I only read the first part of the article, but having dealt with Drive API scopes and their issues previously, I feel there is just a major misunderstanding here.

The "fully open" Drive API read/write scopes should be highly restricted by default (because they essentially give you access to a user's entire drive), and these are the ones that Google added much more stringent security requirements a couple years ago, e.g. requiring a security audit.

However, there is also a much less sensitive Drive API scope, 'drive.file', which is non-sensitive. It lets an app read and write only files the app owns (or read files a user picks through the file picker control).

Thus, I don't understand why the ia.net app would require more than the drive.file scope. I have no doubt that Google's messaging wasn't clear on the transition process when they first created drive.file scope (and I personally wasted a ton of time with bugs in Google's own file picker when using that scope), but it is a much better solution.

We've had to go through this process for the app I have, and it definitely was cumbersome and makes the process a huge pain. Fortunately, after a while Google often lets you switch to a Tier 1 assessment, which involves using various tools to analyze your code and make improvements without shelling out a ton of money.

At the same time, Google is in a tough spot here. The files and documents in your Google Drive (or Gmail) are incredibly sensitive. One possible solution is using the https://www.googleapis.com/auth/drive.file OAuth scope, which only lets you access files a user has explicitly shared with the app. I'm curious if iA Writer has limitations that makes this a bad user experience, but from a user security point of view, I can see why I want the apps that get to see my whole Google Drive audited too.

[1] https://developers.google.com/drive/api/guides/api-specific-...

Recently, there have been scam Android apps in India that request access to users’ contact lists. These apps then blackmail users by threatening to send deepfake videos to their contacts, falsely accusing them of heinous acts like rape.

Tragically, some individuals have even committed suicide due to this blackmail(1). So dozens of people have actually killed themselves because they mistakenly gave a permission on their phone.. just let that sink in.

Google is in a difficult position. On one hand, they need to protect user data with strict security measures. On the other hand, these measures can be seen as overly restrictive. It’s a delicate balance, and unfortunately, there’s no easy solution.

(1) https://www.thequint.com/news/india/bbc-chinese-loan-app-doc...

In short, Google bureacratized them almost to death over Google Drive access, and then offered up a solution where they pay KPMG for an annual audit.

But the audit would cost them two months of revenue, every year.

So:

> So, as of today, we’re not just accepting our frozen-in-carbonite fate. We’re embracing it. We’re going to take the app offline.

By making a native app, you're donating free developer time to the platform owner. If they're not making it worth it for you, screw them.

I respect the "fine we'll take our ball and go home then" approach to put some actual pressure on Google.

I do wonder if they could have just chosen to stop offering Google Drive support on Android and instead pivot to storing content on their own servers with a simple data export option, or using something like Dropbox instead.

It really seems like this latest cloud compliance battle was just the straw that broke the camel's back, and the real problem is that the Android app wasn't earning that much money as it was, so this was a convenient time and reason to kill it.

Some comments are asking, “Why not just ditch Google Drive support?” Well, how would a cloud-enabled writing app do on Android without Google Drive support? About as well as the same app on iOS without iCloud support — roadkill, I expect.

I’ve used iA Writer on many platforms for years and I love it. It’s a simple Markdown editor that stores stuff in your cloud of choice. There are a million of these apps, but iA Writer has been high quality and regularly updated for a long time.

It seems like the entire fight is over Google Drive, which is not a hard requirement for pretty much any Android app. While Google's behavior here strikes me as ridiculous, dropping Drive support seems much more rational than dropping Android support entirely.

The bureaucracy involved in getting anything into any of the app stores basically make them untenable for side-project/one-man-band developers. At first it felt like a democratization of distribution, but now it's completely turned around, and is worse than before app stores, as the app store is effectively a monopoly on that particular platform (yes, I know you can get around that on Android, but most people won't/don't). And desktop OS are trying to move that way as well. I guess web-apps are probably the only real solution.

I have an opensource android app on the app store. I was a little annoyed/worried that the 'Verify your Play Console Developer account' was going to be super painful since I'm not running a business or trying to make money off my app. The messaging was, shall we say, confusing. They wanted you to choose a verification deadline for some reason. The email talked about a D-U-N-S number, and an official document verifying your identity.

When my verification time came up, I basically didn't have to do anything. I checked a checkbox saying I was an individual, not a business/organization. I didn't have to verify my identity (maybe I did that when I first created the google play account).

Even though my situation was not the same as the OP's, I do have a lot of sympathy for them. Its a pain to distribute apps through the play store (or the app store). I would opt out of there were a real alternative.

Why do the apps even need direct access to Google drive? Android should give a generic API to access a folder with files and whether this folder lives in local storage or Google drive or even another provider should be the user's decision.

Casa approval is a necessary step, we have gone through that for one of our apps approval that requires Google drive write access.

Yes you are essentially asking users to give a whole lot of information because giving access to Google drive technically also gives access to a lot of the Gmail attachments because people tend to save them in Google drive.

You can't fault Google with being trying to be too careful. If you think this was painful try accessing the shopify marketplace.

This is all downstream of stuff like the Cambridge Analytica scandal - the public views misuse of these APIs as the fault of the institution so they’re now incredibly cautious about access.

I really would have expected an app like iA to not depend on either Google or Apple's sync - because both suck in their own rights. iCloud is just technically inferior by the way - I mean most of the time it's a coin toss on whether and how it works even for their own usage like iCloud Tabs, iCloud Messages and Photos and what not.

As of now I try to avoid any app that is married to either Google (drive or whatever is the latest there) or Apple (iCloud) sync. Because my experience with these has been really inferior. Anyway that means I have to either use a Google a/c which I do not use anymore for personal needs or iCloud which is clearly inferior.

Imho it's better to offer an e2ee custom server wherever you can (preferably on top of some open standard/spec). I am past "but I would rather trust robustness of Google and Apple's backend" after these 3-4 years.

And I can completely relate to the pain of supporting all those Android models and their sub-models and their sub-sub-models. It used to be a real nightmare when I had to deal with that.

----------

Having said - I have felt the might of these big companies in a very small way recently. My Play Store account (which I kept for learning/testing purposes - sharing apps among friends etc) was terminated even though I fulfilled the criteria 2 days before the last date. No refund was provided either because I could not find out how to add a bank account and they didn't share even though I had asked them 3 weeks in advance for that info. I would ask "how to add a bank account" and they would reply with the same text "… please add a bank account for refund…" and I would again immediately reply asking "..but how the hell I can add a bank account - there is no info on this in your docs and whatever I could find doesn't even apply because I can't see those settings in the first place"… and they would respond with the exact same text again and again and again. I checked - I was indeed communicating with humans.

After the last day I received the final response: "…was deleted..requirement... T&C.. and there will be no further response". That was it.

They’re removing API access to Google Photos as well now the only “integration” is for other apps to open the Google Photos app https://news.ycombinator.com/item?id=41604241

Supporting the play store is increasingly not worth the trouble. It's already questionable from a revenue standpoint and they're making it an ever more hostile place for all but the biggest corporate developers.

Funny Google requires a phone and email for Play Store users to contact, yet most of the major apps contact email addresses are "we dont read this; No Reply. But here is our crappy forum"

I'm (or was) a hobbyist programmer on Android. I have a handful of free apps but Google has made it so onerous to actually get things in the store these days. I've given up; it may be worth the time of a big software studio to handle all the busywork they make you do these days, but it certainly isn't for a hobbyist. Yes, I know Apple is supposed to be even worse, but Android was supposed to be the reasonable platform in regard to this nonsense.

There are few things more depressing than having to deal with companies like Accenture, EY, KPMG etc. It's a world of FUD, upsell, more consultants, nothing getting done, lots of slides, new "junior senior Global Consultant for Microservices" type stuff. They are literally a cancer on innovation and just getting things done.

They destroy the ethos of a company through deliberate intransigence.

Wow. This is unbelievable. I'm wondering about creating only a PWA or building Android + iOS apps and this article made me decide with going PWA-only, I'm not going to deal with this. The competition in the official app stores is so big that it is not really worth it anyway

We have a similar experience developing for android. They ask us to change things constantly, fill out endless paperwork, most of which is irrelevant to us (we have to verify a payments account for our free, ad free, no in app sales app). Every so often it's a random change to requirements around this permission or that, or more information needed for a security or data policy.

> And before anyone says this is the price of an “open” OS—well, we don’t have this problem on Windows.5

Cue drum roll...

AI alwayd ahd a pretty major apple lean, and from the post's misunderstanding of google drive permissions (global vs file scopes), it's clear that is still true. About not to matter though since they are killing the android app.

Progressive Web App.

you don't need app stores

Just move everything to your own storage instead of Google Drive. And maybe have your desktop or web app interface with Google drive.

This mirrors my experience with Android, ported a game, jumped through all the regulatory hoops, got in on the app store, then endless bureaucratic nonsense to keep it there.

Sounds like Google has turned into Nokia. History repeats itself.

It's a pity systems like remotestorage.io or Tim Berners-Lee's Solid hasn't gotten serious traction.

Ideally there wouldn't even be Google Drive integration! Ideally we'd just have a mount on our devices that syncs. This is how I use Logseq, for example. It's a little weird and frustrating that mobile phones seem to lack virtual filesystem support (like FUSE), so the sync app in use is just rsyncing to local storage, basically, which is kind of fine, but it means there's no chance to have say my home movies collection available directly from my phone.

This story isn't really one about Android or mobile, but the general beatdown on mobile really squaders what should be the most impressive expansive electronic device to have filled the world.

>"In order to get our users full access to their Google Drive on their devices, we now needed to pass a yearly CASA (Cloud Application Security Assessment) audit. This requires hiring a third-party vendor like KPMG."

This is just plain extortion. I am curious how much masqueraded kickbacks Google gets from those auditors.

I don't know why anybody develops anything for these scumbag companies (Apple and Google). There's plenty of money to be made making software for the web. I have never written a single line of Android or iOS code and have had a very successful career so far. Supporting these companies is a choice.