The recently lost file upload feature in the Nextcloud app for Android

We feel your pain at Nextcloud. Our team at Everfind (unified search across Drive, OneDrive, Dropbox, etc.) has spent the past year fighting for the *drive.readonly* scope simply so we can download files, run OCR, and index their full-text for users. Google keeps telling us to make do with *drive.file* + *drive.metadata.readonly*, which breaks continuous discovery and cripples search results for any new or updated document.

Bottom line: Googles "least-privilege" rhetoric sounds noble, but in practice it gives Big Tech first-party apps privileged access while forcing independent vendors to ship half-working products - or get kicked out of the Play Store. The result is users lose features and choices, and small devs burn countless hours arguing with a copy-paste policy bot.

Sounds like it's time for an(other) antitrust lawsuit. At least Nextcloud is based in Europe, which has recently shown an appetite to stand up to tech giants on some things.

The question to ask is: do Google apps have an advantage here over others?

This sounds exactly what anti-trust laws are for.

they have the advantage that they can shape the API to their needs. yes, you can argue that google apps have the same limitations as other apps. but google defines the limitations. just because google doesn't need a feature, it doesn't mean that no one else needs or should have that feature. so google is able to define features that fit their business model, and they prevent anyone else from offering a different feature set. they own the platform and compete in it. that in itself is an advantage. to not have an advantage either google must not compete with apps on the platform and or they should relinquish their ownership of the platform.

According to the article, and according to many of the comments here, yes they do.

I'd be surprised if they have to go through the same review process as everyone else. And even if they do, the reviewers are likely to give them a pass because it's Google.

And unicorns shit rainbows, and we're all going to win the lottery tomorrow.

Nothing google does is in good faith. They're a corporation - a bundle of regulations, laws, rules, and incentives executed on a mixed substrate of human brains and digital computers, beyond the control and sensibilities that govern individual rationality, seeking to maximize profit. If it's not illegal, they'll do it, and if it is illegal, they'll still do it if the penalty is less than the profit.

We have to stop pretending corporations are people. We have to stop pretending like CEOs can affect what these companies do - the only way to restrain them is laws with teeth. If you want CEOs to behave, enforce laws that come with jail time and lost fortunes. Otherwise, this is what we live with.

Hmm, AFAIK drive.readonly is a Google Drive thing. TFA is talking about local file access, not Google Drive access.

Hello, it’s the same overall issue just on different platforms.

As a user, this should be up to me to decide, not up to Google. However, I do find it odd that Apple can get away with it much more, because Apple's customers generally have more of a "save us from ourselves" mentality.

Apple’s implementation of enabling access to files is entirely different. I actually much prefer it because it sidesteps the self-dealing permissions bomb that Google just set off.

In iOS, applications can use the File Provider API to present themselves in the Files app. You can move/copy/delete data there using the normal human interface constructs native to iOS, including mouse support and keyboard shortcuts on iPadOS.

Apps can also present the same directory internally (inside the app). Cloud-backed applications can then do useful things like materialization, eviction, and dataless file presence.

It doesn’t allow standing access to the entire filesystem, though. iOS only has support for applications reading outside their sandbox if the apps are from the same developer, and then they can call a pooled storage location for all apps that share the same “Team ID” (e.g., top level developer account/organization).

It’s actually far easier (functionally) to grant access to your entire photo library, so for example you can have an app query and backup your photo library.

“True” filesystem-wide backup requires hooking into the iOS backup/MobileFile hooks. Apple isn’t as hostile to third parties doing that as Google is to anyone accessing their own device data. But the process is more cumbersome by far.

Or simply put the implementation behind a permission that they will give to themselves and practically never give to you.

I second the fighting against a copy-paste bot. It took a couple of weeks of multiple daily requests before we got to exchange emails with some sort of human being, which was almost as useless until we gave in and abandoned

It does not look like the laws are working!

Enforcement is erratic, fines are small, and the incentives to do things like this are strong.

They have had this problem for five months. How many customers have they lost in this time?

> In iOS, applications can use the File Provider API to present themselves in the Files app. You can move/copy/delete data there using the normal human interface constructs native to iOS, including mouse support and keyboard shortcuts on iPadOS.

> Apps can also present the same directory internally (inside the app). Cloud-backed applications can then do useful things like materialization, eviction, and dataless file presence.

In Android apps can do all this with the SAF API.

More importantly, on Android the user can give multiple apps access to the same directory, allowing apps to work together with files. iOS doesn't allow this AFAIK.

This is basically exactly how Android MediaStore API works too: https://developer.android.com/training/data-storage/shared/m...

The difference is that Android also has APIs (which require user permission and are, at this point, mostly deprecated or heavily discouraged through Play Store policy, hence what happened to NextCloud) which offer filesystem-level access to files created by other apps. This has historically allowed for apps like NextCloud and SyncThing to offer automatic backup or syncing.

SyncThing ran into similar problems recently: https://news.ycombinator.com/item?id=41895718

Regrettably competition law doesn't really work like this: in the US it doesn't kick in until consumer prices are affected, and in the EU it is a combination of consumer prices plus market fairness. Market fairness could be for technical stuff like this but to the best of my knowledge it hasn't done anything so fine grained. The only example that comes to mind is when Microsoft were forced to show alternative browsers in Windows. No idea if they still have to do that or not, but it is a much higher level thing that is much more readily understood.

It's likely a lot less about giving Google's first-party apps privileged access than it is a super low priority for the team to allocate engineering effort to.

I was a PM in Google Workspace for several years. It's a lot less nefarious than it probably seems. Decisions are optimized for revenue and other features (especially for enterprise customers) are going to be much higher priority.

Companies choosing to focus on enterprise revenue (which is basically all of them since like 2012) do so at the cost of end-user satisfaction.

I will go with yes for $500.

From an Pixel 5a perspective. The camera application provided by Google will only open Google's gallery application and will not open the one the end user sets as system default. User must exit the camera application and manually open the gallery application they really want to use.

One of the reasons I am looking forward for a company that provides a quality Linux base phone. That is the only way to get the system configuration and application select the end user really wants. Google and Apple are for profit prison Wardens with their mobile OSes.

PS. Has anyone ever studied the economic, resource, and power waste of system bloat-ware?

If it looked as nefarious as it is on the inside they would have roughly zero employees.

I don't doubt what you're saying, but whatever the reason, the end result is the same: Google Apps have a "first-party apps privileged access".

>Apple's customers generally have more of a "save us from ourselves" mentality.

FWIW, this could also be described as a "My phone is a tool and not a hobby project" mentality. That is half of what prompted me to change daily drivers from Android to iOS.

I do not get as much freedom for my apps to do whatever I want - but I don't need to do as much work vetting developers or tinkering either. It's a tradeoff of time priority.

Perhaps feature-gate the things that are broken for Google builds, so you can have the functionality available in other channels? Personally, I prioritize installing apps from F-Droid over PlayStore.

In a way, it is. You decided to use Google Drive, which means you decided to make your files practically inaccessible to yourself. This isn't a monopolized market, so you have options.

I don't know if I agree, my Android phone is a tool just fine. I can make it a hobby project, if I want, but I can just keep it a tool if I don't.

Unfortunately, it isn't really practical to have free for all alongside secure by default. Apple is doing the latter, the various non-Google Androids focus on the former.

I strongly disagree. The difference is "I control my phone vs. my phone is controlled by the vendor".

Or "My phone is a computing device vs. my phone is vendor-specified use-case tool".

Why isn't it? I think Android is doing a good enough job doing both, and Apple could have simply allowed unlocking the bootloader. Nothing else would need to change.

Man, Linux phones are a mess, you do well to wait. I'm eyeing Sailfish but even then I'm hesitant, anything else is a big no no (from experience).

Cloud applications can do nil, because the api for the background transfers is only working for iCloud, Nextcloud and other apps in the background get a couple of kb/s effectively pushing you to pay apple. Great Dark pattern from Apple that has been going on for years.

As a user, you're to be no longer trusted with such a thing as full and unconditional access to the device you bought. Browsers are headed the same way. And a large crowd here on HN is okay with this, because "security."

Yeah, exactly, it's a really worrying trend and one that I really don't want to see continue.

They removed the permission for nextcloud, that seems they actually spend resources on removing the permissions. The minimal "spend no resources" approach would have left nextcloud with access.

The post is alluding to the fact that nextcloud is already doing this (the point to advanced users can install from f-droid)

SAF doesn't work with native code, which really sucks if you're trying to make a cross-platform app.

I was under the impression browsers have been implementing more hardware access, not less, if slowly. What are you referring to?

Isn't the process of vetting a developer a subset of the process for finding a good app for doing a certain task?

I believe it. Most people would be better served paying a local company $20/mo to offer the equivalent of google services using open protocols. Unfortunately such a marketplace doesn't exist, but I believe it will eventually.

We need something like F-droid but with proprietary apps to get popular.

Manifest V3? No ad blockers in Chrome?

I'm embarrassed I didn't immediately think of that, thanks.

Perhaps the ecosystem has changed now, but when I made the switch in 2017, having an Android phone felt like a hobby project. I was regularly dealing with flagship phones stuttering and lagging, apps crashing, media formats not displaying properly, etc.

> One of the reasons I am looking forward for a company that provides a quality Linux base phone.

What exactly is that going to change with respect to the camera app? I'm as annoyed by Google Camera's behavior as you are but already today we can download FOSS camera apps for Android that will open the gallery app of our choice just fine. It's just that those apps are not quite as good as Google's app. Exchanging the underlying Android layer for regular Linux is not going to change anything about that.

Isn't the submission about this being a monopolized market, because options are being removed (NextCloud - a popular option).

This has been true for a while, but the OP isn't even about full and unconditional access (like root access, which is all but impossible for normal use), it's literally just "sync my files".

This is not about tinkering. My phone is a toolbox, the apps are the tools and Google keeps breaking them in order to make their tools seem better. I need to get real work done using my phone and being able to sync files with a server is a critical part of that. I can't use Google Drive instead for many reasons, but that's besides the point, because this is illegal anticompetitive behaviour.

As far as I know, Apple also doesn't let you sync folders like this, so that's not a solution. And regardless, Apple cripples many other tools that I rely on.

Your use case is not tinkering. For many others it undoubtedly is.

The person you’re responding to is seemingly just pushing back on the weird idea that iOS users don’t have technical acumen or whatever.

> I strongly disagree. The difference is "I control my phone vs. my phone is controlled by the vendor".

How many Android phones can be used without Google services?

I did just that for the longest time, replaced the camera app so it would use the gallery application set to default on the system.

This is just one example of why I disdain Google and Apple.

There is now way to improve the security of your device. End user should have the ability to block network connects to and from select networks, infrastructures, and applications. Example an application like ZoneAlarm or Open Snitch.

The internals of SMS on Android are wrapped in an API where a simple SQLite database would work and allow quick easy backup. Nope, need to use a 3rd party program instead of just copying files.

I also support the idea of Convergence to allow the device to be used a standard computer by connecting and external monitor, keyboard, and mouse.

Being able to reclaim the storage you bought and remove the bloat-ware. There should be zero reason I must retain your email client when I will never use it.

Until Apple and Google back track down their locked in path, Linux or BSD phone is the only way to take back the "Smart" in SmartPhone.

I can say with some certainty that folks inside of Google are not sitting around talking about nextcloud.

More likely is some paydown of technical debt or effort to simplify leading to the removal of that permission and deciding the ramifications are acceptable.

Boring stuff.

> End user should have the ability to block network connects to and from select networks, infrastructures, and applications. Example an application like ZoneAlarm or Open Snitch.

You can do that on Android with NetGuard.

Native code can work with files inside the app data folder. Then you can expose that folder with SAF in a separate Activity. Termux does this and it works really well.

Most of them? You trade off a lot of features, but you have the choice and can install/do what you want. Sure, I don't like the reliance on google play services but at least there is more choice.

I’ve heard this admonishment from the developer community, but I haven’t run into this issue myself. I expect there is some kind of dynamic at play rather than a strict hard and fast rule in the OS.

I’ve got multiple independent apps that do background sync to various destinations and I’ve never had any problems. Depending on how much data and processing is needed for a sync, sometimes they do get stopped by the OS, especially when on battery power, but they resume when the app is opened. This hasn’t been a big issue for me.

Almost all of the problems I’ve had with this kind of workload have been specific to the OneDrive app, and it doesn’t seem to matter whether it’s a SPO/business or MSA/personal account, or whether via the Files app or native app UI.

No, Google Play services are baked into Android by default. You have to install an alternative operating system to go without them. You cannot use Android in a way Google does not want you to without hacking on it.

Yes it does, nothing forbids someone to write a bit of Java, invoked via Android IPC, no need to be allergic.

Too many folks keep pretending Android is GNU/Linux

Are you sure you were supposed to reply to my comment?

NetGuard has the same inherent flaw that Android forces onto a solution. From their own FAQ:

(2) Can I use another VPN application while using NetGuard

If the VPN application is using the VPN service, then no, because NetGuard needs to use this service. Android allows only one application at a time to use this service.

* My understanding this that OS layer has the ability to circumvent Firewall that uses the VPN work-around.