←back to thread

The recently lost file upload feature in the Nextcloud app for Android

(nextcloud.com)
410 points morsch | 1 comments | 14 May 25 05:38 UTC | HN request time: 0.23s | source
Show context
inigoalonso ◴[14 May 25 08:44 UTC] No.43982322[source]
This is exactly why the EU's Digital Markets Act exists. And why it needs teeth. Google disabling Nextcloud's all-files access on Android, while quietly letting its own apps and big corporate players keep it, isn't about "security". It's about control. Nextcloud is a European, privacy-first alternative built on open standards and that can be fully aligned with GDPR requirements. Blocking its core functionality while favouring your own services is a textbook abuse of platform power. Android was supposed to be open, but moves like this show it (at least the Play Services verison) is just another walled garden. If the EU is serious about digital sovereignty and fair competition, this is the kind of behaviour that must be stopped. Otherwise, no European tech, no matter how compliant, open, or user-friendly, stands a chance.
replies(5): >>43982499 #>>43982829 #>>43982978 #>>43983045 #>>43984630 #
izacus ◴[14 May 25 13:58 UTC] No.43984630[source]
Punishing Google for preventing apps from reading all your private data at a whim is quite a take to involve EU for.

Without this enforcement, malware games and apps like Facebook were just uploading your photos and scanning their EXIF locations under the guise of "needing all access".

And as we found out in existing topic, the better privacy preserving APIs exist, Nextcloud just doesn't want to use them.

replies(2): >>43984683 #>>43985254 #
jasonjayr ◴[14 May 25 14:52 UTC] No.43985254[source]
But, I want that. With all the responsibilities that come with that.

Why can't I grant an app that permission? If Google discovers that an app with that permission is abusing what they are doing with that permission, then revoke their developer account! Delete the app from existing phones and inform the users that the developers could not be trusted! App store death penalty!

It's difficult to understand why there is any other reason other than maintaining their privleged position on the device to deny users this ability. Put a persistent notification in the status tray: "These apps have full access:", etc.

replies(2): >>43985844 #>>43989335 #
izacus ◴[14 May 25 21:18 UTC] No.43989335[source]
Because you'd scream your head off like other HNers when a news article "100 million users private photos uploaded to Facebook and Genshin Impact!!!!" appears and would demand Google policing.

You can keep all your functionality, Nextcloud just needs to migrate to an API that gives YOU AS A USER control over what it can read instead of demanding blanket permission for everything.

replies(1): >>43991067 #
1. jasonjayr ◴[15 May 25 01:48 UTC] No.43991067[source]
I promise you I would not. I do not want my technology baby-sat by a third party, I want my technology to do exactly what I want.

I also promise I wouldn't run a game or anything that demanded full access to everything that made no sense to have that permission, because what the heck? Outlook wanted "Device administrator" permission on my personal phone when I wanted to connect my office email to it. I politely declined, and stopped using it. (I mean, I understand WHY Outlook needs that, for secure wipe of data, but that's a pretty wide permission for that one reason)

I cringe as I watch one of my kids authorize elevated permissions when they launch Genshin. (For the anti-cheat) And I promise them I will never run it on my machines :-/

But rather than get lost in the details, what I REALLY want, is a piece of software that will backup and restore the entire contents of the phone to a server of my choice, preferably self-hosted. Right now, this "full system access" option gets the job done, but it's a thermonuclear footgun for the unsuspecting.

How could we convince google to create a new a "Full backup of the device" permission? Because then Google could simply deny the permission labeled "full backup" to the latest hot new gacha game, while allowing legit backup apps the power they need?