Nextcloud Cries Foul Over Google Play Store App Rejection

Nextcloud has accused Google of sabotaging its Android Files app by revoking the "All files access" permission, which the company says cripples functionality for its 824,000 users and forces reliance on limited alternatives like SAF and MediaStore. The Register reports: Nextcloud's Android Files app is a file synchronization tool that, according to the company, has long had permission to read and write all file types. "Nextcloud has had this feature since its inception in 2016," it said, "and we never heard about any security concerns from Google about it." That changed in 2024, when someone or something at Google's Play Store decided to revoke the permission, effectively crippling the application. Nextcloud was instructed to use "a more privacy-aware replacement." According to Nextcloud, "SAF cannot be used, as it is for sharing/exposing our files to other apps ... MediaStore API cannot be used as it does not allow access to other files, but only media files."

Attempts to raise the issue with Google resulted in little more than copy-and-pasted sections of the developer guide. "Despite multiple appeals from our side and sharing additional background, Google is not considering reinstating upload for all files," Nextcloud said. The issue seems to stem from the Play Store. While a fully functional version is available on F-Droid, the Play Store edition is subject to Google's imposed limitations. Regarding the All files access permission, Google's developer documentation states: "If you target Android 11 and declare All files access, it can affect your ability to publish and update your app on Google Play."

Nextcloud is clearly aggrieved by the change, as are its users. "This might look like a small technical detail but it is clearly part of a pattern of actions to fight the competition," it said. "What we are experiencing is a piece of the script from the big tech playbook." [...] Are there nefarious actors at play here, an automated process that auto-rejects apps with elevated access requirements, or is it just simple incompetence? "Either way," Nextcloud said, "it results in companies like ours just giving up, reducing functionality just to avoid getting kicked out of their app store."

"The issue is that small companies -- like ours -- have pretty much no recourse," it added. Nextcloud went on to criticize oversight processes as slow-moving, with fines that sound hefty but amount to little more than a slap on the wrist. "Big Tech is scared that small players like Nextcloud will disrupt them, like they once disrupted other companies. So they try to shut the door."

F-droid has it

[innocent_white_lamb]

According to the summary you can get the fully-functional version from f-droid.

Since nextcloud itself is also an open-source program, folks using that are obviously not scared to use open source software. Make a note on the webpage saying, "The android version of the app that works with this thing is here." Post a link to f-droid.

Problem solved.

Re:

[darkain]

That's "problem slightly mitigated" - not "problem solved"

And this isn't just a fight for a single app, its about the treatment within the entire ecosystem.

Re:

[StormReaver]

...its about the treatment within the entire ecosystem.

You are absolutely right. Google and Apple should not have the ability/right to cripple Android/iOS software for any reason. If governments want to ensure competition in computing, behavior such as this needs to come with crippling fines.

Re:

[Xenx]

You are absolutely right. Google and Apple should not have the ability/right to cripple Android/iOS software for any reason.

At the surface level, I disagree. Smartphones are ubiquitous and there are a LOT of people using them that don't understand the risks. As someone that has to support those people, I support Play Store apps being more restrictive. That said, I think Android's current methods of allowing 3rd party apps/stores could be improved. I don't know what the best solution would be, but something like a security option to enable "less secure" apps in the store could work.

Re:

[Xenx]

Just to clarify, my statement was about the general state of things. In regards to this Nextcloud issue, I know Google has a list of exceptions that qualify for keeping the access level they need. It sounds like their app should qualify. I wouldn't be surprised if this is Google targeting them, but I also wouldn't be surprised if this is just someone ignoring the exceptions to the rule.

Re:F-droid has it

[dgatwood]

You are absolutely right. Google and Apple should not have the ability/right to cripple Android/iOS software for any reason.

At the surface level, I disagree. Smartphones are ubiquitous and there are a LOT of people using them that don't understand the risks. As someone that has to support those people, I support Play Store apps being more restrictive. That said, I think Android's current methods of allowing 3rd party apps/stores could be improved. I don't know what the best solution would be, but something like a security option to enable "less secure" apps in the store could work.

That creates an implication in the minds of users that those third-party backup solutions are insecure, or at least less secure than Google's, which may not be true — particularly if the user is backing up to a local file server behind a firewall.

Banning the APIs is the wrong thing to do, and scaring users into not using the apps is also the wrong thing to do. Setting compliance standards for what a company has to do to maintain that level of expanded access is the right thing to do.

IMO, a better approach would be requiring a background check for the company that provides these app to ensure that they are legitimate. And if the company that makes the app is also providing the server infrastructure that stores user data (as opposed to just backing it up to a user-owned server), they should require proof of adequate insurance coverage for damages arising out of breaches and proof of annual security audits by trusted auditors to make sure that user data is secure.

Re:

[Xenx]

That creates an implication in the minds of users that those third-party backup solutions are insecure,

I used figurative quotation marks because I didn't have a better simple term for my example. The example also wasn't meant to be a literal solution, but one to convey the intent behind my point.

Re:

[StormReaver]

As someone that has to support those people, I support Play Store apps being more restrictive.

I understand that concern, and it is completely valid. However, if you give evil companies (Google, Apple, any company with platform control) an inch, they will take a light year. While there are plenty of reasonable-sounding exceptions to total freedom, they will all be abused.

While it will cause problems, history has proven that there is no other workable way but total freedom. The problems caused by such freedom are insignificant next to the problems caused by giving control to a third party.

Re:

[Xenx]

While there are plenty of reasonable-sounding exceptions to total freedom, they will all be abused.

The same is true for society, but people generally agree that some rules/laws are necessary. I don't want to get political, just merely pointing out that that there are always going to be limits on freedom.

Re:

[WaffleMonster]

At the surface level, I disagree. Smartphones are ubiquitous and there are a LOT of people using them that don't understand the risks.

A LOT of people don't understand risks OS vendors pose to their privacy, security and safety. Nor do they understand the opportunity costs they pay for allowing unfair monopolization of marketplaces where a single company gets carte blanch to do as they please while everyone else is held captive to their whims.

As someone that has to support those people, I support Play Store apps being more restrictive.

The play store is the very reason for race to the bottom incentive structures resulting in app stores full of malware existing primarily for data exfiltration. If the OS vendors cared about "people"

Re:

[Xenx]

If the OS vendors cared about "people" they would provide users with necessary controls to prevent apps from exerting take it or leave it demands upon users.

Many apps will work, or partially work, if you decline a particular permission. The problem is that in a lot of cases those permission requirements exist for a legitimate reason. Further, it often won't be clear to the user if/why a particular requirement is needed. I've noticed apps doing a better job of explaining the reason, before it prompts you for permission. However, people are generally goal driven. In this case, the goal is to use the app. They will often readily accept whatever pops up without muc

Re:

[Kernel Kurtz]

I'm not familiar with Nextcloud, but I do use Dropsync which sounds pretty similar. I've not noticed any functionality problems yet, but I will indeed be unhappy if I do.

Re:

[drinkypoo]

What reason is there that Google should be forced to carry your app in their store? I'm sympathetic to the argument that there's many tons of crap on there already, so what's one more unknown quantity, but they are extremely friendly to third party app stores that users want to install. Sideloading is easy to enable, easy to do, and permits you to load an apk from any source you like. Once a store is installed and imbued with the relevant permissions, it can do all of the same things the Play Store can do e

Re:

[test321]

folks using that are obviously not scared to use open source software.

Only if you share family pictures this way (which is my case). And I'll still have to go through every device my elderly family members own and reinstall the application if needed. It's a already a hassle, but worse is if you were using Nextcloud to avoid big name cloud storage for a company. Now you need to tell your employees they have to sideload applications. Or you switch to the Google crap, which is what they want you to do with this move.

Re:

[jenningsthecat]

Or you switch to the Google crap, which is what they want you to do with this move.

This, exactly. They want access to all the files of all Android users, for the purpose of training AI.

Re:

[MachineShedFred]

Until you get a bazillion support people groaning about having to have their organization turn on 3rd party app sources in order to be able to use your self-hosted open source collaboration suite.

Just because the IT guy can figure it out, doesn't mean that marketing can figure it out.

Re:

[XaXXon]

it's well understood that most people won't take those steps.

Well understood to everyone but extra well understood to google and apple.

Re:

[bill_mcgonigle]

F-Droid isn't allowed to install security updates, so no.

Competing app stores with full rights is the most free market solution to the FTC concerns, not making Google sell Android to a sucessor company that still does anticompetitive behaviors.

Re:

[Bradac_55]

That's a orange vs apple comparison.

Anything being downloaded from F-Droid has had a security audit all the way up to a full code audit depending on what it's trying to do.
Anything being downloaded from the Google Play Store is an un-managed shit show that can never be trusted.

Absolutely nothing can convince me the version from the Play Store is the same code as on F-Droid without a full audit.
The fact that even fucking Google is pumping there breaks on complete file system access means something is wrong.

R

I guess Google is killing android

[ebunga]

Google kills everything it touches. They'll eventually kill it's number one product it sells to advertisers... you.

Re:

[registrations_suck]

Everything is illegal in Germany.

Re:

[MachineShedFred]

and the street address where they reside (P.O. Box not allowed) and Google DISPLAYS IT PUBLICLY on every Play Store app listing, for any nutter to access or bot to scrape.

Oh no! A business entity might be required to get a business address?

There's services for that [theupsstore.com], you know.

Re:

[test321]

and the street address where they reside (P.O. Box not allowed)

If you publish consumer software for money, it would be unwise to do it without the protection of a limited company. Assuming you open a company, you can/should register an address that isn't your home. It can be a specialised company that rents a business address / registered office for a small price, say 5 GBP per month https://ghostmail.co.uk/produc... [ghostmail.co.uk] or 10 € per month in my place. I am pretty sure this works for google.

Re:

[Local ID10T]

Google now force individual developers to verify their full legal names and the street address where they reside (P.O. Box not allowed) and Google DISPLAYS IT PUBLICLY on every Play Store app listing, for any nutter to access or bot to scrape.

as required by EU LAW

Never ending bitching

[registrations_suck]

So now it isn't good enough to have multiple app stores to choose from. Now we have the demand that they all have the same rules.

What the fuck?

Re:

[RazorSharp]

It makes sense for NextCloud to make a public appeal like this, and given the timing of Google's legal battles, their public appeal has a good chance of paying off.

I've often been criticized in this space for defending Apple and Google for having the right to set the rules for their app stores. However, in this case I think NextCloud has a strong case that some anti-competitive shenanigans are going on. NextCloud has two primary competitors: Microsoft 365 and Google Workspace/Docs. They have a strong that a

Do one drive next

[FictionPimp]

Please Google, do this to one drive

My issue here is ....

[King_TJ]

You've got the developers of the phone operating system not providing a usable option for people trying to develop this type of application. On one hand, they're complaining that the "All files access" permission is unacceptable to use, as a security risk .Yet on the other hand, you're talking about an application that's supposed to allow syncing much of your phone's content to your remote server (your photo collection, music collection, calendar info, etc.), and allows general uploading and downloading of

Re:

[Lehk228]

the right answer is to establish a standardized cloud service protocol so that a user of any device can link to any cloud backup service and operate equally, whether it's google drive, iCloud, oneDrive, or a user operated home service.

setup should be as simple as entering the URL and login credentials

Re:

[Luthair]

Fundamentally that has the same problem - uploading anything and everything to the remote.

Re:

[robot5x]

Exactly, I don't know why they can't just slap a warning on it like "this app can access all your files if you let it, is that ok?"

My question is how google apps do functionally the same thing, but presumably without using this particular API??

Re:

[PPH]

"this app can access all your files if you let it, is that ok?"

I'm not sure if this is Google protecting the rank and file of idiots from sending their private keys off to the cloud in the clear. Or Google doesn't want Android internals shuffled between storage and other devices, perhaps to clone apps.

Who are they protecting? The users or themselves?

Re:

[itsme1234]

First "all files access" refers just to the files you can anyway see in your file manager, which isn't a lot. You aren't getting any access to OS files or other Apps data, unless they save it in the shared storage.

Second, this access is needed in order to get uncensored files too, yes, for your security Google is generally censoring (as in binary changing) the files presented to the apps otherwise: https://www.reddit.com/r/DataH... [reddit.com]

Re:

[drinkypoo]

I read your link and it seems to be a privacy setting

Nextcloud usability

[alantus]

In my experience, the Nextcloud Android client is hard to use and un-intuitive.
On top of that, it doesn't even support 2-way sync on the phone.
That's what kills it for me, not the Play Store rejection (I could just use F-Droid).