←back to thread

The recently lost file upload feature in the Nextcloud app for Android

(nextcloud.com)
410 points morsch | 3 comments | 14 May 25 05:38 UTC | HN request time: 0.58s | source
Show context
moonshot5 ◴[14 May 25 16:07 UTC] No.43986181[source]
AOSP platform dev here. (Filesystem) Opinions my own, I don't speak for Google.

Disclaimer: I don't use nextcloud, and have not looked at their app specifically, this is just a surface level observation from my relatively informed perspective.

My take: SAF would work for this use case, as others have already mentioned.

Google Drive does not have the permissions that next cloud claims Google is giving preferential treatment to, and is delivered via the Play store in the same way nextcloud's app is.

As others have also observed, permissions such as MANAGE_EXTERNAL_STORAGE have been rampantly abused in the past, often in horrific ways.

replies(7): >>43986712 #>>43987576 #>>43987745 #>>43989733 #>>43990209 #>>43991397 #>>43992185 #
coded_monkey ◴[14 May 25 16:53 UTC] No.43986712[source]
> As others have also observed, permissions such as MANAGE_EXTERNAL_STORAGE have been rampantly abused in the past, often in horrific ways.

The lack of consideration for this point in this thread scares me. The amount of data that can be taken from a device through a permission like this is likely huge and it’s not just about “protecting users from themselves”. I wouldn’t feel safe enabling it for any app, and while syncing all data on the device sounds very useful, it’s a damned if they do, damned if they don’t scenario for Google.

replies(4): >>43986806 #>>43988162 #>>43989753 #>>43990775 #
1. mvdtnz ◴[14 May 25 19:10 UTC] No.43988162[source]
Google simply needs to add "I'm an adult" functionality to their phones. I know the author of this app and trust them, I know the functionality I want and I accept the risk because I'm a grown adult and can make my own choices.
replies(2): >>43989238 #>>43989398 #
2. nolist_policy ◴[14 May 25 21:07 UTC] No.43989238[source]
But why? Just for the odd app that can't be bothered to use the new API?

Even if you trust the app, if there is a vulnerability in there, the Android sandbox provides an additional line of defense. Most apps don't have defenses of their own, the only apps that self-sandbox are web browsers.

3. izacus ◴[14 May 25 21:26 UTC] No.43989398[source]
The next API Nextcloud is asked to use it literally that - it asks you, as the user, what files you want Nextcloud to read.