undefined | Better HN

0 pointslenkite1y ago0 comments

How is this interface "insecure and harmful to users" ?

0 comments

5 comments · 1 top-level

Zak1y ago· 4 in thread

Shady apps use file access to do tracking of various sorts and simply ingest private data that has nothing to do with their nominal purpose. Sophisticated users probably wouldn't install those apps, and certainly wouldn't agree to their request for filesystem access, but that's not who Google is trying to protect here.

It's obviously not a security problem or a harm when used by an open source file synchronization app, and Google is being unsophisticated with its policy here.

lenkiteOP1y ago

Maybe they should not remove APIs for open source apps then. If you can vet the source code and the app has been built from the source code you vetted, then there is no point in removing capabilities for reasons other than market monopolization and extinguishing features for non-Google developers. After all, these security rules don't apply to Google themselves.

(btw, not singling out Google - IMHO Apple is bad here too. This duopoly in the smartphone space is a major PITA)

g-b-r1y ago

It really could.

apitman1y ago

Do you have links to stories about any of these shady apps that have now been stopped by this policy?

Zak1y ago

Most of the time, when apps are caught doing something really shady, they're removed from the Play Store for doing the shady thing. A story wouldn't report that they stopped working because of a policy change, but some of these wouldn't make it into the store now:

https://www.bleepingcomputer.com/news/security/apps-with-15m...

https://www.zdnet.com/article/phantomlance-spying-campaign-b...

https://www.welivesecurity.com/2023/05/23/android-app-breaki...

There are also examples of apps using the filesystem to try to detect rooted devices, an invasion of user privacy:

https://www.reddit.com/r/Android/comments/g6cdl6/apps_have_a...

1 more reply

j / k navigate · click thread line to collapse