language that we’re conditioned to allow it even when we know it’s bullshit. It shuts down discussion and allows its wielder (inevitably a corporation) to avoid explaining itself. In the developed Western world we have a big problem with letting corporations do whatever the hell they want without explaining themselves, so I don’t think we should let them get away with this sort of thing anymore, and not being satisfied with mealy-mouthed evasion is one of the first steps down that road.
Hell, they can even change their policies if they want, so they aren't really "unable".
Were the implied statement made explicit, then yes it'd be accurate.
Unable due to their policies, which they wrote and they can change (and which they often choose not to follow anyway).
I agree with OP - it’s not that Google isn’t able to do this, it’s that Google doesn’t want to.
Deleted Comment
https://youtu.be/Y1QQSFlm0dI?t=81
The audience is laughing because this notion is ridiculous.
The rep in TFA uses "we," referring to Google. Google is able to reinstate accounts, and The Google Ad Traffic Quality Team is able to reinstate accounts depending on their judgement of whether someone is violating policy. If they are not able to reinstate accounts, can you explain to me why they're adjudicating account ban appeals? Do they say "no" to everyone?
The key point here is that the agent(s) are responsible for interpreting the policy. They have decided that Droidscript violates their policy, and I personally have no opinion about that. But to imply that it's "out of [our] hands]" is dishonest.
Just say "upon review we've determined that your app violates our policies so we will not be reinstating your account."
That is not equivalent to what's happening here. There is no law preventing Google reinstating the account, and corporations don't have morals because they're not people. The only thing preventing them doing it is that the employees involved choose not to.
When someone points a gun at a cashier and says "this is a robbery and I'm gonna shoot you if you move a muscle," the cashier usually uses their ability to hold still out of concern for their safety.
The distinction matters.
We've gone from a world where we can run any software on our devices, to one where Apple and Google tell us how we can make money, what we can run, and what speech is permitted.
It's Orwellian, but with corporate greed instead of nation state fascism.
Though FWIW I’m unable to disagree.
I’ve sometimes spent hours crafting a single reply to politely decline a request. It’s not even proportional to the prospective importance of the customer, it’s a matter of respect for all potential users.
Also, sometimes, investigating the issue to determine the right words has revealed hitherto unknown problems, uncovered new possibilities, highlighted alternative solutions that may be palatable, or even changed the outcome entirely.
Discussing the language used is actually thereby more productive & constructive than simply piling on Google for being careless, callous and pompous yet again.
Non-plain English is usually a flag that the person you’re dealing with is not smart.
The usage of plain English words is something we do strive to see more often. We do hope that it can be utilised more often going forward. Unfortunately at this time we advise that the occurrence of non-plain English may indicate a violation of our MTC (minimal thought capacity) guidelines.
I don't think it's that they're not smart. It's that they have a separate agenda, often deflecting responsibility. People often use this sort of indirect wording even without consciously realizing it.
They share your phone/email with lots of dealers if you request a quote and don't read the fine print like I didn't...
You may see “we” as the company itself setting its own policy/ process
> We understand that you may want to know more about the issues that we’ve detected. Because this information could be used to circumvent our proprietary detection system, we’re unable to provide our publishers with information about specific account activity.
> Once you’ve made changes to your site(s), app(s) or channel(s) to comply with our programme policies and terms of service, you can reach out to us using our appeal process. Please make sure that you provide a complete analysis of your traffic or other reasons that may have led to invalid activity in your appeal.
I realize that the term Kafka-esque is a bit overused nowadays... but this sounds exactly like a plot summary of Der Process.
"Which policies?"
"That's none of your business."
"How are we violating them?"
"I'm not going to tell you."
"What can we do?"
"Fix the issues, and then appeal."
"Which issues?"
"I've said too much already."
Obviously I can't say "of the last 2500 ad clicks zero of them had any mouse movement over the ad before the click event" because then the publisher obviously just fixes their fraud software.
This isn't specific to Google or even advertising. Every company has figured out when dealing with abuse and fraud sharing the minimum amount of information is beneficial to the health of the ecosystem as a whole.
https://gutenberg.org/ebooks/7849
It's a really entertaining read.
And yes, it perfectly matches this situation - right in the very first sentence already.
I listened to the audiobook of that (read by Geoffrey Howard), and while the reading itself is fine, you'll want to avoid the editors' preface because it gives out some plot points and the ending. (PSA: if you make audiobooks, don't put editors' or critics' opinions anywhere before the end, even in ‘footnotes’. Only clarifying notes for unfamiliar terms.)
AdSense is the product where Google pays you for running banner ads; they can and frequently do kick people off of it for secret reasons. When my company was kicked off of AdSense back in 2010, I wrote about it extensively. https://www.choiceofgames.com/2010/08/were-banned-from-googl...
Google will never tell you why they ban people from AdSense, and there's no effective way to appeal. (They have an "appeal" process, but what are you supposed to write in the appeal when the charges against you are secret?!)
At least we can still publish Android apps, right? (We now run Facebook ads instead.)
But Google's email to DroidScript saying that the DroidScript app was removed from Google Play Store for "Ad Fraud" says otherwise.
Surely Google could have just revoked DroidScript's access to Google ads, while allowing DroidScript to ship on the store, like they did for us.If Google ever yanked our Android app over "ad fraud," we'd have no recourse. We've appealed our AdSense rejection a dozen times over the last 10 years and we always get a form letter rejection. We have no idea what they think we did wrong, and we never will, so we can never fix it.
Thank god we don't run AdSense ads anymore. Based on this, I never want to run them again!
https://www.huffpost.com/entry/why-google-bothered-to-ap_b_2...
So i say always maintain separate google accounts for individual apps, for individual usages. Separate your personal google account from your business account, from your ad-network account etc. And i would argue that each individual app should own their own account (you pay for this of course, because of the fee per account i guess).
Now the different accounts would still be linked to the same entity, and as stories like this make the news, more people would split their services on multiple account. As a response, it doesn't look like a stretch to me if next time Google would go after all account owned by the entity the deem responsible.
I mean, they already crossed the line of banning all services associated with an account. Wouldn't be surprising if they cross a few more lines as long as there is no critical impact for them.
And blood-black nothingness began to spin... A system of cells interlinked within cells interlinked within cells interlinked within one stem... And dreadfully distinct against the dark, a tall white fountain played.
"DroidScript is an easy to use, portable coding tool which simplifies mobile App development. It dramatically improves productivity by speeding up development by as much as 10x compared with using the standard development tools. It’s also an ideal tool for learning JavaScript, you can literally code anywhere with DroidScript, it’s not cloud based and doesn’t require an internet connection. Unlike other development tools which take hours to install and eat up gigabytes of disk space, you can install DroidScript start using it within 30 seconds!"
So... having read through their marketing material, this is an on-device tool that opens up what appears to be most of the Android application API to at least the user of the device, and potentially to any Droidscript applications they grab from other sources, and... maybe to other apps on the device? It's not clear from a quick read how extensive the runtime control is.
So just right out of the gate this is defeating basically the entirety of the Play Store vetting process. Droidscript itself may not be engaged in advertising fraud, but it makes advertising fraud trivial to deploy. (And it needs to be said: this is the kind of app that would never have been legal at all on any version of iOS.)
Add to that that it's a closed source IDE for an open platform, and my intuition sides with Google here. My guess is that when details come out it will turn out that at-least-plausibly harmful Droidscript garbage was being pushed to users and Google decided to kill it.
Pythonista is a complete Python programming environment which provides access to camera, music, contacts, the network, and so on, and has been available for iOS since 2016. What specifically distinguishes Droidscript from Pythonista such that you think Apple would reject Droidscript?
https://apps.apple.com/us/app/pythonista-3/id1085978097
If I can't ship my closed source IDE on the platform is the platform really open?
> My guess is that when details come out it will turn out that at-least-plausibly harmful Droidscript garbage was being pushed to users and Google decided to kill it.
Of course they will say it was because x, y, and z were done to protect the users. But is it really for the users' benefit or just about control over their walled garden?
Yes, I'm sure Google will carefully release details that paint them as the good guy. Certainly, we don't want to be needlessly unfair to them, but there is zero reason to give them free trust them at this point.
No more than being able to build an app on my laptop and push it over ADB.
> (And it needs to be said: this is the kind of app that would never have been legal at all on any version of iOS.)
It also needs to be said that this is why I don't use Apple devices. What they inflict on their platform is not an argument for what should happen elsewhere.
I think that this is what has happened. The author of DroidScript claims that
> Unfortunately we also have to inform our users that we could no longer support AdMob for use in their own apps either, because we can't test it anymore and can't guarantee that Google won't treat them in the same brutal way.
So apparently users were able to do stuff with AdMob on DroidScript's back, and maybe AdMob registered these fraudulent actions with some Google-ID which was assigned to DroidScript.
Compared to what? If someone wants to run a random APK that has some kind of ad fraud in it, they very easily can even if Droidscript doesn't exist.
If droidscript enables ad fraud, isn't it an issue with how the android sandboxing model is fundamentally broken? Given that there are far more people using phones than computers, and a lot of new smartphone users will have never used a desktop or laptop computer, droidscript might be their first venture into programming and/or hacking. Let's not shut it down.
> (And it needs to be said: this is the kind of app that would never have been legal at all on any version of iOS.)
Exactly, iOS is not an open platform and Google has decided they want to be more like iOS.
My gut feeling says these devs aren't telling the whole story.
You can code up Garbage in Java just fine and get it on the app store. I've seen apps send passwords in plain text....
When did we collectively decide that programmable computers were a Bad Thing?
You mean the one that doesn't exist?
I wouldn't really be surprised if EVERY scripting/programming app in the play store technically violates some play store rules, though.
Define "fixed", it was removed from Play Store but anyone can still install from APK or F-Droid, right?
If that's the argument I can sort of see Google's point here. The Play Store is supposed to be curated and the application should follow certain guidelines. This tool as I understand it effectively provides a loophole that lets people run non-curated code without jailbreak. I know that Apple removed apps for similar reasons in the past.
TFA is a bit misleading, the whole "AD FRAUD" angle is frankly irrelevant, it's just that since Google considers that the app violates the guidelines it can't be eligible for the ad program.
Installing non-curated apps has always been supported on Android - no jailbreaking required. Just get an APK either straight from the developer or through any number of alternative app stores, open it, click the "yes, I'm sure" option in the security popup and you've got yourself an app.
Also, according to DroidScript itself, Google accused them of ad fraud, so maybe there is something there.
Independent developer/small organization gets their app/YouTube channel/Google account shut down overnight because of false positives triggered by their system.
It takes weeks and insistence with bots to just get to speak to a human.
When you get to speak to a human, they usually respond with template responses and refuse to provide further information.
Rinse and repeat the same kafkanian process again and again.
In all honesty, what the hell is everyone waiting to get off Google? Gmail accounts, app stores, YouTube, ad networks... Alternatives exist nowadays for all of the products developed by a shapeless and faceless corporation that listens to nobody.
I wish a long and successful journey for the Droidscript guys on F-Droid or any alternative store. Time for Google to understand that without the content uploaded by us (users, creators and developers) they are nothing but a useless empty box.
It's a synthetic but effective barrier to prevent the majority of people from setting it up.
The mobile environment is as bad as chit, and company stores. This won't change by the will of the people alone.
It's hardly fair to suggest other wise.
Do not support Apple. Do not support Google. Support freedom.
Does it look like any of the references to the malware domain could come from the app itself? Then it's the app's fault. Otherwise, it's the user's fault.
You can also use Python to write ad bots and malware, but that's not a sufficient reason to ban the whole Python language (or any other programming language).
There's a good chance this app was being used as a vector for hacking, spamming or ad fraud. Not by the developers of this app, but by others who found this app being a useful way around the security of the Google Play store approval process.
Do they exist? True. Are they "good enough" for the average person? False.
To add insult to the injury, they have nowhere near enough reach to build a network effect outside the narrow community of tech geeks or communities that are somehow underserved by the status quo (including communities built around repulsive things, which gives bad reputation to open and uncensored solutions).
But using this sentence is simply not OK:
> Because this information could be used to circumvent our proprietary detection system, we’re unable to provide our publishers with information about specific account activity.
The developer/publisher must be given a chance to correct the issues. This is simply not fair.
I'm pretty sure Google can do better than to rely on security by obscurity.
---
> Unfortunately we also have to inform our users that we could no longer support AdMob for use in their own apps either, because we can't test it anymore and can't guarantee that Google won't treat them in the same brutal way.
Couldn't it be possible that one of those users was using AdMob in a fraudulent way, and that this was then linked to Droidscript? I don't know how Droidscript works, how it creates those apps, but it could be possible that Droidscript then was responsible for the fraudulent use a user did.
The biggest issue here I don't think is the malware tag, but the ad fraud accusation.
Even thought as somebody pointed out the page linked can be biased, based only on what they state and the emails from Google, this is another case of David Against (automated) Goliath.
From my point of view this is just another drop in the pound of what is already being built as a case against Google (and also Apple) for monopoly.
P.S.: I've used Droidscript in the past, and I do think it's too powerful an app that can be abused. But that happens to a lot of things in life, right?
they provide no information or clues leaving the author to guess.
the author guesses that somehow someone extracted their identifiers from the apk.
google comes back and says more clearly that it's something to do with how the ads are positioned, essentially accusing them of trying to trick people to accidentally click.
this information should have been provided before the appeal, and google gains literally nothing from hiding this information from the author.
the malware claims have more validity, but the way they handled the ad-fraud claim is inexcusable.
If Droidscript is flexible enough to allow end-users to create an ad fraud engine, it's too flexible for the store. Play Store is relatively consistent in its position that a tool that bootstraps policy violations is itself a policy violation.
But it would be great if Google could offer a concrete reproduction case, and from a developer-service standpoint it completely sucks that they don't.
I'd love to make some money while fucking with ad networks... :)