Google and Epic Cancel Settlement; Third-Party App Stores Coming To Google Play (arstechnica.com) 41
An anonymous reader quotes a report from Ars Technica: Big changes are coming to Android apps, but they're not the changes Google wanted. The settlement between Google and Epic that aimed to put to rest the companies' long-running antitrust battle is being withdrawn, and that means third-party app stores are coming to the Play Store. Google has confirmed that it will begin distributing rival app stores next week, setting the stage for competing platforms to take a bite out of Google's Android revenue stream. [...] Google and Epic were set to return to court on July 16 to argue in favor of the settlement. However, the writing may have been on the wall. In a recent expert analysis provided to the court, MIT economics professor Nancy Rose noted that the settlement was "unlikely to enable Google Play's potential competitors to overcome their long-standing network-effect disadvantage in a timely manner."
With settlement approval looking increasingly unlikely, Epic and Google agreed this week to call the whole thing off. Here's how Google Trust and Reputation Communications Lead Dan Jackson explains the company's decision: "We've agreed with Epic to withdraw our motion to modify the US Court's injunction rather than prolonging this process which creates uncertainty for the ecosystem. This allows us to focus on executing our recently announced global business model evolution to deliver greater app store choice, lower prices, and more opportunities for developers and users. We remain committed to maintaining Android's industry-leading security and fostering a competitive ecosystem where every app store and developer has the freedom to compete. In parallel, we continue to comply with the US Court's injunction."
In a brief filing (PDF), Google's legal team informs the court that Google is prepared to begin distributing third-party app stores in Google Play on July 22. Under the terms of Judge Donato's original injunction, these stores will have access to the full catalog of Google Play apps by default. Developers will have the option to opt out of distribution in these stores, and Google has a support page explaining how to do so. Google also has documentation on how app stores can get access to the Google Play catalog. It won't be mirroring those apps in any shady storefront that asks. The court has allowed Google to charge reasonable fees to cover its security and compliance review of third-party stores, which will be $5,000 per year.
Google will also require approved stores to block malware, respect intellectual property, and include mechanisms to update and uninstall apps. App stores can be removed from the program if more than 1 percent of attempted app installs appear to be malware or unwanted software. It's unclear if there will be separate, possibly more stringent requirements for storefront distribution in the Play Store. However, Google is prohibited from unreasonably blocking third-party store clients uploaded to Google Play. The changes Google has announced under the Epic agreement will proceed for now. That means Registered App Stores will happen globally, but they will probably only appear in the Play Store for US users. Google hasn't specified if there will be any differences in the features available to the stores downloaded from Play versus registered stores.
With settlement approval looking increasingly unlikely, Epic and Google agreed this week to call the whole thing off. Here's how Google Trust and Reputation Communications Lead Dan Jackson explains the company's decision: "We've agreed with Epic to withdraw our motion to modify the US Court's injunction rather than prolonging this process which creates uncertainty for the ecosystem. This allows us to focus on executing our recently announced global business model evolution to deliver greater app store choice, lower prices, and more opportunities for developers and users. We remain committed to maintaining Android's industry-leading security and fostering a competitive ecosystem where every app store and developer has the freedom to compete. In parallel, we continue to comply with the US Court's injunction."
In a brief filing (PDF), Google's legal team informs the court that Google is prepared to begin distributing third-party app stores in Google Play on July 22. Under the terms of Judge Donato's original injunction, these stores will have access to the full catalog of Google Play apps by default. Developers will have the option to opt out of distribution in these stores, and Google has a support page explaining how to do so. Google also has documentation on how app stores can get access to the Google Play catalog. It won't be mirroring those apps in any shady storefront that asks. The court has allowed Google to charge reasonable fees to cover its security and compliance review of third-party stores, which will be $5,000 per year.
Google will also require approved stores to block malware, respect intellectual property, and include mechanisms to update and uninstall apps. App stores can be removed from the program if more than 1 percent of attempted app installs appear to be malware or unwanted software. It's unclear if there will be separate, possibly more stringent requirements for storefront distribution in the Play Store. However, Google is prohibited from unreasonably blocking third-party store clients uploaded to Google Play. The changes Google has announced under the Epic agreement will proceed for now. That means Registered App Stores will happen globally, but they will probably only appear in the Play Store for US users. Google hasn't specified if there will be any differences in the features available to the stores downloaded from Play versus registered stores.
F-Droid (Score:3)
Does this mean I will be able to download F-Droid from Google Play?
Re:F-Droid (Score:5, Insightful)
Nope. Google is still set to kill F-Droid later this year when they turn on mandatory developer certificates which will require developers to pay Google and hand over their personal information, regardless of what app store they want to distribute through. This will essentially kill F-Droid for casual users (their main target is almost certainly NewPipe). Yes you can still use F-Droid but you'll have to do a 24 hour delay before you can install F-Droid.
Re:F-Droid (Score:4, Informative)
Nope. Google is still set to kill F-Droid later this year when they turn on mandatory developer certificates which will require developers to pay Google and hand over their personal information, regardless of what app store they want to distribute through.
Nonsense. There's no reason to expect that mandatory developer certificates will kill F-Droid, at all. F-Droid will need one guy to pay the $25 fee and identify himself. Unless they can use the open source developer exception that Google has talked about (but hasn't announced any details, AFAIK).
This will essentially kill F-Droid for casual users (their main target is almost certainly NewPipe). Yes you can still use F-Droid but you'll have to do a 24 hour delay before you can install F-Droid.
That's a bigger issue, because Google's announced policy is to require that apps respect intellectual property, which would include not distributing apps that blatantly violate terms of service. Most likely F-Droid will have to stop distributing NewPipe if they want to be in Google Play. If dropping NewPipe is enough to kill F-Droid, then I guess that'll do it.
Re:F-Droid (Score:4, Informative)
https://keepandroidopen.org/ [keepandroidopen.org]
I guess I wasn't clear enough as you do not seem to understand the issue. Google is requiring *all* apps, regardless of how you install them, or from what app store you install them, to be signed *by them*. This means that every app available on F-Droid must be signed (and developer dues paid) also or it won't be installable. This not something F-Droid is willing to do because the whole reason F-Droid exists is to give users access to software by open source and other developers who can't or won't pay the Google tax and fork over their information to Google.
If F-Droid were to participate in Google's scheme to extort developers, it becomes a huge liability for the open source developers themselves, should Google suddenly decide their app violates their policies and IP, and slaps them with a lawsuit (even if frivolous).
The whole thing is quite nefarious. Google used to take a 30% cut in their app store, but they were legally censored for it (the whole reason we're here talking about this). Now instead of just the 30% cut they can charge literally all android app developers a fee (one-time for now, but that could change quite easily), and hold control over all of them even when they don't even use the Google play store. It's evil genius really.
But as the other poster said, no one really cares, sadly.
Re: (Score:2)
Google is requiring *all* apps, regardless of how you install them, or from what app store you install them, to be signed *by them*. This means that every app available on F-Droid must be signed (and developer dues paid) also or it won't be installable
Yep. And this just means that F-Droid has to have one person sign up and submit all of the apps for signature, as I said.
Re: (Score:2)
Somehow I highly doubt what you suggest is possible. Pretty sure Google wouldn't allow it either.
Re: (Score:2)
Somehow I highly doubt what you suggest is possible. Pretty sure Google wouldn't allow it either.
They just require the code to have been submitted by a registered identity. They aren't going to check copyright ownership... and with open source apps that's rarely only one person anyway. The only risk is that if some of the F-Droid apps turn out to be malware, Google may revoke the permission of the person who submitted them to submit apps. And note that they don't insta-revoke. If it's a legitimate mistake (e.g. someone slipped some bad code in upstream), and it doesn't happen too often, it's fine.
Re: (Score:2)
A developer can't sign (and then distribute) an app for an applicationId that is not associated with their account.
Re: (Score:2)
A developer can't sign (and then distribute) an app for an applicationId that is not associated with their account.
Yep. So all of the F-Droid-distributed apps will be associated with one account. Or maybe it'll be distributed across a handful of accounts.
For open source apps absolutely anyone can package and submit an app under their account.
Re: (Score:2)
Nonsense. There's no reason to expect that mandatory developer certificates will kill F-Droid, at all. F-Droid will need one guy to pay the $25 fee and identify himself.
No you missed the problem. F-Droid may stay online if they pay $25, but what's the purpose of a store when it has no apps? Every individual developer shipping an app in F-Droid needs to pay the $25 as you can't sideload an unsigned APK anymore.
Will all developers do that, or will F-Droid turn into a useless wasteland?
And no your suggestion that F-Droid will submit unrelated apps from unrelated developers for certification is false. The *DEVELOPER* needs to do that. They can't just funnel all apps through on
Re: F-Droid (Score:2)
Anyone with the source code for an app can generate and sign an APK. There's nothing stopping me from gettting the source for some F-Droid apps, compiling and signing them with my cert, and submitting them back to F-Droid.
Granted it's not quite as easy as it sounds, as having the source for an app and being able to compile it often requires a lot of work in between.
Re: (Score:2)
Every individual developer shipping an app in F-Droid needs to pay the $25
You think Google is going to verify that an app was submitted by the author/developer rather than some F-Droid guy who submits all of the F-Droid apps?
Re:F-Droid [and broader solutions] (Score:4, Interesting)
Okay, I'll say it sounds like a reasonable question for a plausible FP, but do you [TwistedGreen or caseih or another reader] care to say enough to make anyone care? Even care enough to "encourage" a websearch?
My problem with websearch these weeks is the AIs lie and hallucinate too much. On the second hand they are so polite about it that the "conversations" are often more pleasant than what you see on today's Slashdot, but still. Mostly I don't want to talk to it. It's almost enough to drive a human to Bing. "Which AI do you trust today?"
But I still have a radical suggestion for a broader solution approach: Tell the truth. In reference to today's WWW it sounds like I must be going for funny, but I'm quite serious. The specific truth I'm asking for involves the truth about the money. Can you imagine a "Business Model" tab in Google's and Apple's presentation of the app they are "helping" you install for their greater glory and market dominance?
Given the usual discussions I notice on Slashdot these years, it's really hard to think the average reader has that much imagination, so I'll practice my typing a bit more. (But the AIs type also better than I do, among their other wonderful attributes.)
The basic idea is to let the app's creator explain where the money is coming from so we can assess the legitimacy and motivations and even the probable durability of the app. I think most of the time that would just involve picking from the list of popular business models, but there should be an "Other" option where an actual innovator can explain something else. Up to you to decide if you want to trust the salesman whose pitch includes "It's a new business model and I don't want to tell you the details." I actually think there are too many suckers who would swallow that bait anyway, but...
The lower part of the "Business Model" tab would be under the control of Google (or Apple or Samsung or your phone company or Microsoft or Meta or worse). (Worse than Meta? Whoa!) In many cases, the cases where the google is participating in the business via ads or some other aspect, the google would be able to add a simple affirmation of the sort "We are on the other side of that business model and it is working as described." I'm not saying the complicated cases would go away, but the google could decide exactly how much "due diligence" seems called for. Or ask their AI to assess the risk? Does the google even trust their own dog food these years?
But there is a deeper root of the problem. It's the "Live and let scam" business model. In email the specific flavor of poison is "Live and let spam", and I think most of the blame still goes back to Microsoft for the EULA innovation. Consider the case of Microsoft's liability if you commit a crime using Microsoft's "perfect" software. That's right, you (and the victims) have no case. (I used to credit Microsoft with two significant innovations leading to PROFIT!, but after reading Microsoft Secrets by Cusumano and Selby, I changed my mind about one of them. Not the actual innovation I thought it was?)
Re: (Score:3)
If https://keepandroidopen.org/ [keepandroidopen.org] isn't convincing to this crowd, I don't know of anything that will. Google's set to hold more power over Android and would-be app developers than even Apple. It's evil genius level.
Google kind of relented and will allow you to disable this "feature" requiring a multi-step process that takes 24 hours. It could be reasonable, given Android's malware problem, but I can't help but wonder if there's not a better way, but it wouldn't serve Google's purpose to increase their co
Re: (Score:2)
Well, you got me to look at F-Droid, but I didn't find the solution approach plausible. Part of the implausibility came from the extremist tone. Not possible to predicts so many details of a final implementation even if it was an accurate description (and I doubt that) of the current form. Not persuaded, but maybe a visible financial model would have helped persuade me? Was it down there on the seventh screen somewhere? Or if I just clicked on the right link?
But no hint in your reply what you found implausi
Mixed Feelings (Score:2)
Re: (Score:2)
There is unlikely to be any change in the malware levels because Google is set to know *everything* about the developers of literally all android apps. They are doing this by rolling out their new verification program which will require all apps regardless of how they are installed and from what app store, to be signed *by Google* after the developers pay their fees to Google. Whereas before google was unhappy to lose their 30% cut, now they've engineered a way to take a cut from *all* developers in all a
Re: (Score:2)
With the same mixed feelings you could say users should not download Steam or Epic launchers, because they allow to install software for the user.
Re: (Score:2)
Why is malware distributed by third party app stores, worse than malware distributed by Google Play Store? You do realize malware is already rampant in Google Play, right? https://www.malwarebytes.com/b... [malwarebytes.com]
HA (Score:2)
The best part is that Sweeney got nothing out of this. Only a wish and a prayer that he can turn a storefront into something profitable "this time".
Hopefully this kneecaps the Sept. APK lockdown (Score:2)
... but I'm not hopeful. In a way I hope Google still turns the screws on installing apps, including the proposed 24-hr delay on 3rd-party apps. Linux smartphones are coming, and the more they squeeze us, the more incentive to finish truly open phone platforms.
Re: (Score:2)
Nope this move is entire *because* of the Sept APK lockdown. Now they can allow third-party app stores while still taking fees from every Android app developer regardless of store, and maintain full and total control over users and developers. I'm surprised Apple didn't think of this.
An Epic Play Store? (Score:1)
Downloading anything from Epic is the last thing I would do.
Hopefully Google won't hamstring this (Score:3)
Hopefully Google won't hamstring this by forcing you to enable "install apps from any source" setting to use non-Google app stores. If I use an alternate app store I don't want to let apps from just anywhere be installed, I only want apps from that app store to be installed. Apps from anywhere else I want to continue to block.
Re: (Score:2)
The way it has worked for many years on Android is that even when you enable "install apps from any source", you still have to enable each app that wants to start an installation separately. So your would authorize the app store of your choice, and random .apk downloads in the browser (which Chrome and Firefox will shit a brick over anyway) are still blocked.
Re: (Score:2)
Android doesn't work like that. You enable "install apps from any source" on a *PER APP* basis. That is to say you need to enable "install apps from any source" the first time F-Droid asks for permission, or Epic asks for permission, but that doesn't give any other app the right to install an app.
Re: (Score:2)
The "install from any source" setting was replaced long ago by a "Allow App X to install apps?" prompt, that asks you once per app instead of once per device.
Still won't be good for consumers (Score:2)
All it is, is companies complaining that google gets to exploit, steal peoples data and make a bunch of a money from it, and they want to do it too! It's not fair that only google can!
Zero fucking interest in this as it has nothing to do with making things better or more fair for consumers.
Re: (Score:2)
Maybe not good, but better. Competition is a wonderful thing.
Remember when you had to sideload Amazon's video app? Now, Amazon (and other companies) will be able to set up their own stores, which will result in more choices for customers. I don't see how this isn't a good thing.
Re: (Score:2)
I would agree if it was actual competition, where maybe the new stores don't do the same crappy tactics that google does regarding data, but it's not. So I would argue it's not better, it's the exact same thing. Now you'll have extra stores the manage, it'll get more bloated, and I'm sure things won't place nice with each other, and seperating out subscriptions for apps further, and payment portals etc.
It's not going to be better either, for consumers. This isn't competition. I refute that. It's the same se
Re: (Score:2)
Here's the thing. Maybe many of the alternative app stores will do the same crappy stuff. But can you guarantee me that *all* of them will?
Think about brick-and-mortar stores. There are a whole lot of crappy stores, but there are also a lot of average stores, and some really good ones. Why wouldn't it make sense to believe that the same pattern would apply to Android stores?
Nobody's forcing you to sign up for these alternative app stores. But as it is now, you don't have a choice. I'd rather people be able
Re: (Score:2)
I'll add they may not even offer better prices. They'll just remove it from the google store and require you to install their store and get more direct advertisements for their crap, and they can make agreements that the software doesn't work without enabling notifications.
Google Android or all Android OSes? (Score:2)
Many people use Android-based OSes that don't come with the Google stuff - ie there's no GMS or Play Store at all (or maps, Gmail, YouTube etc etc - unless you put in some effort, maybe). Many are Chinese companies, of course, since they've been knobbled by the US government. Does this affect those companies' devices and users?
Re: (Score:2)
This is specifically regarding Google Play Store, not Android generically.
I heard you like App Stores (Score:2)
So we put some app stores in our app store *Xzibit meme here*
Google will still gatekeep (Score:2)
Re: (Score:2)
It's a phone ffs
It's a computer that can take calls.