The recently lost file upload feature in the Nextcloud app for Android

This is exactly why the EU's Digital Markets Act exists. And why it needs teeth. Google disabling Nextcloud's all-files access on Android, while quietly letting its own apps and big corporate players keep it, isn't about "security". It's about control. Nextcloud is a European, privacy-first alternative built on open standards and that can be fully aligned with GDPR requirements. Blocking its core functionality while favouring your own services is a textbook abuse of platform power. Android was supposed to be open, but moves like this show it (at least the Play Services verison) is just another walled garden. If the EU is serious about digital sovereignty and fair competition, this is the kind of behaviour that must be stopped. Otherwise, no European tech, no matter how compliant, open, or user-friendly, stands a chance.

Waiting for the nitpicker crowd "you can install AOSP and/or sideload APKs easily, so there is no incumbent abuse here!", just like we had them for IE (you can install another browser) and iPhone (you can buy another brand).

Edit: oh we already have them in the other submission

Yeah it's the "less space than a Nomad" people

I know, I used to be one of those

Mobile is a second class operating system platform. A browser or OS you use on a desktop can easily be configured to block/filter things. Mobile users are exposed to popups/malware/DNS hijacking daily. If they didn't, mobile would not be the gravy train of clicks for advertisers.

Just use e/os ! ;)

What apps in Google's ecosystem have the "all files" permission? Google Drive certainly doesn't. The "upload" button on GDrive prompts you to select a file just like NextCloud does.

The "sync just one folder" functionality exists in SAF without any high-risk permissions. Migration of existing profiles may be a pain (as the user would need to grant permission on the folder when switching to the new API).

Synchronisation of the entire virtual storage, the download folder, or any extra folders vendors like Samsung might've added to the blacklist, isn't possible with the new API, but it's also not possible with Google's own services. The DMA only requires Google not to be put in a special position; as long as they don't offer such a feature, they don't need to offer it to NextCloud.

Maybe something else instead. e/os famously leaves the bootloader gaping open after the installation (looks like relocking is only supported on Fairphones), is very late to release anything (their most recent ROM is still based on AOSP 14!), inc.securty updates.

Doesn't sound like a serious project.

what else?

i'd rather have secure, stable and slow. i don't know about locking the bootloader (do you have a reference to that? i'd like to read up on it). but i don't care that their rom is always the most recent one.

what matters is that e/OS is the only rom i am aware of that combines usability with security. graphene OS doesn't count because it is only available on pixel phones and therefore very limited in applicability. others i don't know.

Punishing Google for preventing apps from reading all your private data at a whim is quite a take to involve EU for.

Without this enforcement, malware games and apps like Facebook were just uploading your photos and scanning their EXIF locations under the guise of "needing all access".

And as we found out in existing topic, the better privacy preserving APIs exist, Nextcloud just doesn't want to use them.

Maybe there's a middle ground between "apps can't do this" and "uploading all your data to the developers without a permissions dialog or a popup"? Could we maybe design a system where this permission requires opt in consent like every other feature on Android? Third party apps access to the feature is the issue here.

The old API works this way. Random games requested the "access all files" permission. This was bad and the rest is history.

The better middle ground is the new (9 years old) SAF API. The SAF API simply presents a directory picker to the user. The user can give the app access to any directories he likes.

But, I want that. With all the responsibilities that come with that.

Why can't I grant an app that permission? If Google discovers that an app with that permission is abusing what they are doing with that permission, then revoke their developer account! Delete the app from existing phones and inform the users that the developers could not be trusted! App store death penalty!

It's difficult to understand why there is any other reason other than maintaining their privleged position on the device to deny users this ability. Put a persistent notification in the status tray: "These apps have full access:", etc.

At the moment, you can do that, but not with an app hosted on the Play Store. I use a git client to sync my notes between my computers and my phone. But I had to get the app from FDroid, because it required the read all files permission to track changes.

Because you'd scream your head off like other HNers when a news article "100 million users private photos uploaded to Facebook and Genshin Impact!!!!" appears and would demand Google policing.

You can keep all your functionality, Nextcloud just needs to migrate to an API that gives YOU AS A USER control over what it can read instead of demanding blanket permission for everything.

SAF doesn't work with native code

> What apps in Google's ecosystem have the "all files" permission?

The system itself[0] has capabililities that aren't provided to app developers. iOS is similar. Contrast this with Windows and GNU/Linux where AFAIK you can do pretty much everything the OS can given the proper permissions. Not sure about macOS.

[0]: https://support.google.com/googleone/answer/9149304?hl=en&co...

I promise you I would not. I do not want my technology baby-sat by a third party, I want my technology to do exactly what I want.

I also promise I wouldn't run a game or anything that demanded full access to everything that made no sense to have that permission, because what the heck? Outlook wanted "Device administrator" permission on my personal phone when I wanted to connect my office email to it. I politely declined, and stopped using it. (I mean, I understand WHY Outlook needs that, for secure wipe of data, but that's a pretty wide permission for that one reason)

I cringe as I watch one of my kids authorize elevated permissions when they launch Genshin. (For the anti-cheat) And I promise them I will never run it on my machines :-/

But rather than get lost in the details, what I REALLY want, is a piece of software that will backup and restore the entire contents of the phone to a server of my choice, preferably self-hosted. Right now, this "full system access" option gets the job done, but it's a thermonuclear footgun for the unsuspecting.

How could we convince google to create a new a "Full backup of the device" permission? Because then Google could simply deny the permission labeled "full backup" to the latest hot new gacha game, while allowing legit backup apps the power they need?

Native code talk to Android APIs as well.

Not directly