Most active commenters
  • tadfisher(5)

←back to thread

The recently lost file upload feature in the Nextcloud app for Android

(nextcloud.com)
410 points morsch | 24 comments | 14 May 25 05:38 UTC | HN request time: 1.665s | source | bottom
1. jeroenhd ◴[14 May 25 10:49 UTC] No.43982964[source]
> SAF cannot be used, as it is for sharing/exposing our files to other apps

SAF can be used. There are reasons why this wouldn't be a good fit for NextCloud (you can't share your entire internal storage, your download folder, or the root of an SD card, for instance), but I don't think NextCloud's statement makes sense.

replies(3): >>43983014 #>>43983158 #>>43985264 #
2. lozenge ◴[14 May 25 10:56 UTC] No.43983014[source]
The point of their app is to backup an entire folder. Sharing from one app to Nextcloud doesn't provide ongoing access to backup later versions of the file.
replies(1): >>43983020 #
3. jeroenhd ◴[14 May 25 10:57 UTC] No.43983020[source]
Which they can do, using SAF, without the "access to everything everywhere" permission that they want.
replies(2): >>43983662 #>>43985277 #
4. deng ◴[14 May 25 11:22 UTC] No.43983158[source]
Entirely correct, for instance see

https://developer.android.com/training/data-storage/shared/d...

This was discussed yesterday:

https://news.ycombinator.com/item?id=43970959

5. sirdvd ◴[14 May 25 12:24 UTC] No.43983662{3}[source]
> permission that they want

"they", in my case it's me. With on my own Nextcloud server, on my own LAN. It's me that want "access to everything everywhere". Difficult for me to think that is not about gate keeping from Google.

6. jasonlotito ◴[14 May 25 14:53 UTC] No.43985264[source]
Just to make sure: Google software has the same exact permission structure across the board? e.g. No Google product uses the same permissions NextCloud is seeking, and instead, they are using SAF? Especially for things that do what NextCloud is doing here.

I just want to be sure that Google is playing by the same rules they they put out for NextCloud and other app developers.

replies(3): >>43986860 #>>43987759 #>>43987858 #
7. jasonlotito ◴[14 May 25 14:55 UTC] No.43985277{3}[source]
Curious also, why can't users have access to everything everywhere for their own files?
replies(2): >>43986150 #>>43986200 #
8. nolist_policy ◴[14 May 25 16:04 UTC] No.43986150{4}[source]
Users can access almost everything everywhere with file manager apps. On the Play Store, file manager apps are one of the exceptions that are allowed to access all files.
9. criddell ◴[14 May 25 16:08 UTC] No.43986200{4}[source]
Usually the answer is that it creates more problems for more people than it solves. The work involved to add options to allow full access is substantial and could increase the attack surface.

Features that are expensive but only useful to a small portion of the userbase often don't get prioritized.

replies(1): >>43986359 #
10. hkt ◴[14 May 25 16:22 UTC] No.43986359{5}[source]
Features that are useful to competitors who would like to provide an alternative to a Google product also don't get prioritised, it seems.
11. zb3 ◴[14 May 25 17:07 UTC] No.43986860[source]
Google is smart enough to not make things that obvious, but let's not get fooled.. the point is that if API changes would negatively impact Google products financially, they'd not go through. But if they impact a competitor, it's not an issue.

Locked down API means Google can innovate (because they can change the API), but you can't.

12. IshKebab ◴[14 May 25 18:33 UTC] No.43987759[source]
They definitely aren't playing by the same rules. If Google Drive needs an API or permission it gets it no questions asked.
replies(1): >>43987897 #
13. tadfisher ◴[14 May 25 18:41 UTC] No.43987858[source]
Open the Drive app, tap the "New" button, and select "Upload". You get a file picker UI. This UI is provided by the Storage Access Framework that Nextcloud says they cannot use.
replies(2): >>43988618 #>>43990217 #
14. tadfisher ◴[14 May 25 18:44 UTC] No.43987897{3}[source]
In the Play Store, find the Drive app, select "About this app", scroll down to "App permissions", and tap "See more". It does not have the "manage external storage" permission listed, which is the one Nextcloud says they need.
replies(2): >>43989214 #>>43990796 #
15. Macha ◴[14 May 25 20:03 UTC] No.43988618{3}[source]
This is not the same functionality that Nextcloud provides though. This is one time upload of manually selected files, not ongoing passive sync of an entire directory tree.
replies(2): >>43988745 #>>43989417 #
16. tadfisher ◴[14 May 25 20:18 UTC] No.43988745{4}[source]
Ongoing sync is still possible through ACTION_OPEN_DOCUMENT_TREE [0], and using ContentResolver.takePersistableUriPermission [1] to maintain long-lived access to that directory. Enumerating files is slow but that is not a major concern when the use-case is a background sync, and you can drop down to ContentResolver APIs to reduce the number of IPC calls when enumerating.

[0]: https://developer.android.com/training/data-storage/shared/d...

[1]: https://developer.android.com/reference/android/content/Cont...

replies(1): >>43989806 #
17. IshKebab ◴[14 May 25 21:06 UTC] No.43989214{4}[source]
Right but it doesn't do the same thing Nextcloud does. If it did do you think Google would say to the drive team "sorry you can't do that"? Of course not. They'd invent a new permission or just whitelist Google apps (they've done it before).
replies(1): >>43989332 #
18. nolist_policy ◴[14 May 25 21:18 UTC] No.43989332{5}[source]
No, they would just use the SAF API.
19. izacus ◴[14 May 25 21:28 UTC] No.43989417{4}[source]
The same picker has the functionality of allowing access to a full directory.
20. apitman ◴[14 May 25 22:23 UTC] No.43989806{5}[source]
> Enumerating files is slow but that is not a major concern when the use-case is a background sync

Slow means it's probably burning a lot of CPU, and that is a problem for background tasks, especially on mobile.

replies(1): >>43990388 #
21. apitman ◴[14 May 25 23:23 UTC] No.43990217{3}[source]
That's just the Drive app. The system overall certainly has more capabilities than are made available to developers[0].

[0]: https://support.google.com/googleone/answer/9149304?hl=en&co...

replies(1): >>43990423 #
22. tadfisher ◴[14 May 25 23:48 UTC] No.43990388{6}[source]
No, the call is going through ContentProvider, which happens over Binder IPC, which entails context switching and other I/O overhead. Compared to local file operations (java.io and friends) this is massive; compared to anything else your device does, it's not a big deal at all, and it's not CPU-bound.
23. tadfisher ◴[14 May 25 23:53 UTC] No.43990423{4}[source]
Yes, but Nextcloud is adamant that they need MANAGE_EXTERNAL_STORAGE permission, not access to the device backup system API.
24. greatgib ◴[15 May 25 01:01 UTC] No.43990796{4}[source]
It's a lie in plain sight, because for most Google apps, including this one, a lot of background processing is not done by the app itself but by the Google play services app that is all powerful.