back to article As Google clamps down, 'Droid developer warns 'breaking day' is coming

Mobile app developers are being forced to rewrite their code as Google attempts to tame Android's Wild West. The developer of the power management app Greenify has been given 30 days to alter its code by the gatekeepers at Google's Play Store, and stop using Google's accessibility framework. The framework is used by …

  1. AndrueC Silver badge
    Unhappy

    The developers of K9 and other Mail apps have been struggling to work around/with the more aggressive battery optimisation for a while now. It's apparently difficult to keep their apps alive to poll (POP3) or refresh the connection (IMAP). I've had a lot of success with Disable Doze but it's not foolproof. Google's stock answer apparently was that such apps should use the official messaging service but that means sending yet more data via their servers. Funny that. Even funnier that with each successive phone, despite no change in my usage, battery life gets worse.

    I've thought for a while now that Android was trying to construct a wall around its garden. Sad if true.

    1. Dan 55 Silver badge

      IMAP IDLE won't work with Doze. The way Google want it done is some server backend which connects to the mailbox for you and notifies Play Services via GCM.

      You can disable battery optimisations for K9 so it's allowed to keep the IMAP connection open, although on Android 8.0 (depends on phone) that might not work.

      1. deive

        IMAP protocol was written with an always-on PC-style internet connection. Mobile phones do not have this, as to keep a connection open would require the radio to be kept on!

        1. Dan 55 Silver badge

          How do you think GCM works?

          IMAP IDLE also works in the same way as GCM, in both cases no data is sent down the connection until the server wants to notify the client. The radio could be idle with GCM and an IMAP IDLE connection established at the same time, until either server wants to send data.

      2. Phil O'Sophical Silver badge
        FAIL

        The way Google want it done is some server backend which connects to the mailbox for you and notifies Play Services via GCM.

        Which is strictly forbidden by my company's IT policy, so if that is the only way to make it work it would be the end of company-provided Android phones.

        1. Vince

          @Phil O'Sophical

          "Which is strictly forbidden by my company's IT policy, so if that is the only way to make it work it would be the end of company-provided Android phones"

          And I guess you won't be getting iOS devices either then, since you have to use the Apple Push Notification service as far as I know for everything like this. Indeed my basic understanding is that this is the ONLY option with Apple.

          1. Norman Nescio Silver badge

            IMAP IDLE

            The Jolla Sailfish email client appears to implement IMAP IDLE. I realise it is 'a bit' niche, but I am still using a Jolla 1 as my daily driver, and looking forward to some of the bugs in the implementation on the Sony Xperia X to be ironed out before I can move to that.

            For a phone launched in November 2013 (which can still be updated to the most recent Sailfish OS by the end-user), the Jolla 1 is faring quite well, but I won't claim it is about to take the mobile world by storm. It suits me, but I'm well aware other people have different requirements that it does not meet.

            I wonder if Sailfish could be implemented on top of the Project Treble Vendor Interface (more on Project Treble) - that could be 'interesting', and probably not something Google would want to encourage.

          2. A Non e-mouse Silver badge

            @Vince

            And I guess you won't be getting iOS devices either then, since you have to use the Apple Push Notification service as far as I know for everything like this.

            I've heard that Apple are clamping down quite hard on apps that try and do their own background polling. Apple were due to pull some APIs in iOS 11.0, but there was so much backlash that they've delayed the removal of those APIs until early middle next year (Not 12.0 but a 11.x point release so I've heard) If you're not using Apple's push notification service by then, your app will stop working.

          3. James R Grinter

            If you read what the poster said, it wasn’t that all push notifications were the issue.

            It was a statement that the only way to get a new email notification for an Android email client, since changes that have affected background apps, was to have some central system be logging in and checking the emails too. Yeah, that sounds suboptimal.

    2. JohnFen

      Yes. This sort of thing has made my Android phones essentially useless as my email portal. It really does seem like they get less and less useful every year.

      1. Muscleguy

        I use email on my phone only if I am away from the laptop and need a very recent email or to check if one has arrived. I have more than enough things notifying me on the phone to add mail arriving and not enough space for email with attachments etc.

        But then I'm not relying on it for business or anything.

    3. Anonymous Coward
      Anonymous Coward

      You should blame the media, they are the ones reporting the storms in the teacups..

      1. This post has been deleted by its author

  2. To Mars in Man Bras!
    FAIL

    So, No Other Google News Today, Then?

    Hmmm... two stories about Google so far today and no mention of the fact they've announced they're going to start "de-ranking" [nice euphemism!] stories from Russia Today and Sputnik News to "make them harder to find":

    https://www.rt.com/news/410444-google-alphabet-derank-rt

    Even the BBC managed to mention it briefly, in passing. But obviously censorship of points of view which deviate from the party line is only newsworthy for El Reg when those nasty Russians or Chinese do it.

    1. Paul Hovnanian Silver badge
      Mushroom

      Re: So, No Other Google News Today, Then?

      "de-ranking stories from Russia Today and Sputnik News"

      They are just trying to cover up news about the radiation cloud.

      1. Robin Bradshaw

        Re: So, No Other Google News Today, Then?

        Paul Hovnanian that was 9 months ago and was likely a leak from a medical isotope making lab, and was in the order of a few micro grams*, and given it has a half life of 8 days after 9 months there will be basically nothing left. It got plenty of sensationalist news at the time but the news didnt get across the incredible sensitivity of the detectors and the tiny amounts involved, It's like me farting in south wales and somebody detecting a whiff of that fart in scotland levels of sensitive.

        *https://forums.theregister.co.uk/forum/2/2017/02/23/us_aircraft_iodine_131_leak/#c_3110845

        1. bpfh

          Re: So, No Other Google News Today, Then?

          No, there is a new radiation cloud...

          1. Paul Hovnanian Silver badge

            Re: So, No Other Google News Today, Then?

            Right.

            Oops. The news aggregator site I used pulled in an old link. Here's another:

            https://www.msn.com/en-us/news/world/russia-finds-1000-times-normal-level-of-radioactive-isotope-after-nuclear-accident-claims/ar-BBFpSYE

        2. Adam 1

          Re: So, No Other Google News Today, Then?

          > It's like me farting in south wales and somebody detecting a whiff of that fart in scotland levels of sensitive.

          Ah, so it was YOU!

  3. fandom

    Congratulations!!!

    "For example, it's used by criminal sites for ad fraud, generating fake clicks without the user being aware of it. This hits Google's bottom line."

    Making a crack down on ad fraud sound nefarious must have taken real effort.

    1. Anonymous Coward
      Anonymous Coward

      Re: Congratulations!!!

      "For example, it's used by criminal sites for ad fraud, generating fake clicks without the user being aware of it. This hits Google's bottom line."

      Unsure about the Author's use of that sentence. It enhances Google's bottom line if click fraud is used, not hits it. The more clicks (fake or real) that the ad gets will make the ad network (in this case presuming Google although there are many others) more money. Blocking click fraud will reduce their income.

      1. Mark 110

        Re: Congratulations!!!

        Short term bottom-line. Legitimate advertisers need to trust the revenue model and if they know its open to fraud they won't trust it. Medium to long term the big money advertisers might consider other options. This would hit googles bottom line.

      2. Alan Brown Silver badge

        Re: Congratulations!!!

        " It enhances Google's bottom line if click fraud is used, not hits it."

        Only until the advertisers all run away due to fraud.

        It's not worth that risk

    2. John Lilburne

      Re: Congratulations!!!

      'Making a crack down on ad fraud sound nefarious must have taken real effort.'

      Except that if your device is known to be a prime target for fraud the marks will either avoid placing ads on the device, or demand a lower price per click to compensate for the 90% of fraudulent hits.

      https://computer.howstuffworks.com/click-fraud.htm

    3. nijam Silver badge

      Re: Congratulations!!!

      > Making a crack down on ad fraud sound nefarious must have taken real effort.

      The author has had years of practice.

  4. whoseyourdaddy

    Too late...

    Still just can't shake "landfill android".

    I'll be hoarding Qualcomm-inside iPhone7's that don't break if you drop them.

    Thanks, Cupertino Assholes who make phones that sometimes don't suck.

    1. DryBones
      Trollface

      Re: Too late...

      It seems to suck the user's wallet pretty well...

  5. Anonymous Coward
    Anonymous Coward

    Easy to see where Google's priorities are

    Force devs to rewrite apps because of using APIs that can be used for ad fraud. Where are the rewrites to replace insecure APIs?

    They didn't care about click fraud until advertisers started demanding lower rates or rebates when they were able to prove it!

    1. Adam 52 Silver badge

      Re: Easy to see where Google's priorities are

      "They didn't care about click fraud until advertisers started demanding lower rates or rebates when they were able to prove it!"

      This. Especially in the US market where advertisers are traditionally less trusting of publishers and routinely audit claims.

    2. Anonymous Coward
      Anonymous Coward

      Re: Easy to see where Google's priorities are

      The issue is accessibility services are difficult or impossible to properly secure and still work. The "rewrites to replace insecure APIs" is what's being forced on app devs, only a problem where Google hasn't created a secure, focussed new API to replace the insecure hacks already in use. Devs usually need pushing to make these changes.

      Anything that stops conditioning users to accept potentially dangerous permissions is a step forward.

  6. Anonymous Coward
    Anonymous Coward

    Curious Timing - Why now?

    Google has been shaking off criticism of Android / Play-store for years, what took them so long to care? Recent Media backlash about fake news? Unflattering media stories about Android Malware getting through Play store's filters, EU 'antitrust cases', possible future GDPR liabilities....???

    1. RyokuMas
      Facepalm

      Re: Curious Timing - Why now?

      "Why now?" - because Google have become arrogant, put their bottom line above consideration for their users, and are now realising that people are beginning to see through the altruistic spin ("we're filtering this content for your benefit!") to what they really are. It has happened before, and will happen again.

      And, as with others before them, they are now trying to figure out what to do about it - and following pretty much the same path: get the cheerleaders out, attack the competition, try and take greater control or clamp down where they think they can and hope to weather the storm.

      The sad thing is, I can see that in about twenty or so years time, we will be doing this exact same dance again, except with Google in the position of someone like Microsoft, and "the next big thing" in their place...

  7. Michael Habel

    There are always innocent casualties in War.

    That said, they should not just toss this idea away because a few Dev will get their Fefees hurt. Because they decided to take a shortcut instead of writing precisely targeted Code. That doesn't have to rely on such shortcuts, which may (or may not), also open the Door to other bad actors.

    So this time at least I will side on the Chocolate Factory on this Issue.

    1. Dr. Mouse

      Re: There are always innocent casualties in War.

      While "the clue was in the name", Google made a really useful API in the Accessibility services. Many apps have used it. For example, AFAIK Tasker uses it to allow you to do useful things with notifications from other apps, which I use all the time.

      The "change or we'll ban you, and to hell with the users" approach is very Apple-esque, and points towards a much less open Android world in future.

    2. bombastic bob Silver badge
      Thumb Down

      Re: There are always innocent casualties in War.

      "they should not just toss this idea away because a few Dev will get their Fefees hurt"

      well, just DAMN the collateral damage, then, right? It's "just gonna happen" so we can "hand wave" it and not give a crap, right?

      Let's NOT go there, ok?

      Apple's development model SUCKS for "the little guy", and there are WAY too many "we must approve it" checkpoints, from what I've seen.

      Let's NOT go there for 'droid, ok?

  8. Rob Crawford

    Rinse and repeat

    Ans yet if nothing was done about the click fraud and security API use the same people would also complain

    1. James R Grinter

      Re: Rinse and repeat

      Yes! I think the lesson we should all take from this is that APIs for mass market products need very careful consideration and design, including some thought on “how would someone exploit this for personal gain?”

  9. sloshnmosh

    Alcatel recently "updated" it's factory default File Manager without asking permission or "opt-in or Opt-out" option or prominent "Privacy policy" anywhere in site. It added a "cleaner" option and an "antivirus" scanner using McAfee technology.

    It then started serving up streaming ads sometimes at full volume while users were at work meetings.

    Streaming advertisements has been a security nightmare already, but when the app is a SYSTEM app the higher the level of possible exploitation.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like