At the same time, Google is in a tough spot here. The files and documents in your Google Drive (or Gmail) are incredibly sensitive. One possible solution is using the https://www.googleapis.com/auth/drive.file OAuth scope, which only lets you access files a user has explicitly shared with the app. I'm curious if iA Writer has limitations that makes this a bad user experience, but from a user security point of view, I can see why I want the apps that get to see my whole Google Drive audited too.
[1] https://developers.google.com/drive/api/guides/api-specific-...
Tragically, some individuals have even committed suicide due to this blackmail(1). So dozens of people have actually killed themselves because they mistakenly gave a permission on their phone.. just let that sink in.
Google is in a difficult position. On one hand, they need to protect user data with strict security measures. On the other hand, these measures can be seen as overly restrictive. It’s a delicate balance, and unfortunately, there’s no easy solution.
(1) https://www.thequint.com/news/india/bbc-chinese-loan-app-doc...
But the audit would cost them two months of revenue, every year.
So:
> So, as of today, we’re not just accepting our frozen-in-carbonite fate. We’re embracing it. We’re going to take the app offline.
By making a native app, you're donating free developer time to the platform owner. If they're not making it worth it for you, screw them.
I do wonder if they could have just chosen to stop offering Google Drive support on Android and instead pivot to storing content on their own servers with a simple data export option, or using something like Dropbox instead.
It really seems like this latest cloud compliance battle was just the straw that broke the camel's back, and the real problem is that the Android app wasn't earning that much money as it was, so this was a convenient time and reason to kill it.
I’ve used iA Writer on many platforms for years and I love it. It’s a simple Markdown editor that stores stuff in your cloud of choice. There are a million of these apps, but iA Writer has been high quality and regularly updated for a long time.
When my verification time came up, I basically didn't have to do anything. I checked a checkbox saying I was an individual, not a business/organization. I didn't have to verify my identity (maybe I did that when I first created the google play account).
Even though my situation was not the same as the OP's, I do have a lot of sympathy for them. Its a pain to distribute apps through the play store (or the app store). I would opt out of there were a real alternative.
Yes you are essentially asking users to give a whole lot of information because giving access to Google drive technically also gives access to a lot of the Gmail attachments because people tend to save them in Google drive.
You can't fault Google with being trying to be too careful. If you think this was painful try accessing the shopify marketplace.
As of now I try to avoid any app that is married to either Google (drive or whatever is the latest there) or Apple (iCloud) sync. Because my experience with these has been really inferior. Anyway that means I have to either use a Google a/c which I do not use anymore for personal needs or iCloud which is clearly inferior.
Imho it's better to offer an e2ee custom server wherever you can (preferably on top of some open standard/spec). I am past "but I would rather trust robustness of Google and Apple's backend" after these 3-4 years.
And I can completely relate to the pain of supporting all those Android models and their sub-models and their sub-sub-models. It used to be a real nightmare when I had to deal with that.
----------
Having said - I have felt the might of these big companies in a very small way recently. My Play Store account (which I kept for learning/testing purposes - sharing apps among friends etc) was terminated even though I fulfilled the criteria 2 days before the last date. No refund was provided either because I could not find out how to add a bank account and they didn't share even though I had asked them 3 weeks in advance for that info. I would ask "how to add a bank account" and they would reply with the same text "… please add a bank account for refund…" and I would again immediately reply asking "..but how the hell I can add a bank account - there is no info on this in your docs and whatever I could find doesn't even apply because I can't see those settings in the first place"… and they would respond with the exact same text again and again and again. I checked - I was indeed communicating with humans.
After the last day I received the final response: "…was deleted..requirement... T&C.. and there will be no further response". That was it.
They destroy the ethos of a company through deliberate intransigence.
Cue drum roll...
you don't need app stores
Ideally there wouldn't even be Google Drive integration! Ideally we'd just have a mount on our devices that syncs. This is how I use Logseq, for example. It's a little weird and frustrating that mobile phones seem to lack virtual filesystem support (like FUSE), so the sync app in use is just rsyncing to local storage, basically, which is kind of fine, but it means there's no chance to have say my home movies collection available directly from my phone.
This story isn't really one about Android or mobile, but the general beatdown on mobile really squaders what should be the most impressive expansive electronic device to have filled the world.
This is just plain extortion. I am curious how much masqueraded kickbacks Google gets from those auditors.
The "fully open" Drive API read/write scopes should be highly restricted by default (because they essentially give you access to a user's entire drive), and these are the ones that Google added much more stringent security requirements a couple years ago, e.g. requiring a security audit.
However, there is also a much less sensitive Drive API scope, 'drive.file', which is non-sensitive. It lets an app read and write only files the app owns (or read files a user picks through the file picker control).
Thus, I don't understand why the ia.net app would require more than the drive.file scope. I have no doubt that Google's messaging wasn't clear on the transition process when they first created drive.file scope (and I personally wasted a ton of time with bugs in Google's own file picker when using that scope), but it is a much better solution.