So it's the functionality/"security" dichotomy again, but in a slightly different place from iOS. Google won't let an app access all your files, but what if you the user specifically want this app to access all your files because it is, say, a file manager or sync tool?
The escape hatch is to use the FDroid version rather than the Play Store version.
This permission has been a security issue since its introduction. Random apps have been caught iterating over used media to extract geolocation history based on EXIF information and other such metadata (for no good reason, data collection for data traders), so Google did the right thing and made file access permission-first.
Almost no apps need this permission, so being skeptical makes a lot of sense. File managers and other such apps are routinely permitted to use this permission, so it's not like Google is locking out utility apps or anything.
The current state of Google Play is the result of years of Google being too permissive by default and trying to patch things later while desperately trying to remain backwards compatible. Give advertisers a finger and they take the whole hand. Your average Android phone's internal storage used to be full of dotfiles, hidden directories, not-so-hidden directories, all full of identifiers and cross-identifiers to break the cross-app tracking boundary enforced by the normal API.
As far as I know, Google has made an API available for picking a directory to sync with. I'm not sure why NextCloud needs to see every file on my SD card when it can ask for folders to sync into and can use a normal file picker to upload new files without going through a file manager, but there's probably a feature somewhere hidden in their app that necessitates this permission.
The policy itself makes a lot of sense and I'd argue is beneficial for Google Play's user base. NextCloud's problem seems to be that Google isn't letting a human with common sense review their upload. Because of Google being Google, outcry is the only way to get attention from an actual human being when it comes to app stores (Apple has had very similar issues, though they claim their reviews are all done by humans).
EDIT: NextCloud states "SAF cannot be used, as it is for sharing/exposing our files to other apps, so the reviewer clearly misunderstood our app workflow." as a reason for not being able to use the better APIs, but I'm not sure if that's true. SAF has a dedicated API for maintaining access to a folder (https://developer.android.com/training/data-storage/shared/d...). I think NextCloud misinterpreted Google here.
What permission does Google drive have? That is the permission that NextCloud should be able to use in order to provide comparative features. People use NextCloud because they want to host their own “cloud” at home. If Google don’t let Nextcloud use the same permissions as their own services how are they supposed to do that?
NextCloud currently has to copy all files that it wants to upload & back up to its own app directory which is pain to actual usability. I'm guessing this annoyance is also related to these fun permission limitations.
The API seems to have some peculiar restrictions, specifically that you cannot share the Downloads folder and no entire SD cards (only subfolders on the card). Maybe Nextcloud offered this functionality before and so couldn't restore it with the new API?
Also, unsurprisingly, data/ and obb/ are also forbidden, so the API is unusable for a backup tool.
SAF documentation seems a bit misleading: takePersistableUriPermission part only talks about files, but other sources seem to indicate that it also works for directories so it should be possible to request permissions to a directory and then maintain it correctly.
Google specifically allows the use of the permission[1] if the app falls in a set that truly require it to function.
File managers
Backup and restore apps
Anti-virus apps
Document management apps
On-device file search
Disk and file encryption
Device-to-device data migration
This Nextcloud app seems to be an app that mirrors your Nextcloud storage to your device, and I cannot understand why it would need all access to any other data stored on the external device -- with the enormous risk that entails -- much less that can't be selectively picked by the user. It isn't a file manager, it isn't a backup utility, it's a cloud provider with local mirroring. I get why Google told them to do things otherwise.
Another comment mentions this is "bad faith" security and that's just overly cynical. Android and iOS both suffered from basically trusting app developers, and both were burned for it. Hardening down and making apps only request precisely what they actually need seems to be a massive user positive.
Depends how you use it: I suspect people want their entire photo folders mirrored into Nextcloud from the device, which would fit under the "backup utility" category.
> what they actually need seems to be a massive user positive
So positive for the user that they filed a bug report about it?
The app is a competitor to google drive (app). It is used to upload/download, backup, syncronize (one or two way) files, media and documents between the device and the cloud. Doesn't that cover more than one of the mentioned uses? Why would FilesyncPro (example) get to have the permission but not nextcloud client? Even for media files specifically there are a lot of gotchas without full file access, like risk of location being stripped from all images synced trough the app (unless user gives media location permission) or similarly missing exif.. To upload on change it needs to be allowed to watch the filesystem
Meanwhile google drive gets to be installed as a system app
It's not just mirroring of your remote storage, you can also upload local files manually, turn on auto-upload for some directories (the main use case is uploading pictures) ant there was recently work being done to enable two-way-synchronization for directories that the user would like to sync. IMO it makes sense to let the users give it access to all the files on the phone, if they whish to do so.
Android users are most certainly not fine. Hardware remote attestation enables apps to determine whether you "tampered" with "your" device by doing things like installing apps from "untrustworthy" sources. They want to do this so they can discriminate against you for it. You do things like this and suddenly your bank stops letting you log into your account.
Right, because y'all didn't scream when Android games could upload all private photos to their servers because they got this blanket permission to download their game files.
That's my take. And even if they aren't using the security argument in bad faith this time, they have so often in the past that now they can reap the rewards of using that argument in bad faith.
> Other apps were not allowed to use this permission at all, once it was introduced in 2022. I could convince them back then, that we need this. But nowadays they are more strict on it and thus we needed to remove this permission. Thus is, why it feels now like a regression / problem in UX, while it was only an exception that they allowed it for ~2 years.
>Attempts to raise the issue with Google resulted in little more than copy-and-pasted sections of the developer guide
My exact same experience. We had two very simillar apps for a brief time, the old version that interfaces to the old hardware, for old phones, and the new version which was basically redesigned from scratch but kept the same UI. We wanted at least to have a fallback version in case users had any issue, for whatever reason.
From the top of my head, i can name at least a dozen apps that i use daily that have multiple versions of them on the store, for the same reason we did.
However, we received a complaint from google, which froze both our apps, because apparently you can't make one app that looks too simillar to another one.
First, it's our APP. We are not trying to copy anyone (the chief reason for this rule, you don't want fake malicious clones of apps)
Second, it's only the first page that looks the same (a video was provided showing the differences once you connected to a companion device. Also ALL our apps have the same first page)
Third, what about all the free/pro app pairs you can find? Not every developer chose to follow the in-app-purchase route for unlocking features.
For at least two weeks i kept receiving copypasted responses. All the same wording, all copypasting pieces of the guidelines which can be interpreted in many different ways.
After two weeks, they either escalated to a human being, or to a less useless one and we started chatting. We could convince them to at least unlock one of the Apps while deciding what to do with the other one.
Re: second point, they were immovable.
Re: third point, when i was asking why the other developer's apps are still there, and what could i do to make the same, the answer was invariably the same: "I can't comment for the other apps, but if you think they violate the guidelines you can report them", so the exact opposite of what i was asking.
Which is proof enough to me: they don't stop anything unless reported, and we had a third party attack us with a swarm of fake reports on behalf of a competitor, which already happened in the past. Human beings - or at least with a functioning brain - are not working at google's developer support.
In the meantime we had to distribute the APK, which is not great the moment you need to update.
Apple gave zero fuss, we have had both versions on the store since day one.
Why would they have to be shipped by different accounts?
Again: see the loads of very popular free/pro apps that look exactly the same on the surface, but with different icon/name/screenshots/text on the store page (all things we did) and given the wording that the bots kept writing us back, they are all breaking the rules. And when i made that point the answer was that if i wanted i could report them for a takedown, instead of having an explanation why they are allowed so we can do what they did.
They just don't care, if you receive enough reports you get taken down with virtually no appeal. Have you ever been flagged for using your own logos and copyrights without permissions? because we have, on our company store, verified by legal mail, dusn number, bank account and whatever other bullshittery they require next. Yet from time to time we get flagged
Why doesn't Nextcloud use the scoped storage access introduced in recent years? Users could give Nextcloud access to the particular folders they want synced. Is there some kind of access they need that those APIs don't support?
Google will not let you pick the root folder, making it impossible to sync everything.
Note that Google's and other American Big Tech apps do not have this issue, because Google only cares about taking permissions away from "small" players.
Nextcloud isn't really designed to sync the entire device, it's meant to sync your Nextcloud folder to a subfolder somewhere which works fine with the new storage access permissions.
Google's comparable app (Drive) also cannot pick the root folder. As of Android 11, even apps with MANAGE_EXTERNAL_STORAGE cannot access the root folder.
Often it's because setting up a David versus Goliath story is good for business.
Spotify did this all the time where they would complain about Apple not allowing them access to some private API and then when they did didn't even bother to use it.
Nextcloud is about synchronising files. Some people may only sync media files, but surely you can imagine that others want to sync other files, right? It's not that crazy, Dropbox, GDrive, iCloud, etc. all do that.
Do you really think it seems unfair that a file sync app would want to access files?
This is the one that only allows access to media files, yes? This is fact the API they are using. They expound in the article that it is insufficient for their use case.
I find it deeply ironic that HN users DEMAND that Linux/macOS/Windows all implement this exact sandboxing (where user controls which files apps can access) and then threads like these are full of angry people demanding that Google allows Android apps to just demand access to all private photos, documents and app data with one blanket permission (which was abused by every malware ridden game out there).
Android supports scoped storage which is fine for Nextcloud and requires NO extra permissions. It gives control to user because user then selects which directories they want to give Nextcloud to.
Nextcloud just needs to put in the work to support it properly instead of just demanding full unfettered disk access to all photos and app data with no user control over it.
> Google allows Android apps to just demand access to all private photos
Your own words betray that you are probably confused about what the problem actually is. From my perspective, I think people generally want the same thing on both platforms: the user be in charge of which files the OS gives access to applications.
As a developer that did many of those migrations, I can claim that it's crystally clear what the problem is.
Storage Access Framework is a framework where user decides which files an app can access and see. That's the API Nextcloud refuses to use.
Old READ_EXTERNAL_STORAGE (replaced with MANAGE_EXTERNAL_STORAGE now) permission gives full access to all shared storage data (where for example DCIM directory with all private photos and their locations lives) without exception or privacy filters like EXIF stripping.
This permission was required by many games, malware apps and everyone with 5 minutes of time that could paste that string into the app and refused to allow users to run the app without granting it. It was VERY common to demand access to all storage at startup just to do simple things like download a potential file.
That's the API Nextcloud demands to use and Google is telling them that they can't because they should be using SAF.
So you say the user is in control on Android? Like, I can overrule Google when it comes to Google Play Services permissions? I can now deny apps internet access?
In reality what happened was that apps and games demanded full access for frivolous reasons. Like Syncthing author which wanted access to all data because they didn't want to call Android APIs and wanted to only use Go.
Ah so that's probably yhe reason why the Dropbox app has these weird abstraction layers. If it weren't for integration with other apps, I would much prefer Nextcloud. But some apps simply don't offer anything else than "cloud sync"
Probably irrelevant but I gave up on next cloud because I found the syncing apps to be unusable on Mac, windows and Linux. Nothing ever worked the way it was meant to. They crashed all the time, were unresponsive, and the UX was terrible
This article is thick with tribalism, but I personally found it to be a mixed bag. For open source software and self-hosting enthusiasts, NextCloud (OwnCloud, et al) makes you feel really empowered to sort of build out your own personal cloud and/or groupware, and in many of the most salient aspects it delivers.
But like anything so ambitious in scope, it doesn’t take much before you begin to push up against its boundaries (even as generous as they are). This is the kind of software that the biggest players in the industry devote armies of highly paid developers and billions of capital to. The accomplishments of the OSS community should not be diminished. I personally will continue to use and support these tools in my own capacity. But it’s kind of inevitable that, while they offer lots of cool major features, they won’t ever be quite as polished or refined as competing solutions from industry giants, or even other OSS apps that take a narrower, more uni-tasked approach.
Having read through most of these comments, I think the truth is probably somewhere between competing ideas, and everything else is subjective and context-dependent.
Coming from Dropbox, OneDrive etc I guess I assumed it would "just work". And if I'm honest my experience was compounded by other issues. I was running my server on a pi4 and didn't initially give it a fixed IP so the clients lost it, but even after I sorted those issues and had a solid server, the tray apps just would not sync. Sometimes even stopping and restarting the app wouldn't help. All I really wanted was to have a shared sync folder like Dropbox, across OS with storage size only limited by what I could configure in my attic, but I gave up after a week of trying to fix it night after night.
I hate the nextcloud ux with a passion and I'm running multiple instances for company and non-profits. Especially their calendar app makes we want to delete that thing every time I have to use it.
If you leave the beaten path it tends to break.
It's free and it feels wrong to complain but it's not good software IMHO.
Readit News
The escape hatch is to use the FDroid version rather than the Play Store version.
Almost no apps need this permission, so being skeptical makes a lot of sense. File managers and other such apps are routinely permitted to use this permission, so it's not like Google is locking out utility apps or anything.
The current state of Google Play is the result of years of Google being too permissive by default and trying to patch things later while desperately trying to remain backwards compatible. Give advertisers a finger and they take the whole hand. Your average Android phone's internal storage used to be full of dotfiles, hidden directories, not-so-hidden directories, all full of identifiers and cross-identifiers to break the cross-app tracking boundary enforced by the normal API.
As far as I know, Google has made an API available for picking a directory to sync with. I'm not sure why NextCloud needs to see every file on my SD card when it can ask for folders to sync into and can use a normal file picker to upload new files without going through a file manager, but there's probably a feature somewhere hidden in their app that necessitates this permission.
The policy itself makes a lot of sense and I'd argue is beneficial for Google Play's user base. NextCloud's problem seems to be that Google isn't letting a human with common sense review their upload. Because of Google being Google, outcry is the only way to get attention from an actual human being when it comes to app stores (Apple has had very similar issues, though they claim their reviews are all done by humans).
EDIT: NextCloud states "SAF cannot be used, as it is for sharing/exposing our files to other apps, so the reviewer clearly misunderstood our app workflow." as a reason for not being able to use the better APIs, but I'm not sure if that's true. SAF has a dedicated API for maintaining access to a folder (https://developer.android.com/training/data-storage/shared/d...). I think NextCloud misinterpreted Google here.
The available APIs are a pain to work with and have terrible performance. And it doesn't work at all with native code.
Also what about people using Nextcloud to back up their phones? It would need access to everything.
If I want to give an app access to all my files, google shouldn't have a say in that. Their paternalism is pervasive and palpable.
Also, unsurprisingly, data/ and obb/ are also forbidden, so the API is unusable for a backup tool.
Bad guys should be thrown into jail.
Wrong. The current state is a result of Google monopolizing the android apps market. They should be split into 5 different companies.
I do not care about the reasons Google think they are protecting me. They are protecting their absurd profit.
File managers Backup and restore apps Anti-virus apps Document management apps On-device file search Disk and file encryption Device-to-device data migration
This Nextcloud app seems to be an app that mirrors your Nextcloud storage to your device, and I cannot understand why it would need all access to any other data stored on the external device -- with the enormous risk that entails -- much less that can't be selectively picked by the user. It isn't a file manager, it isn't a backup utility, it's a cloud provider with local mirroring. I get why Google told them to do things otherwise.
Another comment mentions this is "bad faith" security and that's just overly cynical. Android and iOS both suffered from basically trusting app developers, and both were burned for it. Hardening down and making apps only request precisely what they actually need seems to be a massive user positive.
[1] - https://developer.android.com/training/data-storage/manage-a... - the exclusions can be found at the bottom.
> what they actually need seems to be a massive user positive
So positive for the user that they filed a bug report about it?
Meanwhile google drive gets to be installed as a system app
So let me ask you, how does this:
> Hardening down and making apps only request precisely what they actually need
Relate to Google Play Services? It seems to relate only to third party apps, doesn't it?
Right, so you don't know the app. What about getting informed first?
I use Nextcloud to backup files to the cloud. I want it to access my files.
File sync tools need to go through scoped storage where you as a user select directories which they sync and then they can read them at will as well.
And perhaps using GrapheneOS while at it.
As long as Google doesn't remove the ability to sideload apps, Android users are fine.
Android is just a shitty version of iOS now.
Get outta here.
> Other apps were not allowed to use this permission at all, once it was introduced in 2022. I could convince them back then, that we need this. But nowadays they are more strict on it and thus we needed to remove this permission. Thus is, why it feels now like a regression / problem in UX, while it was only an exception that they allowed it for ~2 years.
https://github.com/nextcloud/android/issues/14135#issuecomme...
My exact same experience. We had two very simillar apps for a brief time, the old version that interfaces to the old hardware, for old phones, and the new version which was basically redesigned from scratch but kept the same UI. We wanted at least to have a fallback version in case users had any issue, for whatever reason.
From the top of my head, i can name at least a dozen apps that i use daily that have multiple versions of them on the store, for the same reason we did.
However, we received a complaint from google, which froze both our apps, because apparently you can't make one app that looks too simillar to another one.
First, it's our APP. We are not trying to copy anyone (the chief reason for this rule, you don't want fake malicious clones of apps) Second, it's only the first page that looks the same (a video was provided showing the differences once you connected to a companion device. Also ALL our apps have the same first page) Third, what about all the free/pro app pairs you can find? Not every developer chose to follow the in-app-purchase route for unlocking features.
For at least two weeks i kept receiving copypasted responses. All the same wording, all copypasting pieces of the guidelines which can be interpreted in many different ways. After two weeks, they either escalated to a human being, or to a less useless one and we started chatting. We could convince them to at least unlock one of the Apps while deciding what to do with the other one.
Re: second point, they were immovable. Re: third point, when i was asking why the other developer's apps are still there, and what could i do to make the same, the answer was invariably the same: "I can't comment for the other apps, but if you think they violate the guidelines you can report them", so the exact opposite of what i was asking. Which is proof enough to me: they don't stop anything unless reported, and we had a third party attack us with a swarm of fake reports on behalf of a competitor, which already happened in the past. Human beings - or at least with a functioning brain - are not working at google's developer support.
In the meantime we had to distribute the APK, which is not great the moment you need to update.
Apple gave zero fuss, we have had both versions on the store since day one.
They just don't care, if you receive enough reports you get taken down with virtually no appeal. Have you ever been flagged for using your own logos and copyrights without permissions? because we have, on our company store, verified by legal mail, dusn number, bank account and whatever other bullshittery they require next. Yet from time to time we get flagged
Note that Google's and other American Big Tech apps do not have this issue, because Google only cares about taking permissions away from "small" players.
Spotify did this all the time where they would complain about Apple not allowing them access to some private API and then when they did didn't even bother to use it.
Do you really think it seems unfair that a file sync app would want to access files?
Dead Comment
Android supports scoped storage which is fine for Nextcloud and requires NO extra permissions. It gives control to user because user then selects which directories they want to give Nextcloud to.
Nextcloud just needs to put in the work to support it properly instead of just demanding full unfettered disk access to all photos and app data with no user control over it.
> Google allows Android apps to just demand access to all private photos
Your own words betray that you are probably confused about what the problem actually is. From my perspective, I think people generally want the same thing on both platforms: the user be in charge of which files the OS gives access to applications.
Storage Access Framework is a framework where user decides which files an app can access and see. That's the API Nextcloud refuses to use.
Old READ_EXTERNAL_STORAGE (replaced with MANAGE_EXTERNAL_STORAGE now) permission gives full access to all shared storage data (where for example DCIM directory with all private photos and their locations lives) without exception or privacy filters like EXIF stripping. This permission was required by many games, malware apps and everyone with 5 minutes of time that could paste that string into the app and refused to allow users to run the app without granting it. It was VERY common to demand access to all storage at startup just to do simple things like download a potential file.
That's the API Nextcloud demands to use and Google is telling them that they can't because they should be using SAF.
chroot was added to Unix in 1979.
But like anything so ambitious in scope, it doesn’t take much before you begin to push up against its boundaries (even as generous as they are). This is the kind of software that the biggest players in the industry devote armies of highly paid developers and billions of capital to. The accomplishments of the OSS community should not be diminished. I personally will continue to use and support these tools in my own capacity. But it’s kind of inevitable that, while they offer lots of cool major features, they won’t ever be quite as polished or refined as competing solutions from industry giants, or even other OSS apps that take a narrower, more uni-tasked approach.
Having read through most of these comments, I think the truth is probably somewhere between competing ideas, and everything else is subjective and context-dependent.
If you leave the beaten path it tends to break.
It's free and it feels wrong to complain but it's not good software IMHO.