“On August 31, we’ll start rolling out these requirements for anyone creating new Play Console developer accounts. In October, we’ll share more information with existing developers about how to update and verify existing accounts.”
Source: happened to me and all of my apps despite them being Free Software and offline-only. Here's one of the emails they sent me about it: https://i.imgur.com/dVzQj2p.jpeg
Notice how they open with “Hi Developers at [my first and last name]” – developers, plural, and “at” like they only expect me to be a company and not a single person.
The DUNS number thing is such a disaster even for companies with it. We had a the account under a DUNS of a subsidiary but somehow they wanted us to upload verification docs for the main company, of course not matching exactly how they expect, and there is no way to change it without jumping through a bunch of hoops. Similar issues at Apple. Eventually they let us verify the account with "company letterhead" as if that proves anything (despite them insisting the letterhead needs to say dev@company.com instead of support@company.com, again proving nothing really)
For both Apple and Google it's one of those processes where the support doesn't even really seem to understand how it works (they probably don't know what automated emails are being sent, and what the dev side looks like). They would randomly close cases for "no response" immediately after they replied, ask us to upload something despite their being no way to upload it, tell us to ignore the "your account will be closed email" because it actually won't be (wrong again), etc.
DUNS own lookup page doesn't even let you look up by DUNS number (so we could figure out what company some ancient number was associated with). I bet it's because you have to pay for one of their "solutions" to do this.
It seems like to Google, "customers" will only ever be anonymous data points in an A/B test.
They would have gone down quickly if they hadn't "borrowed" Overture's business model of paid ads.
They have no culture of valuing the customers, or (like Amazon) obsessing about what they need.
Apple is at least slightly different: hardware customers and high-value employees are treated okay from what I hear, but devs are left alone.
Indie developers bring both Apple and Google a lot of revenue indirectly, but they don't really have much of a lobby (maybe they should unionize/hire a lobby firm together).
Why would # of app submissions to be what they test on? It’s revenue to Google. Wouldn’t surprise me if many of the apps that stopped appearing were free apps. Why junk through 20 hoops to make no money?
Probably something more like a trade organization/association would be better. Like the Dairy Farmers Association. Which may or may not hire lobbyists.
Indie developers are a nothing burger for Apple. It came out in the Epic trial that over 90% of App Store revenue comes from the major game companies with pay to win games and loot boxes.
I get where you're coming from and I find it just as bad how individual devs are being treated - but talk with some of your family members and non-tech friends about what they've got installed on their phones... And what they'd miss if it got removed.
It's gonna be
1. Social media / chat / SMS apps
2. Games (not one specific one - they'd be fine if any one game is removed, because alternatives exist)
Most if them will not even have a single app installed that can remotely be categorized as indie developed.
There are countless indie devs around that make great games etc - they're just not being discovered by normal people.
Following the money insinuates that is by design, but there is no proof for that... Only circumstantial evidence like the previously mentioned statistic of app store revenue and the way they treat individuals. But still no conclusive proof and both can be argued to be coincidences (i.e. because of low user count they don't consider them important to their platform, hence low visibility in store etc)
Personally, I find it highly suspect that the app/play store so heavily favors apps/games that are borderline user-hostile. Especially if I look to probably the only mainstream store that's looks pretty neutral to me: Steam.
Here your often get 1-4 dev projects hitting the charts. It makes you wonder if the same would happen if Valve became just as profit oriented and started to siphon money via in-app/game purchases too
Validation issues happen all the time for subsidiaries when the parent company likes to own/manage things. Always fun when e.g. EV certificate validation (sigh windows update stuff) calls the parent company reception and asks for the manager listed as owner, and they just go "who?".
The One Weird Trick I learned was to to get a company attorney to write a professional opinion letter saying that you are indeed authorized to get a cert on behalf of your company.
Incredible experience with this: our App Store account was from an acquired company that was no longer doing business. The Apple representative requested documentation that the no longer in use LLC was in fact, no longer in use.
When I requested what documents they might think a defunct LLC was creating that would prove it was defunct, they didn't have an answer. Same as others we ended up just making a new fucking developer account.
Same issue but we actually got the account assigned to the new company, but I think the DUNS was still the old company so any time they require verification (e.g. for trader status), the account is stuck in some weird state that is halfway between two companies.
Yeah, DUNS numbers are super easy IME for companies to get, but its hell after that. We had some crazy problems with the App Store where our legal address with DUNS didn't match what we provided Apple, even though we had updated it with D&B, but Apple's systems weren't pulling in that update, Apple told us to talk to D&B, D&B told us to talk to Apple... we ended up literally just making a new corporation and starting from scratch.
I first encountered Electronic Data Interchange in the early 90's. The small shop I worked for at the time had no idea and just wanted to make the parts they quoted and send them when done.
The EDI request came in a box, with external modem, a paper with phone number and directions and then a smaller box with PROGRESS database software for MSDOS in side and a handful of disks containing the EDI system.
Good lord that was painful! I just plowed through it and all that pain completed a check box at Honeywell, who then sent us jobs electronically!
Yes, via FTP.
The CAD they were sending was Computer Vision and it was a full on solid model representation! At the time we were running CAD from the early enlightenment, CADKEY 3.5 for MSDOS!
Our best micro computer lacked the storage to handle the uncompressed file, which arrived on another handful of floppies that formed a multi part. Zip file, which uncompressed totaled about 40 megabytes and change! Entire systems only had 20!
The CAD system failed to translate the data too. 16bit pointers lacked the range needed. They had me fetch a patch a day or two later and it took a few hours to do.
300 kilobytes of wireframe CAD, and the parts we made were basically 5 percent of that data!
FTP can be as secure as any other protocol. Enabling encryption on the server side is generally as simple as installing a certificate and turning on an option. And most FTP clients will default to using encryption if it is available; for the clients that don’t do that, it’s just another server option to require clients to use encryption.
> And when companies say they use FTP to exchange data, they don't tend to mean SFTP. They really do mean FTP.
Because SFTP is a different and entirely unrelated protocol. The encrypted version of FTP is sometimes known as FTPS, but it’s really just a variant of FTP. So it would be inaccurate to call it SFTP, but referring to it as simply FTP doesn’t imply a lack of security.
> The AUTH command is generally sent before encryption of the connection is made.
So…? What is the danger of negotiating an encryption protocol over plaintext? No credentials or sensitive information are sent via the AUTH command, and a server that disallows unencrypted connections will simply refuse to go any further with a client that doesn’t support encryption.
> It’s also vulnerable to a huge swathe of timing and weak hash attacks.
Gonna need a source on that. And even if such attacks potentially exist, in the use case you mentioned above I’m still not seeing how encryption combined with, for example, IP whitelisting can’t effectively be as secure as anything else you could use.
I mean, if they’re really not using encryption then yeah, that’s stupid and all bets are off. But there’s nothing inherently insecure about the FTP protocol.
Negotiation over plaintext is a vulnerability, yes.
Neither side of the pipe is secured, so absolutely everyone inbetween is a MITM waiting to happen. Someone else can negotiate what encryption gets used. Such as the still supported MD5 signing-only.
Which also means your IP whitelisting does bupkus, unless you trust every single interchange of your, and your clients, telcos.
It’s only a vulnerability if you’re using vulnerable encryption methods, at which point you’ve already introduced a vulnerability. You could make the exact same argument about STARTTLS vs implicit TLS, but it’s generally understood that, as long as the only allowable protocols are themselves secure, there is no difference in security between the two.
No, the negotiation is in plaintext. You don't get to choose whether or not you use a vulnerable encryption method.
That same problem in STARTTLS is how we ended up with CVE-2011-0411.
> The TLS protocol encrypts communication and protects it against modification by other parties. This protection exists only if a) software is free of flaws, and b) clients verify the server's TLS certificate, so that there can be no "man in the middle" (servers usually don't verify client certificates).
There's no certificate verification in FTPS - it's too early - so you're screwed. [1]
FTPS is the vulnerable encryption method. It's the reason that SFTP is recommended, and FTPS is not. [2]
This happens to Google Cloud partners all the time, too, when there are acquisitions, mergers, or DBAs where the legal business entity changes even though the practical relationship stays the same (with the same people, same contact details, same billing/payment accounts, same contract terms, etc). It's extremely irritating.
Both Apple and Google need to be regulated. Their vice grip on app distribution, app defaults, search defaults, payments defaults, user credential saving defaults, messaging defaults, browser defaults, and then their brutal taxation of almost all web e-commerce and businesses is beyond the scale of whatever Standard Oil had.
You cannot do business on the Internet without paying the Apple and Google toll. They control all the points of ingress and egress, and they tax everything that moves.
It'd be bad enough if they were just charging money, but they also make you jump through hoops to design software their way, do unplanned upgrades to their cadence, prevent you from deploying emergency hot patches, prevent you from updating software dynamically, prevent you from knowing your own customer, etc. etc. etc.
And they're happy to sell your competitors ads to outrank you for your own trademark.
These companies need to lose their control over this. Web distributed apps must become the norm.
You can't tell me that with sandboxing, signature scanning, and some clever heuristics, that we can't make mobile completely safe for free and open distribution.
For reference, the regulation you are probably referring to is Article 30[1] and Article 31[2] of REGULATION (EU) 2022/2065 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act).
Article 30 requires capturing and vaguely defined validation of the following information supplied by a trader (includes traders of software):
- the name, address, telephone number and email address of the trader;
- a copy of the identification document of the trader or any other electronic identification as defined by Article 3 of Regulation (EU) No 910/2014 of the European Parliament and of the Council;
- the payment account details of the trader;
- where the trader is registered in a trade register or similar public register, the trade register in which the trader is registered and its registration number or equivalent means of identification in that register;
- a self-certification by the trader committing to only offer products or services that comply with the applicable rules of Union law.
Article 31 requires at least the following trader information to be displayed to potential buyers:
- name;
- address;
- telephone number;
- email address;
- clear and unambiguous identification of the products or the services;
- information concerning the labelling and marking in compliance with rules of applicable Union law on product safety and product compliance.
Do you think I somehow personally chose where my apps would be more popular or less popular? If they wanted to cut off my apps in only European regions due to European regs it would be disappointing but understandable.
It's amazing to me that there are some people that will go to these lengths to defend the profits of one of the largest corporations in the world.
At no point does it even occur to you that Google are already bending you over a table with their cut, and you're already white knighting for them even in a completely hypothetical situation.
Do you have very strong investments on Google? Otherwise, I really can't explain why an entrepreneur would ever think the way you do.
It's not just getting a DUNS number. You also need to consent to having your home address (no PO box or virtual mailbox, needs to be a physical address for your "business") listed publicly on the DUNS website and on all your Google Play Store app pages.
Other app stores are similar, so probably it's some dumb government regulation.
I created a free, offline, opensource app on Google Play, no monetization or payments, as an individual. When this change rolled out I was required to verify my identity and set up a payment profile or else my app and account would be deleted.
After I went through half of the process, they showed a "here's what your users will see on the play store listing under 'About the developer' section!" This included my full legal name, personal email address, and country, which is enough information to find my home address and other information in public registries. This app serves an online community that can be quite crazy and I was absolutely not going to doxx myself to them. I decided I had enough of Google so I gave the app away to a company
- email address is just the one associated with the Google account, it sucks if you started the application on your personal google account, but you can still change it
- you need a payment profile to pay the account fee + verify your identity, the last part is probably very important for anti-spam
- I can understand that legal name + country can be considered doxxing, but I think it's highly relevant information for users
Of course these requirements could be relaxed for low-risk applications (i.e. no INTERNET permission), but I think it's understandable there is so few of them nowadays that it is not a priority.
In what way is knowing the full legal name of a developer relevant to end users? I work in the App Store analytics space and even I have never once thought “I wonder what the full legal name and address of the app developer is. I’d love to drive to their place physically or mail a letter 1800s style to discuss their app”
The most I’d ever wonder about is maybe their country of origin.
For the 1 in 10,000 case of someone actually legitimately suing someone, publicly showing this info to everyone will also create a 100% chance of being sent spam or phishing emails with your real name and country, 1 in 2 chance of some troll signing you up for something nasty, 1 in 50 chance of someone ordering pizza to your house that you have to pay for, 1 in 500 chance of an angry user demanding you add some feature or delete the app else he'll do something bad with your information, 1 in 1000 chance of being SWATted, etc...
If your app is something that's currently politically controversial (e.g. it's an app for trans people), multiply these probabilities by 10.
I didn't make these rules. Just pointing out why this stuff is flowing down hill from government regulations and the overreaction of the private companies who have in the business model no allowance for nuance or human intervention at scale. Make rules so tight that people who are neither paid nor empowered to make decisions can enforce it.
If people don't want to be accountable for their app in any way, maybe they just don't have to have their apps out there. There are other venues, app stores, sideloading, where apps can be put up by random people with no verifiable information and even less trustworthiness than some random app from play store.
F-Droid allows random people with no verifiable information to publish apps, and AFAIK there's never been a single case of malware or something malicious.
The same can't be said about Google Play where I can usually find malware at any time with specific search queries. These are apps that should have never been approved in the first place because they're blatantly impersonating another app.
The people who make this malware won't be accountable, because they don't register their own developer account and verify their own identity. They go around emailing the contact email of every small developer on Google Play, saying that they'll buy their developer profile or pay for them to upload an app. I got many such emails as it is.
Yeah, I wanted to add that it may be less of a problem when there's source code, but sideloading and third party app stores includes apps that don't have source code available, like random loose apks people just download and install, or just third party stores that aren't open source oriented (like game stores, phone maker stores, etc.) Checking source code is also not an option on play store itself, so they might want to have some other ways of verifying where something comes from and letting other people check something for themselves.
No it wouldn't be "fair" and it's not just if you want to monetize your app. D-U-N-S number is required for developer account creation regardless of whether you plan to monetize or not.
They didn't explicitly ask for a home address, just a physical address. But for a hobbyist dev, home address is probably all you have so effectively that's what they're asking for. Or for you to rent an office somewhere, which I guess is what they wanted you to do by asking for a commercially zoned adddress.
There’s even more than that, actually: if you’re an individual developer you also need 10 people to beta-test your app for 2 weeks, along with having your home address listed online. Google really doesn’t wan’t anyone who isn’t a company developing apps for Android lol
Watching it happen, it also felt like hurdle after hurdle kept being added (in addition to the never-stopping API level treadmill).
Even if I were OK with jumping through the current set of hurdles, the promise of a never-stopping hurdle-jumping exercise with new requirements being thrown at me every quarter is not exactly encouraging for anyone who actually has a life outside of developing their apps.
Ran into this myself late last year. Registered as an individual developer for a free, non-monetized app and had to find 20 people (they reduced the number since) to sign up (and remain signed up) as beta testers for a 2 week period to get the app listed.
Luckily I was able to hit that number (the app is a stat tracking app for the game Destiny 2, so I was able to get beta testers via posting on a subreddit filled with Destiny 2 PvP players). But it took way longer and was way more of a burden compared to getting the same app listed on both the Apple App Store and the Microsoft Windows Store (the app is written in Kotlin/Compose Multiplatform and was relatively easy to make multiplatform).
If I didn't happen to be an Android "main" myself (creating a vested interest in wanting to make the Android version easily available) I might not have bothered with the Play Store hoops give how much of a pain in the ass it was compared to the other listings.
>Google really doesn’t wan’t anyone who isn’t a company developing apps for Android lol
I mean, it's Android. You can publish an app yourself or through an alternative app store. Given that you have options on the platform I don't have a big problem with Google enforcing pretty stringent requirements on their own store. In fact I prefer a pretty clear dividing line between trusted apps in the Play Store and 3rd party apps at your own risk. There was so much crap in the Play Store it was often hard to tell what's a scam and what wasn't.
Exactly, I happened to have long running apps, in the store, I didn't update them for some time but they were simple and working as designed, good for their job.
Suddenly there was this weird obligation to declare a company or disclose publicly info about me, so i did nothing and it expired, and they removed the app.
I saw many solo devs recommend switching to an LLC company to avoid the hassle Google introduced since late 2023, but it doesn't seem to be an easy task either. I've already witnessed two experiences:
I haven't tried the specific flow for private individuals (seems to just be a radio button), but I do recall getting DUNS numbers as just filling in an online form with name and location and getting the number by mail, without any hoops for fees.
A bit silly to require for private individuals, and a bit annoying to have to go back and do, but not itself a big deal.
> I do recall getting DUNS numbers as just filling in an online form with name and location and getting the number by mail, without any hoops for fees
Having to do it at all is the hoop, and more than zero hoops is too many. I got nothing out of having my apps on Google Play except the joy of sharing in what was at the time a new and exciting medium.
See Windows Phone for a great example of how it would have played out if Google hadn't successfully courted small-time devs like me and countless others. Corporate publishers would have never colonized Google Play in the first place if an audience wasn't already there. The way they addressed me makes it very clear that solo devs are no longer needed, so I will never submit to it on principle no matter how easy it's claimed to be.
Having to do it at all is the hoop, and more than zero hoops is too many.
For sure, but it's a KYC for companies. How else would you expect B2B dealings and compliance to go through? They could do tax ids per country, but with DUNS, compared to local tax id, they get global ultimate beneficial owner as well as other insights. Getting a DUNS is free and relatively fast, unless you're in a hurry then there's a faster route that costs some relatively cheap amount. It's a common ID for global companies, especially those with international supply chains to rely on as "the id number" for companies.
Doing business is orthogonal to being a company, and depending on your country, some "company" forms are just VAT filing registrations for an individual itself with no independent legal status. What you normally call a company is something that behaves as an independent legal person.
However, it may be legally required to register a proper company if your yearly business volume exceed a certain value - check local rules - but it may also be perfectly fine to do business as an individual below that volume, in which case the legal entity is just you.
(The alternative to being a business in a transaction is being a consumer)
No, you didn't read that wrong. It does seem like intention is that individuals cannot publish (publish, not write) software for playstore if they cannot operate as a business; Individuals actually can operate as a business as a sole proprietorship aka soleprop which can and do have a DUNS number and is a legit way of doing business. Individuals without any sort of business entity attached to them do not get a DUNS number attached to them.
Doing business and registering a company (a separate legal person) are orthogonal concepts that are specific to local legislation. You can do business as a private individual, and various "company" forms in various countries are not actually companies but just VAT/financial registrations for the individual itself and have no legal status of its own. Whether you need to register a company form depends on local rules and may be subject to e.g. volume limits (e.g., okay below 10k USD annual).
The alternative to being s business in s transaction is being a consumer (as in B2C), and you're obviously not a consumer when publishing an app.
Going through hoops usually refer to an excessive effort.
Having to go through between zero (it you have needed the number before) and one free forms from a standard entity to get a widely recognized identifier used for many things is objectively not an excessive effort.
Sharing apps on app stores is a continuous commitment with various responsibilities like, such as ensuring safety of users through regular maintenance. If the idea if submitting one number is too much of a burden given the joy/finances you get out of it, then the rest of the maintenance responsibilities likely are too and maybe it's better to skip the publishing part.
Not sure what you're on about with corporate colonization. Colonizing implies forcefully taking what was rightfully someone elses. Also, in many places, making a company is just a form and standard practice even if you're just going to sell a single bogus app for 0.99 USD or whatever, so even individuals will be "corporations".
While I believe some of the (App|Play Store) requirements with DUN numbers and such are overkill and unnecessary, I also agree that there’s maybe a bit too much of a tendency for devs (commercial and indie alike) to take advantage of less restrictive means of distribution to “dump and run”, where they toss a binary over the wall and forget the project even exists for long stretches of time, even as bugs and vulnerabilities accumulate.
This worked alright in the 90s and to a more limited extent in the 2000s, but from the 2010s onward it’s become more and more untenable except for the most simplistic of software, especially when it comes to anything dealing with the internet or externally sourced files. Regular maintenance and updates are an unavoidable fact of life for devs.
So I’m kind of two minds here. Lower resistance/barrier to entry can be good in terms of encouraging participation, but it also inevitably means a lot more neglected projects sitting around rusting. If there’s no effort to control that, platforms can easily become filled with rusty half-functional apps. The way that Apple/Google are attempting to do this is not great however because it’s too oriented towards companies.
No they were set out in the contract you agreed to when publishing which has commitments and grants entirely orthogonal to your source license. Plus certain moral obligations to society.
Your license text is only capable of adding supplementary rights, and you're responsible for ensuring that your source license is fully compatible with the contract at time of publishing.
If you just want to dump stuff, leave it on GitHub.
I’m currently working with a startup that was just incorporated. We needed to join the Apple Developer Program to get APNS push certs to set up our MDM.
It took over five weeks to get our ADP membership approved, and that was with internal backchannels. We had to launch without MDM, all the laptops on mostly default settings.
These companies are making so much money from ads and rentseeking and IAP cancer that they have zero incentive to do anything else well. They know they have a monopoly position, so just like the public utilities charging you an extra $2 convenience fee to pay your bill, you’ll shut up and take it, because they are the only game in town.
You know it, and they know it, and they know you know it.
At least on Android you can install f-droid. On iOS they are the only game in town. There’s fuck-all that’s “insanely great” about not being able to install the programs you want to use (such as Fortnite).
It’s just how they choose to operate. It’s not a force of nature, it’s an engineered customer-hostile circumstance.
Apple weren’t always service-revenue shitheads, it’s a new thing. The company is nearly 50 years old, and for most of it they didn’t treat their customers and developers with contempt.
The linked source only mentions DUNS only being required for organization accounts, not individuals? And I've recently successfully created an account (albeit haven't published an app yet) without one?
The process for getting a DUNS number and getting it approved by Apple was such a nightmare. Even when I did everything correctly, I got flagged for some unspecified reason that required a bunch of extra back-and-forth. I didn't even want to list on the app store - just to allow other people to run some music-related code I wrote without getting stomped by Gatekeeper.
Uh huh, Google just blatantly requiring every app developer on the planet to register with some specific random company. Absolutely no corruption to see here, none at all.
This is the kind of shit why smartphone vendors can't be trusted with their own walled garden stores, the EU has not yet stomped them into mulch hard enough yet I see.
The irony of your comment thinking the EU is going to fight this.
The DUNS number is the European Commission standard for business identification; the choice of D&B isn’t random, it literally came from EU requirements.
Yeah, it's surprising how badly the EU as a government has fumbled the crucial job of business identification by outsourcing it to an American company.
And we keep wondering about why there are so few world changing companies coming out of Europe. Maybe they could start with one that handles business identification?
It's really shocking to me that the EU would demand people use a US corporation for something that really needs to be done by national governments. I think the corruption might be on our end in this case, time to write my MEP or whatever.
Publishing on the Play Store for indie devs or hobby projects just doesn’t make any sense.
You need to jump though so many hoops and doxx yourself in the process, only to make basically no money with the apps, and even if you miraculously do, risk getting kicked out of their platform without any way to contact a competent human.
Even before all this, the general consensus amongst solo app devs was that “don’t waste your time with Android”, now add about a hundred hour of bureaucracy to even get started with your first app, the choice is obvious for many.
I was a long time Android user and switched to iOS because the apps there are just better, I honestly think that Google of running the Android ecosystem into the ground and only the big players will want to go though this mess.
As a Flutter developer, it makes me want to switch to other technologies, because if Android loses its appeal, Flutter, another Google product, offers basically nothing. On web, it scks, on iOS SwiftUI will always have an advantage, Android as discussed is in steady and fast decline, and who the hell needs Flutter desktop apps that have poor integration with the operating system…
I expect Google will attempt something highly amusing, like launching the Play Store on iOS in the EU, with the apps running via a port of the VM (and libraries) to iOS.
No real comment on mobile, but I disagree with your take on Flutter web. I've deployed a moderately complex Flutter web app (SPA) and have been pleasantly surprised at every turn with how capable it is, from performance to complexity management to testing. And the flexibility to produce an AOT-compiled desktop app from the same codebase, should I choose, is nice to have.
I do both lol. Flutter is fun to play with and vibes very well with AI. But as a day job, things like dependencies, animations, design systems, and super customized things like Xiaomi are the bane of my day.
What exactly is the advantage of Swift UI over Flutter? Maybe it's slightly more efficient since Flutter does its own rendering, but in my experience I've never run into issues with performance.
And I think everything should be web apps anyway (ideally PWAs), but I like that Flutter lets you produce a desktop app from your mobile app with very little effort. Even without any special "integration" with the OS, it's better than packaging a web app in Electron, right?
Our app is written in SwiftUI because of the ease between iOS, iPadOS, macOS and Apple Vision. There is just minimal configs to make it work between them. I don't this can be done with any cross-platforms.
Flutter doesn't really need any special configs either. Going by platforms, I think most developers would rather target Windows + Android + Linux over Apple Vision.
I've been hemming and hawing over whether to explore new PWA tech or catch back up on Flutter/Android with a current small-scale personal project... Sounds like I'm going PWA. This seems too onerous for any non-corporate developer.
Ugh I'm so fucking fed up with the Play Store and Admob, and how they have no meaningful recourse for solving issues or providing support. It makes me feel hopeless and helpless knowing I have little options outside of relying on them (don't have any apple devices to test on or build my app) and knowing they could give two shits. Especially seeing that their contact options for Admob have been broken for years now and they refuse to fix it or provide actual help. And there seems like there's no way to get them to budge, like even through our reps.
For me the really unreasonable change was the app testing requirements on non-corporate developers. Having to get 20 users to beta test an unlisted Android app for two weeks before getting it on the store is not a reasonable thing to require for hobby projects. I'm not sure I even know 20 Android users well enough that I'd feel comfortable asking for that level of engagement from them.
It's a particularly bad policy to launch with existing developers grandfathered out, because the policy probably looks really successful to start with due to the difference in new developer vs. old developer populations -- the entities who are right now making most of the quality apps aren't affected. What's being affected is the pipeline of new developers, but the effect of killing that pipeline won't become obvious for years.
When making LearnTheWords[1] I had to wait 6 weeks for approval from Google. They weren't happy with how I documented what this testing process was like. I had to wait 3 rounds of 2 weeks between submissions, writing ever more kafkaesque descriptions of the insights i gleaned from the definitely-not-paid-for test users that i'd required.
I wasn't expecting it to be easier to launch on iOS than Android, but here we are.
It's crazy to have to pay someone to do this, particularly because Google don't want you to use paid testers.
The idea was to stop spammy apps, i believe. But they've really thrown the baby out with the bathwater here, making it really hard for small-scale innovation.
> One factor Google didn’t cite was the new trader status rule enforced by the EU as of this February, which began requiring developers to share their names and addresses in the app’s listing.
I'm usually very supportive of EU tech regulation, but to be honest I don't really want to put my name and address up on apps I throw up on the store
Would like to keep my identity separate to whatever projects I have usually, especially if they're ones that don't 100% align with the your own developer brand that employers might screen for
I have the same mentality as you. But, rather than form an opinion on whatever EU regulation is being interpreted as "requiring" these steps from Google et al, I think I'm going to assert that it's a red herring.
The real issue, IMO, is that it's still too hard to distribute and install applications on my general-purpose computing devices! You can't be on Google's app store if you aren't a "real business" with a physical address and everything? Fine. Let's just distribute our apps on F-Droid, or by just releasing APKs in our GitHub pages, etc.
At least that's still possible with Android. But who knows how much longer they'll even allow that?
Yeah, if you have a market that can be installed by the user without passing through a marketplace. The EU regulation gets blamed, but that's not the actual issue.
From what I can tell, this all should apply only to monetized apps (and I agree with that). If that's not actually the case, Google is using malicious compliance to misguide developers into hating the EU for daring to regulate them.
That's probably where F-Droid is a better choice in the first place ?
Google Play (and the App store) assume by default commercial intent, and I'm sympathetic to stricter verification rules when there's money changing hands.
> I don't really want to put my name and address up on apps I throw up on the store
As a customer I really want the ability to sue someone who does me wrong, call them out publicly, or at least avoid their products. In no way is it reasonable that someone should want to stay anonymous while selling me something (or profiting off of it in one way or another). I really don't see a reason to make an exception for people who have free+offline+etc apps.
You're publishing software, you need to be identifiable.
Agreed. My 3 free apps, one with +100k downloads were also removed because of the EU ruling. Don't want my personal address and phone number to be more accessible to bad actors more than it already is. While I can somewhat follow the idea, the execution in practice has serious flaws.
Almost the same here until they let us verify by document. Can't receive texts to our support number, and also can't get the verification code by phone since there is a "Press 1 for ___" thing at the beginning of the call.
This effectively kills apps that are made by individuals or very small businesses that can't afford an office.
It's kind of incredible how the EU makes changes like this and then politicians scratch their heads about the weakness of European tech. You would think that the politicians would give some thought to that and make it easier/cheaper to fulfill these requirements, but nope. Either pay up for a company (hundreds of euros) and an office (hundreds of euros) or just have your information publicly available.
And when that information becomes publicly available you will be inundated with spam.
On top of that some services will then take Google street view pictures of your home and link all of that information together in an easily searchable database.
Doesn't Steam do the same thing? And even registering a company in (some) EU countries has effectively the same address requirement where a PO box is not allowed.
Also, when I said "changes like this" I mean changes in general where there seems to be no analysis on the knock-on effects of a policy change causes.
Another example from the EU was their VAT change they did some years ago. On the surface it was a decent change, because it made multinationals pay VAT in the countries of the buyers, but it had the downside that it drowned small and micro businesses in so much paperwork that a lot of them shut down or stopped serving customers in other EU countries.
Why? Because they forgot to add a minimum threshold for when these VAT rules apply. Something that most EU countries have. Imagine you start selling 3D models, your revenue is €500 in a year and for this money you're expected to file with 27 different tax authorities who all deal mainly in a different language. Is the €10 sale worth dealing with the Latvian tax authority?
It took the EU about 5-6 years to finally fix this by introducing a €10,000 exemption.
> registering a company in (some) EU countries has effectively the same address requirement where a PO box is not allowed.
Justifying rules for a private virtual marketplace as being as strict as how the government handles registrations is going overboard IMHO. That's like arguing that Supermarkets are fine fingeprinting customers when emiting loyalty cards because the host country also fingeprints people when emiting passports. They're not the same thing.
> It took the EU about 5-6 years to finally fix this by introducing a €10,000 exemption.
Wasn't the rule introduced in 2021 ? Getting a fix applied within a few years is actually not bad for an international governing entity IMHO.
On the other side, Stripe Tax also launched in 2021, so small businesses had that as a solution if it wasn't worth their time dealing with each countries individually.
Sure the rules could have been optimized from the start, but it doesn't sound half as bad as you make it sound to me (albeit I'm not an expert in any of this)
Well, if it's easier for Google to require it of everyone instead of a subset (and less risky if they should happen to miss someone who's not a "trader"), then it is entirely reasonable to blame it on the EU.
Before the rule was put in place by the EU, Google didn't require it; after they did. I'm sure Google didn't go through the design, development, testing, compliance and legal analysis of deploying this requirement for the fun of it.
Apparently you can use a P.O. Box as address for this purpose[0] when registering for AppStore, which is substantially cheaper. However, Reddit says Google does not accept P.O. Boxes [1], so the only option is a "virtual" office address or something like that. A shame.
My app’s organization is outside the “west”. So in order to complete verification with Google I had to pay some subcontractor of Dunn&Bradstreet almost $500 to get the DUNS. Then I had to get an original certified copy of the organization’s registration from the national registry. Then have an official notarized translation to English and get all that apostilled (another $500 through a service).
Also, Google support refused to tell me what set of documents they would accept. I had to figure it out myself.
Yeah, I dropped my apps from Play, couldn't find a way to avoid putting my personal address on there.. fuck that, I'm making something for free, and they force me to dox myself for it? Nah, I'm good.
Google decided to make it worse than it needed. Those EU regulations are only applicable if your app makes money via IAP or subscriptions. If you are providing a free app, nothing changed, but Google decided that everyone must follow it. That is true even if you choose to not display ads (so at no point Google will send you money).
We also saw established apps like iA Writer decide to get off the treadmill.
> In order to allow our users to access their Google Drive on their phones we had to rewrite privacy statements, update documents, and pass a series of security checks, all while facing a barrage of new, ever-shifting requirements.
Sounds like there are a range of reasons, but the bigger picture explanation is : Google no longer cares about incentivizing apps to be on the store.
The mobile OS wars are over: every company and dev that wants to do anything is locked into having to provide an Android and iOS app no matter how difficult it is, so all the incentives are for Apple / Google to insulate themselves from risk now by raising the bar on devs.
We need to start exercising the minimal rights / capabilities to ship alternative app stores on these platforms. Easier said than done.
I dunno, many developers already choose to ignore android entirely because it's less profitable. Raising the bar will only encourage that. At least for me the dox your own address + onerous testing requirements make android extremely unappealing
I guess I could publish on fdroid but why bother? The android platform clearly doesn't care about me.
Web APIs are also more capable than ever before and can be added as icons on the home page. For an individual developer, you are probably better off just doing a web app.
Android already has many alternative app store. I believe there is nothing currently for paid app (beside OEM store like galaxy store or Huawei) but if there is a need it's absolutely possible to do.
Apple side on the other hand, good luck with that. Even in Europe they made the rules so strict the third party app store are basically dead.
Technology was supposed to get rid of most of bureaucracy and move the World towards automation. These FAANG companies have instead successfully integrated bureaucracy with technology and have made bureaucracy permanent. Instead of automating away bureaucracy these companies have automated away customer service.
It is a serious mistake to think that technology can remove bureaucracy. Indeed, technology by its nature makes bureaucracy a lot more rigid. Bureaucracy is about homogenising processes and erasing individual differences, and software reinforces these properties because it allows even less human input or deviation from the process. (That isn't true of all software, just software that is intended to somehow deal with large numbers of people uniformly.)
When I said remove bureaucracy I meant remove bureaucracy from people's lives. Obviously it will exist behind the curtains. I agree with you that software reinforces bureaucratic properties and it should. That is what it was supposed to do. But technology failed when it comes to rectification of any deviations in bureaucratic processes.
For example, assume you are submitting a form and the address is incorrect/not matching exactly what is stored in the database; software should (rightly) flag it and have a human review it and do the necessary correction. Instead we have the worst of both worlds, where the software flags the problem but there is no human in the loop anymore. Even the human is automated out. So the problem is never fixed. Instead, the customer/client who is interacting with the software is indirectly made aware of the internal bureaucratic process but has no recourse.
The lazy response to any new risk or problem is to just layer on new rules and processes. Large organizations always end up with those things defining their workplace culture (risk aversion, checkbox culture) and that worldview filters down to the decisions which impact customers.
I miss the freewheeling days of Android apps. You'd find all kinds of apps made by solo devs as a labor of love. Later, Google largely killed those apps by severely downranking them in the play store algorithm, and made searching in the play store "we'll show you what we want to show you, the filters do nothing", but you could still install a secondary app store in CyanogenMod and find those weird and fun apps. Is there any of this left? I've heard that the secondary app stores have fallen into disrepair.
F-Droid is what you want. You can find all manners of apps - libre replacements for all your stock system apps, alternate launchers, games, clients for your favorite desktop apps (ex: mpv), and even a proper terminal emulator - complete with a package manager.
I don't remember who wrote the report, but a recent games industry report made its way to my desk, and it stated that considerably more games were removed from mobile stores than added over the last few quarters.
I think that could be due to some uncertainty in the market about the future of mobile gaming. Mobile AAA never caught on, and the industry tried it with CoD, Civilization, Mario, Fortnite, Resident Evil, GTA, Assassin's Creed, and others. Only Pokémon Go and Genshin were exceptions on the AAA side due to strong mechanics (Pokémon: ARG appeal, Genshin: gacha profits).
Meanwhile, the small-budget side has become extremely overcrowded by trash-level asset flips, gachas, and ads with vague game elements. Many genuinely talented game developers are asking, "Does my game fit in the mobile markets?" and concluding that the answer is probably closer to no than a yes.
Maybe this is just the natural life cycle of the stores. Moderation doesn't keep up with use, leading to disappointed users and abandonment. Do you remember when we used to check the App Store occasionally for new fun apps during the iPhone 4/4S era? We'd get like an accelerometer app that turns a phone into a silly beer pint, and it'd be quite clever and novel. Or we'd download pedometers, and that was quite a novel and smart tool to track exercise. All because they were promoted on the stores. That's a distant memory for me; I only go to the stores to download the things I already know I need, they have turned into package managers for me.
> Instead of only banning broken apps that crashed, wouldn’t install, or run properly, the company said it would begin banning apps that demonstrated “limited functionality and content.” That included static apps without app-specific features, such as text-only apps or PDF-file apps. It also included apps that provided little content, like those that only offered a single wallpaper. Additionally, Google banned apps that were designed to do nothing or have no function, which may have been tests or other abandoned developer efforts.
Sounds like it was a purge of zero value apps. Why was Google allowing these legions of unusable and/or garbage apps in their store in the first place? Someone padding their numbers?
Because we want people to be able to create trash apps and publish them.
Just like we want people to create trash blogs and trash websites so they can learn or just express themselves.
Having 3rd world devs making more todo apps is not optimal but they should be able to do that and publish them.
Preventing all of that also prevents good small time community apps because suddenly you have to pay money and can’t just do nice app for local communities.
> Because we want people to be able to create trash apps and publish them.
That's a moot point, though, since you don't need Google's app store to publish apps. You can just send whatever random APK you throw together to your friend, post them on your web site, etc. There's no reason to turn the Play Store into a dumpster.
If anything the fact that you can sideload on Android and install alternative stores means the Play Store should be at least as selective as Apple's store, if not more so, since failure to meet that store's standards doesn't mean the app can't be distributed elsewhere.
You need to if you want people to be able to discover your application or receive updates automatically (or with a single click) instead of having to reimplement the wheel with an update checker in your application, as well as logic to limit what countries/markets and devices you serve.
Especially when you consider the hassle for the average user of going into Chrome, downloading your APK, accepting the big scary messages that "the application comes from an untrusted source" and "sideloading applications can be dangerous" and then installing it. People barely even like going into Google Play to download stuff.
If your app is so low effort that even the off brand app stores don't want to host it, I'm going to guess that you're probably also not overly concerned about sending your users automatic updates anyway.
> People barely even like going into Google Play to download stuff.
This might have something to do with the lack of curation, though. Hence, losing a bunch of apps is actually beneficial to the ecosystem. As that snippet was pointing out, lots of these apps were just basic wrappers for text/pdf, which is is what the web and/or built-in media viewer apps are for.
"Trash apps" and "more todo apps" isn't what this rule is preventing. It's preventing "apps" that are essentially just a viewer for a built in static text, PDF or image file. Which can and should be replaced by a text, PDF or image file, or a web site.
Not at all - it is preventing people not having a company from uploading their apps.
If you setup a company you still will be able to publish crap apps, it might not be profitable as it was before due to bureaucracy overhead - but the same for people who want to make useful apps but don’t want burden of setting up company.
Meh... That website might not be available in offline mode. I may want 5 PDFs in an app because it's still easier to find the app than it is to search through 'files' on a device that wasn't designed for managing files.
Well PlayStation, Nintendo, etc don't just let anyone publish anything. I see no reason to force them to lower their standards for trash shovelware. As long as you can still sideload apps, it's their store and they can set their own standards.
One could assume that the previous priority was "grow the app catalog through the use of a permissive listing model," and it's changed to "improve the quality of the app catalog by being more selective about who and what is allowed to be listed."
Good, I hope it dies off and we get to a state of decentralized app distribution just like PCs have. App stores suck, I don't need Google of all companies knowing every single one of the apps I have on my phone
What would actually happen in that case is exodus towards App Store which I'll not be happy about. For all its issues, I vastly prefer the flexibility of Android over the walled-garden and would hate to leave it.
Nowadays I only install games, or apps for services where I can't do otherwise.
The time for "there is an app for that" is long gone, and the push for developers to artificially update their apps for whatever was presented as great Google IO innovation, or be out of the store, can only lead to outcomes like this.
I imagine that the numbers on Appstore aren't much different.
The store has flags indicating whether an app uses in-app purchases or ads, and knows the file size of apps (which is a good proxy of how much data-collecting bloatware is inside).
It doesn't let you easily see the size before installing and doesn't let you search by any of these criteria. So if you wanted to publish a high quality, free, ad-free app, you would immediately be crowded out by the apps that can spend money on ads and SEO because they're full of crap, and your potential users have no chance of finding your app.
Given how easy this would be to implement, it seems obvious that this is an intentional, user-hostile choice because Google doesn't profit off these apps.
I don't get the new D-U-N-S number requirement. Actual scammers can easily jump through the hoops. It's the small independent devs that won't bother with the bureaucracy, especially those that do it for free.
I’ve read through the comments here, and something most people here don’t get is the importance of App Stores for discoverability. The first thing non-developers think when you tell them “download xyz app” is to open the App/Play Store and search there. If your stuff isn’t there it just doesn’t exist.
That’s specially true for 3rd-world countries (I can only speak about Brazil, but my guess India would be pretty similar), where for a long while obtaining apps was a dice roll if you’d get a malware or not. Eventually the Play Store made it safer, but also created a group memory of “stuff outside Play Store is cut-and-dry unsafe”. In the circles I have access, people would hesitate to even open your website if you tell them to, but saying “my app is on the Play Store” makes it instantly “safe” in their minds.
I’m still in the process of bringing my App to the Play Store (after being on Apple’s for 3 months now), and honestly catering to Android with the new rules has been the biggest regret in my 20-year career so far. Yet, there is no alternative, because every time I tell people about my project, they always come back saying “I couldn’t find it” when the project name is literally a domain name.
Google didnt let me keep my developer account because I couldnt verify address. The only ways they accept address is with bills that are not in my name so I couldnt verify my address. It's ridiculous given that I have an android phone a gmail account and they know where I live based on location data.
I cannot remember the last time I downloaded and installed an app from the Play Store (it must have been several years ago). Instead I have been getting apps from GitHub, F-Droid or the developer’s website.
As others have noted this is basically security theater because many legitimate apps are being removed and many spammy apps are staying up.
I work at a company that created some whitelabel apps for some popular brands and recently the apps have been taken down for "impersonation" despite the fact that we presented all the necessary paperwork mutliple times before (documents signed by the legal owners of the trademarks).
This supposed "cleanup" operation of the Play Store is just a very sloppy attempt by Google, a company that should be able to do better given the its size and resources.
This is phrased like a bad thing, but it’s actually a good thing. I’m an iOS user and I can tell you Apple is not doing a good job keeping the App Store free of scams. I’m guessing Google is doing a much better job and this is the result
I’m an iOS user and I can tell you Apple is not doing a good job keeping the App Store free of scams.
No App Store is going to be 100% free of scams.
In my experience of having downloaded several hundred iOS apps over the years, it’s pretty difficult for most people to download a scam app unless a user is specifically trying to download free, fringe apps from developers you’ve never heard of.
But if you’re interested in mainstream apps that address real issues by developers who are attempting to make excellent apps that take advantage of Apple’s technology and ecosystem, the quality of iOS apps has never been better.
I just checked—the revenue of the App Store was over $100 billion dollars in FY 2024. That says to me customers are finding useful apps they’ll willing to subscribe to.
> That says to me customers are finding useful apps they’ll willing to subscribe to.
My kingdom to hear Microsoft argue that in the IE case.
"Yes, we're obviating serious competition and deliberately hamstringing our competitors. But just look at how large the Internet Explorer install-base is! Clearly users are deriving value from our browser. Also it stops viruses or something."
I've starting using less and less apps as the years go by. No more facebook, insta, twitter, tic toc. A lot of very useful apps like a calculator, flashlight, magnifyer, all that stuff is stock.
Unfortunately, buying basic things requires an app now. Paying off my credit card and house requires an app. Getting a "taxi" needs to be done by app. School updates for tomorrow's homework go through Telegram, telling the teachers to send my daughter down from class requires WhatsApp. Whitelisting visitors to come in requires a security management app.
I have an autogate that can't be opened manually. It came with a remote, but only one, so we use an app to open the gate. My door has a fingerprint sensor that malfunctions when it's humid. So I need to open my front door with an app and because it's a free app, I have to watch an ad to open my front door.
What is the alternative though? Do I boycott it? Buy my games from Epic Store, book taxis while I'm on the train, ignore messages from teachers, and do all my banking from ATMs? Apps are still more convenient and cheaper.
It's not the same company as the one that made the door. To be fair, the door is a one time purchase and they shouldn't have to maintain it, so it's all done with a third party app. The hardware is solid, it's just the software that's a bit dodgy.
The lock can be opened with fingerprint or NFC tag, but it freezes after 3 tries. The master key is a physical key or the app. I didn't get a fingerprint door to use keys, and the keyhole is also at a weird angle from beneath the door. So the app it is.
It sounds ridiculous but I need apps for everything anyway, thanks to 2FA. I can't even log in to work without an app.
Can you not just install an android app from a website? I always thought that was part of the attraction of Android - you could install without an app store requirement like ios. Actually.... I seem to remember building a couple android apps and just linking from a website but... that was... 8(!) years ago. Is that still a thing? Was it ever, or did I just misremember that?
1. It's disabled by default. You have to dig around in your phone's settings to enable APK installations, and APK installations through the specific app you prompted the installer from. And if the developer hasn't updated the app for recent versions of Android, Google will throw up a antivirus-esque "warning this app is unsafe blah blah" prompt.
2. You can't automatically update an app if you manually installed it through an APK. There are apps that can kind of do this (automatically download APK from source website on new release, notify user). But that's clunky and not suitable unless your audience is FOSS-land. Oh, and the user still has to manually click the install button for each app they update this way. No silent updates unless you're rooted.
This makes the distribution of apks through your own processes wholly unviable unless your app is mandatory for your users (I. E for work/school), or your user base is Android FOSS enthusiasts - who probably prefer that you use F-Droid (3rd party FOSS appstore) anyways
> It's disabled by default. You have to dig around in your phone's settings to enable APK installations
At least since the time that the "install apps from unknown sources" permission was migrated from a global toggle to an app-specific permission (maybe even before that?), the dialogue that pops up to tell you that installation has been blocked has a button for directly taking you to the correct settings screen for toggling the permission, so it's just two extra taps.
Sure, at scale even that will confuse/scare off some users, but it's not insurmountable and nowhere near as obscure as having "to dig around in your phone's settings" – just two extra taps and you're good to go (unless your phone manufacturer has made things more complicated there, which does remain a possibility).
Thanks. I've asked people to do testing like this, and with limited people it was manageable. And the last android app I did was internal to a company with maybe 15 users. Getting people to do install/update was ... manageable, just.
I don't know if it's related, but I recently started using apps from f-droid. Maybe I should have done that much earlier, but necessity forced ky hand. I just can't find good apps on the Play Store anymore. Everything is enshittified. Even simple SMS apps have ads and in-app purchases. For what!?
Actually, F-Droid has quite strict requirements on the apps it will accept, and it enforces them.
Low-effort spammy apps with ads and in-app purchases are unlikely to be accepted.
Standard Android in-app purchases, efficient notifications, or ads which use Google services, won't be accepted at all, though FLOSS versions of those things are ok in principle.
> All applications in the repository must be Free, Libre and Open Source Software (FLOSS) – for example, released under a GPL or Apache license.
> Every effort is made to verify that this is actually the case, both by visual inspection of the source, and by building the application from the published source.
> We cannot build apps using Google’s proprietary “Play Services”.
> We cannot build apps using proprietary tracking/analytic dependencies like Crashlytics and Firebase.
> We cannot build apps using proprietary ad libraries.
> The source code for the application must be maintained in a publicly accessible Version Control System which we have support for
> The original app author has been notified (and does not oppose the inclusion).
How very American that the requirement to register is to obtain a private fee for service business identification, not some kind of institutionalised public interest registry.
Yes. It's totally bizarre that a formalised business identity is held in a commercial enterprise, not some kind of not for profit mutuality or a state enterprise.
Who requires them to do it isn't the point, what Google decided is the formalism to meet EU requirements is the point.
Here is a european collated list of worldwide business registries. The Australian one is a gov.au. the US one is the SEC not D&B
The SEC is not a registry of all businesses in the US. The SEC concerns itself with business that sell shares to the public; this would not cover (for example) a single-member LLC that a software developer might use.
In the US, businesses are chartered and registered by the states, not the Federal government. There is no Federal equivalent to the UK's Companies House.
The real issue here isn't what the app store sets as requirements. It's that the users can't avoid it to get the applications (or doing so it too confusing).
Apple have been forced by EU to allow the web and PWA's to work on iOS, so there is no longer a need to make natives apps for both Android and iOS anymore, u can just make a PWA.
Google has always been hostile towards indiedevs but they have become complete garbage. They do things like removing apps because they have "banned" keywords in the naming. Apps that been around for +5 years. Or you have to comply to some new bs. Or they tried to force you to use Google pay and so on.
Google play has always been totally corrupt. But it is even worse today. The amount of trash spreading through their own programs is massive and then they are banning apps that does not even claim any permissions.
As always with Google, money talks. If you are a small corp you are pretty much screwed. If you are a big client Google will call you and tell you how they fixed your issues before you even knew about them. I really hate working with Google and hope they get split up and destroyed in the anti-trust case. (Yeah, I know the corp is named Alphabet)
Depressingly true. Also the Google Play changes that require indie devs (if they have an LLC/business) must have their address publicly listed. For many of them (us) that's our home address. I'm not at all a fan of having my house's address publically available, especially since some of my apps are for local events.
There is no scenario in which having my address public benefits me. Zero. Only downsides.
I don't make apps that are controversial but there are a lot of less-than-sane people out there.
Why? Everyone says this but I don’t understand why I need to pay someone to get mail for me.
It makes sense if you incorporated in a different state but I created my LLC in my home state, though the “One Stop Business Portal” (it actually was very easy). Contrast that with when I created a Delaware LLC for a previous startup which cost a couple hundred to get started and 100-200/year in fees.
As for the ipostal1 I’m concerned about the address not looking legit (I don’t know what one of their addresses look like and/or if they will be banned/rejected). On top of that I don’t want to pay $15/mo for the ~10 letters I get a year for my business. See also: checks I need to deposit, not sure how that works.
LLCs / agent: to keep your address private. In most states LLC-associated addresses are a matter of public record. So if you care about privacy / crazies, app stores are far from the only place that lists that address.
ipostal1: It's basically a software layer over stores that offer various services.
I've had no problems with the address. Most places offer a check deposit service.
this is also true for scammers. Their objective is to get through the machine, not construct things of value.
It's an endemic property of con-artists and these systems.
They're often designed poorly.
How many times have you had to be dishonest to jump through hoops and get something honestly done? At my last job, their receipt checking system for recomp was terrible. We had to create receipt forgeries with the proper values that were formatted in the way the system wanted because it only accepted forgeries.
It would be like a vending machine that only accepted crisp pristine flawless money so you had to feed it with counterfeits out of necessity.
Anyway, don't design these systems wrong otherwise perversity thesis in full effect.
Good riddance! Apps (in general, there are many exceptions) are a slimy way to put your idea into the world. The vast majority of apps can simply be a website with zero loss of function. If you're not doing something special with my phone hardware, I'm absolutely not downloading your app.
This is because they removed any app from any individual-human developer who didn't care to jump through the hoops of getting and submitting a DUNS number: https://android-developers.googleblog.com/2023/07/boosting-t...
“On August 31, we’ll start rolling out these requirements for anyone creating new Play Console developer accounts. In October, we’ll share more information with existing developers about how to update and verify existing accounts.”
Source: happened to me and all of my apps despite them being Free Software and offline-only. Here's one of the emails they sent me about it: https://i.imgur.com/dVzQj2p.jpeg
Notice how they open with “Hi Developers at [my first and last name]” – developers, plural, and “at” like they only expect me to be a company and not a single person.
The DUNS number thing is such a disaster even for companies with it. We had a the account under a DUNS of a subsidiary but somehow they wanted us to upload verification docs for the main company, of course not matching exactly how they expect, and there is no way to change it without jumping through a bunch of hoops. Similar issues at Apple. Eventually they let us verify the account with "company letterhead" as if that proves anything (despite them insisting the letterhead needs to say dev@company.com instead of support@company.com, again proving nothing really)
For both Apple and Google it's one of those processes where the support doesn't even really seem to understand how it works (they probably don't know what automated emails are being sent, and what the dev side looks like). They would randomly close cases for "no response" immediately after they replied, ask us to upload something despite their being no way to upload it, tell us to ignore the "your account will be closed email" because it actually won't be (wrong again), etc.
DUNS own lookup page doesn't even let you look up by DUNS number (so we could figure out what company some ancient number was associated with). I bet it's because you have to pay for one of their "solutions" to do this.
It seems like to Google, "customers" will only ever be anonymous data points in an A/B test.
They would have gone down quickly if they hadn't "borrowed" Overture's business model of paid ads.
They have no culture of valuing the customers, or (like Amazon) obsessing about what they need.
Apple is at least slightly different: hardware customers and high-value employees are treated okay from what I hear, but devs are left alone.
Indie developers bring both Apple and Google a lot of revenue indirectly, but they don't really have much of a lobby (maybe they should unionize/hire a lobby firm together).
You'd think a well running A/B system would not be seeing 47% declines in a yoy basis
Why would # of app submissions to be what they test on? It’s revenue to Google. Wouldn’t surprise me if many of the apps that stopped appearing were free apps. Why junk through 20 hoops to make no money?
Indie developer lobby is a great idea
Probably something more like a trade organization/association would be better. Like the Dairy Farmers Association. Which may or may not hire lobbyists.
Indie developers are a nothing burger for Apple. It came out in the Epic trial that over 90% of App Store revenue comes from the major game companies with pay to win games and loot boxes.
If there weren't a bunch of good, free indie apps, though, people might not want to own the phone at all.
That sounds like pure hopium to me, honestly.
I get where you're coming from and I find it just as bad how individual devs are being treated - but talk with some of your family members and non-tech friends about what they've got installed on their phones... And what they'd miss if it got removed.
It's gonna be
Most if them will not even have a single app installed that can remotely be categorized as indie developed.There are countless indie devs around that make great games etc - they're just not being discovered by normal people.
Following the money insinuates that is by design, but there is no proof for that... Only circumstantial evidence like the previously mentioned statistic of app store revenue and the way they treat individuals. But still no conclusive proof and both can be argued to be coincidences (i.e. because of low user count they don't consider them important to their platform, hence low visibility in store etc)
Personally, I find it highly suspect that the app/play store so heavily favors apps/games that are borderline user-hostile. Especially if I look to probably the only mainstream store that's looks pretty neutral to me: Steam.
Here your often get 1-4 dev projects hitting the charts. It makes you wonder if the same would happen if Valve became just as profit oriented and started to siphon money via in-app/game purchases too
How long has Windows been declining and yet it's still there?
Besides gamers, statistically consumers who can afford to buy Macs do. The higher your income, the more likely you are to buy Macs.
People buy Windows computers because of price. Both Microsoft and the OEMs would love to capture more of the high end market.
Validation issues happen all the time for subsidiaries when the parent company likes to own/manage things. Always fun when e.g. EV certificate validation (sigh windows update stuff) calls the parent company reception and asks for the manager listed as owner, and they just go "who?".
The One Weird Trick I learned was to to get a company attorney to write a professional opinion letter saying that you are indeed authorized to get a cert on behalf of your company.
Incredible experience with this: our App Store account was from an acquired company that was no longer doing business. The Apple representative requested documentation that the no longer in use LLC was in fact, no longer in use.
When I requested what documents they might think a defunct LLC was creating that would prove it was defunct, they didn't have an answer. Same as others we ended up just making a new fucking developer account.
Hell of a first project as a team lead.
Same issue but we actually got the account assigned to the new company, but I think the DUNS was still the old company so any time they require verification (e.g. for trader status), the account is stuck in some weird state that is halfway between two companies.
When I’ve closed down an LLC, I’ve received a document from the Secretary of State certifying such.
Yeah, DUNS numbers are super easy IME for companies to get, but its hell after that. We had some crazy problems with the App Store where our legal address with DUNS didn't match what we provided Apple, even though we had updated it with D&B, but Apple's systems weren't pulling in that update, Apple told us to talk to D&B, D&B told us to talk to Apple... we ended up literally just making a new corporation and starting from scratch.
The last time I dealt with that they were still updating DUNS batch data via an FTP
If it's secure and frequent, e.g. daily, I'd think that approach is good enough.
FTP is not secure.
And when companies say they use FTP to exchange data, they don't tend to mean SFTP. They really do mean FTP.
Ah the specter of EDI!
I first encountered Electronic Data Interchange in the early 90's. The small shop I worked for at the time had no idea and just wanted to make the parts they quoted and send them when done.
The EDI request came in a box, with external modem, a paper with phone number and directions and then a smaller box with PROGRESS database software for MSDOS in side and a handful of disks containing the EDI system.
Good lord that was painful! I just plowed through it and all that pain completed a check box at Honeywell, who then sent us jobs electronically!
Yes, via FTP.
The CAD they were sending was Computer Vision and it was a full on solid model representation! At the time we were running CAD from the early enlightenment, CADKEY 3.5 for MSDOS!
Our best micro computer lacked the storage to handle the uncompressed file, which arrived on another handful of floppies that formed a multi part. Zip file, which uncompressed totaled about 40 megabytes and change! Entire systems only had 20!
The CAD system failed to translate the data too. 16bit pointers lacked the range needed. They had me fetch a patch a day or two later and it took a few hours to do.
300 kilobytes of wireframe CAD, and the parts we made were basically 5 percent of that data!
Crazy times!
I remember the nightmare days where I refer to my 3-inch bound EDI specs all the time while implementing EDI validation
> FTP is not secure.
FTP can be as secure as any other protocol. Enabling encryption on the server side is generally as simple as installing a certificate and turning on an option. And most FTP clients will default to using encryption if it is available; for the clients that don’t do that, it’s just another server option to require clients to use encryption.
> And when companies say they use FTP to exchange data, they don't tend to mean SFTP. They really do mean FTP.
Because SFTP is a different and entirely unrelated protocol. The encrypted version of FTP is sometimes known as FTPS, but it’s really just a variant of FTP. So it would be inaccurate to call it SFTP, but referring to it as simply FTP doesn’t imply a lack of security.
FTPS is not secure.
The AUTH command is generally sent before encryption of the connection is made.
Its also vulnerable to a huge swathe of timing and weak hash attacks.
But... When I said FTP, I meant FTP. I meant neither SFTP nor FTPS.
> The AUTH command is generally sent before encryption of the connection is made.
So…? What is the danger of negotiating an encryption protocol over plaintext? No credentials or sensitive information are sent via the AUTH command, and a server that disallows unencrypted connections will simply refuse to go any further with a client that doesn’t support encryption.
> It’s also vulnerable to a huge swathe of timing and weak hash attacks.
Gonna need a source on that. And even if such attacks potentially exist, in the use case you mentioned above I’m still not seeing how encryption combined with, for example, IP whitelisting can’t effectively be as secure as anything else you could use.
I mean, if they’re really not using encryption then yeah, that’s stupid and all bets are off. But there’s nothing inherently insecure about the FTP protocol.
Negotiation over plaintext is a vulnerability, yes.
Neither side of the pipe is secured, so absolutely everyone inbetween is a MITM waiting to happen. Someone else can negotiate what encryption gets used. Such as the still supported MD5 signing-only.
Which also means your IP whitelisting does bupkus, unless you trust every single interchange of your, and your clients, telcos.
It’s only a vulnerability if you’re using vulnerable encryption methods, at which point you’ve already introduced a vulnerability. You could make the exact same argument about STARTTLS vs implicit TLS, but it’s generally understood that, as long as the only allowable protocols are themselves secure, there is no difference in security between the two.
No, the negotiation is in plaintext. You don't get to choose whether or not you use a vulnerable encryption method.
That same problem in STARTTLS is how we ended up with CVE-2011-0411.
> The TLS protocol encrypts communication and protects it against modification by other parties. This protection exists only if a) software is free of flaws, and b) clients verify the server's TLS certificate, so that there can be no "man in the middle" (servers usually don't verify client certificates).
There's no certificate verification in FTPS - it's too early - so you're screwed. [1]
FTPS is the vulnerable encryption method. It's the reason that SFTP is recommended, and FTPS is not. [2]
[0] http://www.postfix.org/CVE-2011-0411.html
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5361
[2] https://www.spiceworks.com/tech/networking/articles/sftp-vs-...
FTP can absolutely be secure. But it doesn't need to be if the transferred data is.
These links tend to be important, and it's not uncommon to see both rented wavelengths and VPNs being used. And out of band key exchanges.
No knowledge about this specific situation however.
That's still a common way for businesses to exchange information with each other
It’s insane to me that this whole system is handled by one company. It’s a ridiculous point of failure
This happens to Google Cloud partners all the time, too, when there are acquisitions, mergers, or DBAs where the legal business entity changes even though the practical relationship stays the same (with the same people, same contact details, same billing/payment accounts, same contract terms, etc). It's extremely irritating.
yeah for real, if you have a holding company for the one asset, the app, these stores make it a nightmare to manage some normal best practices
Both Apple and Google need to be regulated. Their vice grip on app distribution, app defaults, search defaults, payments defaults, user credential saving defaults, messaging defaults, browser defaults, and then their brutal taxation of almost all web e-commerce and businesses is beyond the scale of whatever Standard Oil had.
You cannot do business on the Internet without paying the Apple and Google toll. They control all the points of ingress and egress, and they tax everything that moves.
It'd be bad enough if they were just charging money, but they also make you jump through hoops to design software their way, do unplanned upgrades to their cadence, prevent you from deploying emergency hot patches, prevent you from updating software dynamically, prevent you from knowing your own customer, etc. etc. etc.
And they're happy to sell your competitors ads to outrank you for your own trademark.
These companies need to lose their control over this. Web distributed apps must become the norm.
You can't tell me that with sandboxing, signature scanning, and some clever heuristics, that we can't make mobile completely safe for free and open distribution.
This requirement is the result of EU regulation.
For reference, the regulation you are probably referring to is Article 30[1] and Article 31[2] of REGULATION (EU) 2022/2065 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act).
Article 30 requires capturing and vaguely defined validation of the following information supplied by a trader (includes traders of software):
- the name, address, telephone number and email address of the trader;
- a copy of the identification document of the trader or any other electronic identification as defined by Article 3 of Regulation (EU) No 910/2014 of the European Parliament and of the Council;
- the payment account details of the trader;
- where the trader is registered in a trade register or similar public register, the trade register in which the trader is registered and its registration number or equivalent means of identification in that register;
- a self-certification by the trader committing to only offer products or services that comply with the applicable rules of Union law.
Article 31 requires at least the following trader information to be displayed to potential buyers:
- name;
- address;
- telephone number;
- email address;
- clear and unambiguous identification of the products or the services;
- information concerning the labelling and marking in compliance with rules of applicable Union law on product safety and product compliance.
[1] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...
[2] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...
It's Google's decision to enforce it worldwide. I'm not in Europe, and most of my apps' users were not in Europe.
It's really hard to know that for sure. Why risk antitrust lawsuits or European fines because you tried to do the bare minimum?
Are you sure Europe wont sue you for europeans using it with a VON or europeans outside europe using it? Because I am not sure they wouldn't sue.
[flagged]
Do you think I somehow personally chose where my apps would be more popular or less popular? If they wanted to cut off my apps in only European regions due to European regs it would be disappointing but understandable.
> disappointing but understandable.
It's amazing to me that there are some people that will go to these lengths to defend the profits of one of the largest corporations in the world.
At no point does it even occur to you that Google are already bending you over a table with their cut, and you're already white knighting for them even in a completely hypothetical situation.
Do you have very strong investments on Google? Otherwise, I really can't explain why an entrepreneur would ever think the way you do.
I agree with you, but in my particular case there was nothing for Google to take a cut of. I never sold anything or even took donations.
Oh, my bad
For some reason I thought you sold an app or a service.
Serves me well for assuming, my apologies.
You think the US regime should have even more control in 2025? That’s nuts.
It's not just getting a DUNS number. You also need to consent to having your home address (no PO box or virtual mailbox, needs to be a physical address for your "business") listed publicly on the DUNS website and on all your Google Play Store app pages.
Other app stores are similar, so probably it's some dumb government regulation.
> so probably it's some dumb government regulation.
Yeah, they need to show your address and phone number to comply with the EU's Digital Services Act.
There's more info here (from Apple's docs, but the same applies to Google):
https://developer.apple.com/help/app-store-connect/manage-co...
That link says PO Boxes are okay-?
Apple accepts them, but Google requires a physical address.
It seems that is only the case should you choose to monitise your app, which is fair?
https://support.google.com/googleplay/android-developer/answ...
I created a free, offline, opensource app on Google Play, no monetization or payments, as an individual. When this change rolled out I was required to verify my identity and set up a payment profile or else my app and account would be deleted.
After I went through half of the process, they showed a "here's what your users will see on the play store listing under 'About the developer' section!" This included my full legal name, personal email address, and country, which is enough information to find my home address and other information in public registries. This app serves an online community that can be quite crazy and I was absolutely not going to doxx myself to them. I decided I had enough of Google so I gave the app away to a company
- email address is just the one associated with the Google account, it sucks if you started the application on your personal google account, but you can still change it
- you need a payment profile to pay the account fee + verify your identity, the last part is probably very important for anti-spam
- I can understand that legal name + country can be considered doxxing, but I think it's highly relevant information for users
Of course these requirements could be relaxed for low-risk applications (i.e. no INTERNET permission), but I think it's understandable there is so few of them nowadays that it is not a priority.
In what way is knowing the full legal name of a developer relevant to end users? I work in the App Store analytics space and even I have never once thought “I wonder what the full legal name and address of the app developer is. I’d love to drive to their place physically or mail a letter 1800s style to discuss their app”
The most I’d ever wonder about is maybe their country of origin.
It’s for serving legal notice!
For the 1 in 10,000 case of someone actually legitimately suing someone, publicly showing this info to everyone will also create a 100% chance of being sent spam or phishing emails with your real name and country, 1 in 2 chance of some troll signing you up for something nasty, 1 in 50 chance of someone ordering pizza to your house that you have to pay for, 1 in 500 chance of an angry user demanding you add some feature or delete the app else he'll do something bad with your information, 1 in 1000 chance of being SWATted, etc...
If your app is something that's currently politically controversial (e.g. it's an app for trans people), multiply these probabilities by 10.
I didn't make these rules. Just pointing out why this stuff is flowing down hill from government regulations and the overreaction of the private companies who have in the business model no allowance for nuance or human intervention at scale. Make rules so tight that people who are neither paid nor empowered to make decisions can enforce it.
If people don't want to be accountable for their app in any way, maybe they just don't have to have their apps out there. There are other venues, app stores, sideloading, where apps can be put up by random people with no verifiable information and even less trustworthiness than some random app from play store.
F-Droid allows random people with no verifiable information to publish apps, and AFAIK there's never been a single case of malware or something malicious.
The same can't be said about Google Play where I can usually find malware at any time with specific search queries. These are apps that should have never been approved in the first place because they're blatantly impersonating another app.
The people who make this malware won't be accountable, because they don't register their own developer account and verify their own identity. They go around emailing the contact email of every small developer on Google Play, saying that they'll buy their developer profile or pay for them to upload an app. I got many such emails as it is.
Yeah, I wanted to add that it may be less of a problem when there's source code, but sideloading and third party app stores includes apps that don't have source code available, like random loose apks people just download and install, or just third party stores that aren't open source oriented (like game stores, phone maker stores, etc.) Checking source code is also not an option on play store itself, so they might want to have some other ways of verifying where something comes from and letting other people check something for themselves.
No it wouldn't be "fair" and it's not just if you want to monetize your app. D-U-N-S number is required for developer account creation regardless of whether you plan to monetize or not.
I'm referring to the developer address for individual accounts, is there a misunderstanding? DUNS is only required for organizations.
Home address? They asked me for an address in a commercially zoned district.
They didn't explicitly ask for a home address, just a physical address. But for a hobbyist dev, home address is probably all you have so effectively that's what they're asking for. Or for you to rent an office somewhere, which I guess is what they wanted you to do by asking for a commercially zoned adddress.
There’s even more than that, actually: if you’re an individual developer you also need 10 people to beta-test your app for 2 weeks, along with having your home address listed online. Google really doesn’t wan’t anyone who isn’t a company developing apps for Android lol
12 people, actually. And it's down from 20 individual testers requirement from when they introduced this policy last year.
Yeah. I wanted to make an Android productivity tool that helped me but I didn't want to bother (then) 20 of my friends to test it.
Huge hurdle if you just want to build an app.
Watching it happen, it also felt like hurdle after hurdle kept being added (in addition to the never-stopping API level treadmill).
Even if I were OK with jumping through the current set of hurdles, the promise of a never-stopping hurdle-jumping exercise with new requirements being thrown at me every quarter is not exactly encouraging for anyone who actually has a life outside of developing their apps.
Ran into this myself late last year. Registered as an individual developer for a free, non-monetized app and had to find 20 people (they reduced the number since) to sign up (and remain signed up) as beta testers for a 2 week period to get the app listed.
Luckily I was able to hit that number (the app is a stat tracking app for the game Destiny 2, so I was able to get beta testers via posting on a subreddit filled with Destiny 2 PvP players). But it took way longer and was way more of a burden compared to getting the same app listed on both the Apple App Store and the Microsoft Windows Store (the app is written in Kotlin/Compose Multiplatform and was relatively easy to make multiplatform).
If I didn't happen to be an Android "main" myself (creating a vested interest in wanting to make the Android version easily available) I might not have bothered with the Play Store hoops give how much of a pain in the ass it was compared to the other listings.
>Google really doesn’t wan’t anyone who isn’t a company developing apps for Android lol
I mean, it's Android. You can publish an app yourself or through an alternative app store. Given that you have options on the platform I don't have a big problem with Google enforcing pretty stringent requirements on their own store. In fact I prefer a pretty clear dividing line between trusted apps in the Play Store and 3rd party apps at your own risk. There was so much crap in the Play Store it was often hard to tell what's a scam and what wasn't.
Exactly, I happened to have long running apps, in the store, I didn't update them for some time but they were simple and working as designed, good for their job.
Suddenly there was this weird obligation to declare a company or disclose publicly info about me, so i did nothing and it expired, and they removed the app.
I saw many solo devs recommend switching to an LLC company to avoid the hassle Google introduced since late 2023, but it doesn't seem to be an easy task either. I've already witnessed two experiences:
https://x.com/stacy_siz/status/1875849200291975339
https://blog.jakelee.co.uk/publishing-on-google-play-without...
I haven't tried the specific flow for private individuals (seems to just be a radio button), but I do recall getting DUNS numbers as just filling in an online form with name and location and getting the number by mail, without any hoops for fees.
A bit silly to require for private individuals, and a bit annoying to have to go back and do, but not itself a big deal.
> I do recall getting DUNS numbers as just filling in an online form with name and location and getting the number by mail, without any hoops for fees
Having to do it at all is the hoop, and more than zero hoops is too many. I got nothing out of having my apps on Google Play except the joy of sharing in what was at the time a new and exciting medium.
See Windows Phone for a great example of how it would have played out if Google hadn't successfully courted small-time devs like me and countless others. Corporate publishers would have never colonized Google Play in the first place if an audience wasn't already there. The way they addressed me makes it very clear that solo devs are no longer needed, so I will never submit to it on principle no matter how easy it's claimed to be.
Having to do it at all is the hoop, and more than zero hoops is too many.
For sure, but it's a KYC for companies. How else would you expect B2B dealings and compliance to go through? They could do tax ids per country, but with DUNS, compared to local tax id, they get global ultimate beneficial owner as well as other insights. Getting a DUNS is free and relatively fast, unless you're in a hurry then there's a faster route that costs some relatively cheap amount. It's a common ID for global companies, especially those with international supply chains to rely on as "the id number" for companies.
> companies
I’m not a company
You read that wrong, you're the customer in Google's KYC (know your customer). They're the company.
It can make sense when money is involved, but free apps without advertising shouldn't require it.
Google was persistent in making sure I'm "actively" developing apps on Play.
Did I? B2B dealings, DUNS number… none of these are for individuals. Is it the intention that individuals cannot write software for phones anymore?
DUNS numbers are for all legal entities including individuals, and an individual can act as a business.
DUNS numbers are for all legal entities including individuals
only if they do operate as a business through sole proprietorship, otherwise no.
No, a single person individual can register.
Doing business is orthogonal to being a company, and depending on your country, some "company" forms are just VAT filing registrations for an individual itself with no independent legal status. What you normally call a company is something that behaves as an independent legal person.
However, it may be legally required to register a proper company if your yearly business volume exceed a certain value - check local rules - but it may also be perfectly fine to do business as an individual below that volume, in which case the legal entity is just you.
(The alternative to being a business in a transaction is being a consumer)
There's no legal distinction between an individual and a sole proprietorship
No, you didn't read that wrong. It does seem like intention is that individuals cannot publish (publish, not write) software for playstore if they cannot operate as a business; Individuals actually can operate as a business as a sole proprietorship aka soleprop which can and do have a DUNS number and is a legit way of doing business. Individuals without any sort of business entity attached to them do not get a DUNS number attached to them.
Doing business and registering a company (a separate legal person) are orthogonal concepts that are specific to local legislation. You can do business as a private individual, and various "company" forms in various countries are not actually companies but just VAT/financial registrations for the individual itself and have no legal status of its own. Whether you need to register a company form depends on local rules and may be subject to e.g. volume limits (e.g., okay below 10k USD annual).
The alternative to being s business in s transaction is being a consumer (as in B2C), and you're obviously not a consumer when publishing an app.
Going through hoops usually refer to an excessive effort.
Having to go through between zero (it you have needed the number before) and one free forms from a standard entity to get a widely recognized identifier used for many things is objectively not an excessive effort.
Sharing apps on app stores is a continuous commitment with various responsibilities like, such as ensuring safety of users through regular maintenance. If the idea if submitting one number is too much of a burden given the joy/finances you get out of it, then the rest of the maintenance responsibilities likely are too and maybe it's better to skip the publishing part.
Not sure what you're on about with corporate colonization. Colonizing implies forcefully taking what was rightfully someone elses. Also, in many places, making a company is just a form and standard practice even if you're just going to sell a single bogus app for 0.99 USD or whatever, so even individuals will be "corporations".
While I believe some of the (App|Play Store) requirements with DUN numbers and such are overkill and unnecessary, I also agree that there’s maybe a bit too much of a tendency for devs (commercial and indie alike) to take advantage of less restrictive means of distribution to “dump and run”, where they toss a binary over the wall and forget the project even exists for long stretches of time, even as bugs and vulnerabilities accumulate.
This worked alright in the 90s and to a more limited extent in the 2000s, but from the 2010s onward it’s become more and more untenable except for the most simplistic of software, especially when it comes to anything dealing with the internet or externally sourced files. Regular maintenance and updates are an unavoidable fact of life for devs.
So I’m kind of two minds here. Lower resistance/barrier to entry can be good in terms of encouraging participation, but it also inevitably means a lot more neglected projects sitting around rusting. If there’s no effort to control that, platforms can easily become filled with rusty half-functional apps. The way that Apple/Google are attempting to do this is not great however because it’s too oriented towards companies.
Spare me your “““safety””” FUD and your moralizing language please. My responsibilities were set out in the license text and are not up for you to debate: https://www.gnu.org/licenses/gpl-3.0.en.html#section15
No they were set out in the contract you agreed to when publishing which has commitments and grants entirely orthogonal to your source license. Plus certain moral obligations to society.
Your license text is only capable of adding supplementary rights, and you're responsible for ensuring that your source license is fully compatible with the contract at time of publishing.
If you just want to dump stuff, leave it on GitHub.
[dead]
Lately I've noticed many projects on Github either using F-droid or Obtainium. Play Store has really become toxic to anyone not a corporation.
I’m currently working with a startup that was just incorporated. We needed to join the Apple Developer Program to get APNS push certs to set up our MDM.
It took over five weeks to get our ADP membership approved, and that was with internal backchannels. We had to launch without MDM, all the laptops on mostly default settings.
These companies are making so much money from ads and rentseeking and IAP cancer that they have zero incentive to do anything else well. They know they have a monopoly position, so just like the public utilities charging you an extra $2 convenience fee to pay your bill, you’ll shut up and take it, because they are the only game in town.
You know it, and they know it, and they know you know it.
At least on Android you can install f-droid. On iOS they are the only game in town. There’s fuck-all that’s “insanely great” about not being able to install the programs you want to use (such as Fortnite).
It’s pure rentseeking.
Apple App Store has been like this since the early days before IAP existed. It’s just how they operate.
It’s just how they choose to operate. It’s not a force of nature, it’s an engineered customer-hostile circumstance.
Apple weren’t always service-revenue shitheads, it’s a new thing. The company is nearly 50 years old, and for most of it they didn’t treat their customers and developers with contempt.
I did not know that and that’s preposterous, but I don’t think that is the only reason or even the biggest one.
The android store had a whole lot of garbage in it, and a lot of it was the kind that is easy to find and remove.
The linked source only mentions DUNS only being required for organization accounts, not individuals? And I've recently successfully created an account (albeit haven't published an app yet) without one?
Oof. Here I was hoping they were removing the scams
You need a DUNS number for iOS too, fwiw
Only for businesses, not individuals.
Source: I pay my yearly Apple tax and I have no DUNS.
The process for getting a DUNS number and getting it approved by Apple was such a nightmare. Even when I did everything correctly, I got flagged for some unspecified reason that required a bunch of extra back-and-forth. I didn't even want to list on the app store - just to allow other people to run some music-related code I wrote without getting stomped by Gatekeeper.
> Assigned by Dun & Bradstreet
Uh huh, Google just blatantly requiring every app developer on the planet to register with some specific random company. Absolutely no corruption to see here, none at all.
This is the kind of shit why smartphone vendors can't be trusted with their own walled garden stores, the EU has not yet stomped them into mulch hard enough yet I see.
The irony of your comment thinking the EU is going to fight this.
The DUNS number is the European Commission standard for business identification; the choice of D&B isn’t random, it literally came from EU requirements.
Yeah, it's surprising how badly the EU as a government has fumbled the crucial job of business identification by outsourcing it to an American company.
And we keep wondering about why there are so few world changing companies coming out of Europe. Maybe they could start with one that handles business identification?
It's really shocking to me that the EU would demand people use a US corporation for something that really needs to be done by national governments. I think the corruption might be on our end in this case, time to write my MEP or whatever.
> the EU has not yet stomped them into mulch hard enough yet I see
This is literally the result of EU "stomping"
I thought this was an EU requirement?
In what sense is that corrupt?
(“dishonest or illegal behaviour”, “the abuse of power or authority for personal gain or benefit”)
Gee, I wonder why.
Publishing on the Play Store for indie devs or hobby projects just doesn’t make any sense.
You need to jump though so many hoops and doxx yourself in the process, only to make basically no money with the apps, and even if you miraculously do, risk getting kicked out of their platform without any way to contact a competent human.
Even before all this, the general consensus amongst solo app devs was that “don’t waste your time with Android”, now add about a hundred hour of bureaucracy to even get started with your first app, the choice is obvious for many.
I was a long time Android user and switched to iOS because the apps there are just better, I honestly think that Google of running the Android ecosystem into the ground and only the big players will want to go though this mess.
As a Flutter developer, it makes me want to switch to other technologies, because if Android loses its appeal, Flutter, another Google product, offers basically nothing. On web, it scks, on iOS SwiftUI will always have an advantage, Android as discussed is in steady and fast decline, and who the hell needs Flutter desktop apps that have poor integration with the operating system…
I expect Google will attempt something highly amusing, like launching the Play Store on iOS in the EU, with the apps running via a port of the VM (and libraries) to iOS.
You aren't too farfetched off with Google rolling out Google play PC so users can run playstore games on PC.
They really think they can capitalize on desktop gaming with their ad-riddled p2w casual games.
No real comment on mobile, but I disagree with your take on Flutter web. I've deployed a moderately complex Flutter web app (SPA) and have been pleasantly surprised at every turn with how capable it is, from performance to complexity management to testing. And the flexibility to produce an AOT-compiled desktop app from the same codebase, should I choose, is nice to have.
Not intended as a gotcha question but how is your a11y?
On web? Officially it’s good. I think they hope people won’t actually care to test accessibility. Well, I did test it and it was comically terrible.
Amen. I write Flutter at my day job and am working toward an exit ramp every day.
And here I am writing flutter as a hobby and dreaming I could do it as a day job! That sucks
I do both lol. Flutter is fun to play with and vibes very well with AI. But as a day job, things like dependencies, animations, design systems, and super customized things like Xiaomi are the bane of my day.
What exactly is the advantage of Swift UI over Flutter? Maybe it's slightly more efficient since Flutter does its own rendering, but in my experience I've never run into issues with performance.
And I think everything should be web apps anyway (ideally PWAs), but I like that Flutter lets you produce a desktop app from your mobile app with very little effort. Even without any special "integration" with the OS, it's better than packaging a web app in Electron, right?
Our app is written in SwiftUI because of the ease between iOS, iPadOS, macOS and Apple Vision. There is just minimal configs to make it work between them. I don't this can be done with any cross-platforms.
Flutter doesn't really need any special configs either. Going by platforms, I think most developers would rather target Windows + Android + Linux over Apple Vision.
I've been hemming and hawing over whether to explore new PWA tech or catch back up on Flutter/Android with a current small-scale personal project... Sounds like I'm going PWA. This seems too onerous for any non-corporate developer.
Ugh I'm so fucking fed up with the Play Store and Admob, and how they have no meaningful recourse for solving issues or providing support. It makes me feel hopeless and helpless knowing I have little options outside of relying on them (don't have any apple devices to test on or build my app) and knowing they could give two shits. Especially seeing that their contact options for Admob have been broken for years now and they refuse to fix it or provide actual help. And there seems like there's no way to get them to budge, like even through our reps.
Fuck them. I hope they collapse.
For me the really unreasonable change was the app testing requirements on non-corporate developers. Having to get 20 users to beta test an unlisted Android app for two weeks before getting it on the store is not a reasonable thing to require for hobby projects. I'm not sure I even know 20 Android users well enough that I'd feel comfortable asking for that level of engagement from them.
It's a particularly bad policy to launch with existing developers grandfathered out, because the policy probably looks really successful to start with due to the difference in new developer vs. old developer populations -- the entities who are right now making most of the quality apps aren't affected. What's being affected is the pipeline of new developers, but the effect of killing that pipeline won't become obvious for years.
In the US, there are probably a significant number of hobbyist developers who don't even know 20 Android users.
When making LearnTheWords[1] I had to wait 6 weeks for approval from Google. They weren't happy with how I documented what this testing process was like. I had to wait 3 rounds of 2 weeks between submissions, writing ever more kafkaesque descriptions of the insights i gleaned from the definitely-not-paid-for test users that i'd required.
I wasn't expecting it to be easier to launch on iOS than Android, but here we are.
[1] https://learnthewords.app
> They weren't happy with how I documented what this testing process was like
Their testing is done by the user. Testing your own software is so strange for them that they don't underestand your docs. /s
This is absolutely insane and will kill the app I'm making. Google has too much power.
Is there some commercial service I can just pay to do this?
It's called "20 BlueStacks instances in a trenchcoat"
Yes there is, look on Fiverr.
It's crazy to have to pay someone to do this, particularly because Google don't want you to use paid testers.
The idea was to stop spammy apps, i believe. But they've really thrown the baby out with the bathwater here, making it really hard for small-scale innovation.
Same here, android already seems less profitable than iOS but this killed any interest I had in supporting android.
> One factor Google didn’t cite was the new trader status rule enforced by the EU as of this February, which began requiring developers to share their names and addresses in the app’s listing.
Yep, it was probably that.
I'm usually very supportive of EU tech regulation, but to be honest I don't really want to put my name and address up on apps I throw up on the store
Would like to keep my identity separate to whatever projects I have usually, especially if they're ones that don't 100% align with the your own developer brand that employers might screen for
I have the same mentality as you. But, rather than form an opinion on whatever EU regulation is being interpreted as "requiring" these steps from Google et al, I think I'm going to assert that it's a red herring.
The real issue, IMO, is that it's still too hard to distribute and install applications on my general-purpose computing devices! You can't be on Google's app store if you aren't a "real business" with a physical address and everything? Fine. Let's just distribute our apps on F-Droid, or by just releasing APKs in our GitHub pages, etc.
At least that's still possible with Android. But who knows how much longer they'll even allow that?
Yeah, if you have a market that can be installed by the user without passing through a marketplace. The EU regulation gets blamed, but that's not the actual issue.
I think the issue may be thinking of your phone, running a non-open OS, as a general-purpose computing device.
Presumably F-Droid is subject to the same regulatory requirements, so in this case it is directly the regulation to blame.
F-Droid isn’t in the same business, and doesn’t sell apps, so it’s not subject to the same regulatory requirements.
The DSA applies to
> all online intermediaries and platforms operating within the EU
F-Droid has apps with the "ads" anti-feature, so this probably applies to them.
I think it’d apply to the app owner. F-Droid isn’t in the advertising business either, doesn’t get any revenue.
That feature flag just changes what is allowed to appear in search results.
[flagged]
From what I can tell, this all should apply only to monetized apps (and I agree with that). If that's not actually the case, Google is using malicious compliance to misguide developers into hating the EU for daring to regulate them.
That's probably where F-Droid is a better choice in the first place ?
Google Play (and the App store) assume by default commercial intent, and I'm sympathetic to stricter verification rules when there's money changing hands.
> I don't really want to put my name and address up on apps I throw up on the store
As a customer I really want the ability to sue someone who does me wrong, call them out publicly, or at least avoid their products. In no way is it reasonable that someone should want to stay anonymous while selling me something (or profiting off of it in one way or another). I really don't see a reason to make an exception for people who have free+offline+etc apps.
You're publishing software, you need to be identifiable.
> You're publishing software, you need to be identifiable.
"Because I want to be able to sue you" is not a particularly compelling line of reasoning for legislating incredibly invasive laws.
This punishes the people who release apps for free or open source. For the money generating app farms it doesn't slow them down at all.
> As a customer I really want the ability to sue someone who does me wrong,
John Doe ?
Agreed. My 3 free apps, one with +100k downloads were also removed because of the EU ruling. Don't want my personal address and phone number to be more accessible to bad actors more than it already is. While I can somewhat follow the idea, the execution in practice has serious flaws.
> were also removed because of the EU ruling.
It has nothing to do with EU. see jwz.
Several FOSS apps of mine were removed from Google Play because of this. I wrote about one solution for other affected developers here:
https://rocket9labs.com/post/on-the-importance-of-f-droid/
My personal phone number is listed on Google play because I could not get my business number verified. I tried for weeks.
Almost the same here until they let us verify by document. Can't receive texts to our support number, and also can't get the verification code by phone since there is a "Press 1 for ___" thing at the beginning of the call.
This effectively kills apps that are made by individuals or very small businesses that can't afford an office.
It's kind of incredible how the EU makes changes like this and then politicians scratch their heads about the weakness of European tech. You would think that the politicians would give some thought to that and make it easier/cheaper to fulfill these requirements, but nope. Either pay up for a company (hundreds of euros) and an office (hundreds of euros) or just have your information publicly available.
And when that information becomes publicly available you will be inundated with spam.
On top of that some services will then take Google street view pictures of your home and link all of that information together in an easily searchable database.
> the EU makes changes like this
The actual change is not by the EU, but by Google who interprets a EU directive and decides how to apply it to its platform.
This is a big difference, in that the EU requires a verified _contact_ address for _traders_ operating on a marketplace.
From there Google deciding to blanket require onerous verification on anyone publishing any app is Google's call and they should get the blame for it.
For comparison you get a different application of the same rules on the AppStore, and none of that for F-Droid.
Doesn't Steam do the same thing? And even registering a company in (some) EU countries has effectively the same address requirement where a PO box is not allowed.
Also, when I said "changes like this" I mean changes in general where there seems to be no analysis on the knock-on effects of a policy change causes.
Another example from the EU was their VAT change they did some years ago. On the surface it was a decent change, because it made multinationals pay VAT in the countries of the buyers, but it had the downside that it drowned small and micro businesses in so much paperwork that a lot of them shut down or stopped serving customers in other EU countries.
Why? Because they forgot to add a minimum threshold for when these VAT rules apply. Something that most EU countries have. Imagine you start selling 3D models, your revenue is €500 in a year and for this money you're expected to file with 27 different tax authorities who all deal mainly in a different language. Is the €10 sale worth dealing with the Latvian tax authority?
It took the EU about 5-6 years to finally fix this by introducing a €10,000 exemption.
> registering a company in (some) EU countries has effectively the same address requirement where a PO box is not allowed.
Justifying rules for a private virtual marketplace as being as strict as how the government handles registrations is going overboard IMHO. That's like arguing that Supermarkets are fine fingeprinting customers when emiting loyalty cards because the host country also fingeprints people when emiting passports. They're not the same thing.
> It took the EU about 5-6 years to finally fix this by introducing a €10,000 exemption.
Wasn't the rule introduced in 2021 ? Getting a fix applied within a few years is actually not bad for an international governing entity IMHO.
On the other side, Stripe Tax also launched in 2021, so small businesses had that as a solution if it wasn't worth their time dealing with each countries individually.
Sure the rules could have been optimized from the start, but it doesn't sound half as bad as you make it sound to me (albeit I'm not an expert in any of this)
Well, if it's easier for Google to require it of everyone instead of a subset (and less risky if they should happen to miss someone who's not a "trader"), then it is entirely reasonable to blame it on the EU.
Before the rule was put in place by the EU, Google didn't require it; after they did. I'm sure Google didn't go through the design, development, testing, compliance and legal analysis of deploying this requirement for the fun of it.
This would be a stronger argument if Google had a track record of caring about their devs, partners and proper business practices.
At this point it's not that far from anthropomorphising the lawnmower.
Apparently you can use a P.O. Box as address for this purpose[0] when registering for AppStore, which is substantially cheaper. However, Reddit says Google does not accept P.O. Boxes [1], so the only option is a "virtual" office address or something like that. A shame.
[0] https://developer.apple.com/help/app-store-connect/manage-co...
[1] https://www.reddit.com/r/FlutterDev/comments/1f4nmny/comment...
> It's kind of incredible how the EU makes changes like this
Haha, how perverse from Google to blame the EU. Google just want more data from you.
Yep, this is why I dropped out.
Doesn't Apple require this too? (https://developer.apple.com/help/app-store-connect/manage-co...)
My app’s organization is outside the “west”. So in order to complete verification with Google I had to pay some subcontractor of Dunn&Bradstreet almost $500 to get the DUNS. Then I had to get an original certified copy of the organization’s registration from the national registry. Then have an official notarized translation to English and get all that apostilled (another $500 through a service).
Also, Google support refused to tell me what set of documents they would accept. I had to figure it out myself.
Sounds like you just found a business - offer this to others, you could be the fourth party in the transaction!
Do it via an app listed on... Play Store.
Yeah, I dropped my apps from Play, couldn't find a way to avoid putting my personal address on there.. fuck that, I'm making something for free, and they force me to dox myself for it? Nah, I'm good.
By “they”, you mean the EU?
The EU regulations don't exclude P.O. Boxes. Google choose to add that requirement.
Google decided to make it worse than it needed. Those EU regulations are only applicable if your app makes money via IAP or subscriptions. If you are providing a free app, nothing changed, but Google decided that everyone must follow it. That is true even if you choose to not display ads (so at no point Google will send you money).
EU doesn't force this for free Apps, nor does it prohibit PO boxes. This is Google's choice
[dead]
Another factor:
> Google also just increased the target API level requirement for apps on the Google Play Store
https://tech.yahoo.com/phones/articles/google-plays-rules-ki...
We also saw established apps like iA Writer decide to get off the treadmill.
> In order to allow our users to access their Google Drive on their phones we had to rewrite privacy statements, update documents, and pass a series of security checks, all while facing a barrage of new, ever-shifting requirements.
https://ia.net/topics/our-android-app-is-frozen-in-carbonite...
Yup, this caused me months of work. Many people chose not to bother.
Sounds like there are a range of reasons, but the bigger picture explanation is : Google no longer cares about incentivizing apps to be on the store.
The mobile OS wars are over: every company and dev that wants to do anything is locked into having to provide an Android and iOS app no matter how difficult it is, so all the incentives are for Apple / Google to insulate themselves from risk now by raising the bar on devs.
We need to start exercising the minimal rights / capabilities to ship alternative app stores on these platforms. Easier said than done.
I dunno, many developers already choose to ignore android entirely because it's less profitable. Raising the bar will only encourage that. At least for me the dox your own address + onerous testing requirements make android extremely unappealing
I guess I could publish on fdroid but why bother? The android platform clearly doesn't care about me.
Only in the US. In the rest of the world, Android is king and developers ignore Apple.
many developers already choose to ignore android entirely because it's less profitable
source? all I can find by googling around is about the same number of apps with a bias towards playstore.
It's literally in the headline of this post. "Google Play sees 47% decline in apps". Surely they didn't all move to f-droid.
Web APIs are also more capable than ever before and can be added as icons on the home page. For an individual developer, you are probably better off just doing a web app.
Android already has many alternative app store. I believe there is nothing currently for paid app (beside OEM store like galaxy store or Huawei) but if there is a need it's absolutely possible to do.
Apple side on the other hand, good luck with that. Even in Europe they made the rules so strict the third party app store are basically dead.
Technology was supposed to get rid of most of bureaucracy and move the World towards automation. These FAANG companies have instead successfully integrated bureaucracy with technology and have made bureaucracy permanent. Instead of automating away bureaucracy these companies have automated away customer service.
It is a serious mistake to think that technology can remove bureaucracy. Indeed, technology by its nature makes bureaucracy a lot more rigid. Bureaucracy is about homogenising processes and erasing individual differences, and software reinforces these properties because it allows even less human input or deviation from the process. (That isn't true of all software, just software that is intended to somehow deal with large numbers of people uniformly.)
When I said remove bureaucracy I meant remove bureaucracy from people's lives. Obviously it will exist behind the curtains. I agree with you that software reinforces bureaucratic properties and it should. That is what it was supposed to do. But technology failed when it comes to rectification of any deviations in bureaucratic processes.
For example, assume you are submitting a form and the address is incorrect/not matching exactly what is stored in the database; software should (rightly) flag it and have a human review it and do the necessary correction. Instead we have the worst of both worlds, where the software flags the problem but there is no human in the loop anymore. Even the human is automated out. So the problem is never fixed. Instead, the customer/client who is interacting with the software is indirectly made aware of the internal bureaucratic process but has no recourse.
The lazy response to any new risk or problem is to just layer on new rules and processes. Large organizations always end up with those things defining their workplace culture (risk aversion, checkbox culture) and that worldview filters down to the decisions which impact customers.
they do these things in response to governmental pressure.
"Never be deceived that the rich will permit you to vote away their wealth." - Lucy Parsons
I miss the freewheeling days of Android apps. You'd find all kinds of apps made by solo devs as a labor of love. Later, Google largely killed those apps by severely downranking them in the play store algorithm, and made searching in the play store "we'll show you what we want to show you, the filters do nothing", but you could still install a secondary app store in CyanogenMod and find those weird and fun apps. Is there any of this left? I've heard that the secondary app stores have fallen into disrepair.
F-Droid is what you want. You can find all manners of apps - libre replacements for all your stock system apps, alternate launchers, games, clients for your favorite desktop apps (ex: mpv), and even a proper terminal emulator - complete with a package manager.
I don't remember who wrote the report, but a recent games industry report made its way to my desk, and it stated that considerably more games were removed from mobile stores than added over the last few quarters.
I think that could be due to some uncertainty in the market about the future of mobile gaming. Mobile AAA never caught on, and the industry tried it with CoD, Civilization, Mario, Fortnite, Resident Evil, GTA, Assassin's Creed, and others. Only Pokémon Go and Genshin were exceptions on the AAA side due to strong mechanics (Pokémon: ARG appeal, Genshin: gacha profits).
Meanwhile, the small-budget side has become extremely overcrowded by trash-level asset flips, gachas, and ads with vague game elements. Many genuinely talented game developers are asking, "Does my game fit in the mobile markets?" and concluding that the answer is probably closer to no than a yes.
Maybe this is just the natural life cycle of the stores. Moderation doesn't keep up with use, leading to disappointed users and abandonment. Do you remember when we used to check the App Store occasionally for new fun apps during the iPhone 4/4S era? We'd get like an accelerometer app that turns a phone into a silly beer pint, and it'd be quite clever and novel. Or we'd download pedometers, and that was quite a novel and smart tool to track exercise. All because they were promoted on the stores. That's a distant memory for me; I only go to the stores to download the things I already know I need, they have turned into package managers for me.
> Instead of only banning broken apps that crashed, wouldn’t install, or run properly, the company said it would begin banning apps that demonstrated “limited functionality and content.” That included static apps without app-specific features, such as text-only apps or PDF-file apps. It also included apps that provided little content, like those that only offered a single wallpaper. Additionally, Google banned apps that were designed to do nothing or have no function, which may have been tests or other abandoned developer efforts.
Sounds like it was a purge of zero value apps. Why was Google allowing these legions of unusable and/or garbage apps in their store in the first place? Someone padding their numbers?
Because we want people to be able to create trash apps and publish them.
Just like we want people to create trash blogs and trash websites so they can learn or just express themselves.
Having 3rd world devs making more todo apps is not optimal but they should be able to do that and publish them.
Preventing all of that also prevents good small time community apps because suddenly you have to pay money and can’t just do nice app for local communities.
> Because we want people to be able to create trash apps and publish them.
That's a moot point, though, since you don't need Google's app store to publish apps. You can just send whatever random APK you throw together to your friend, post them on your web site, etc. There's no reason to turn the Play Store into a dumpster.
If anything the fact that you can sideload on Android and install alternative stores means the Play Store should be at least as selective as Apple's store, if not more so, since failure to meet that store's standards doesn't mean the app can't be distributed elsewhere.
You need to if you want people to be able to discover your application or receive updates automatically (or with a single click) instead of having to reimplement the wheel with an update checker in your application, as well as logic to limit what countries/markets and devices you serve.
Especially when you consider the hassle for the average user of going into Chrome, downloading your APK, accepting the big scary messages that "the application comes from an untrusted source" and "sideloading applications can be dangerous" and then installing it. People barely even like going into Google Play to download stuff.
Other app stores can also automatically update.
If your app is so low effort that even the off brand app stores don't want to host it, I'm going to guess that you're probably also not overly concerned about sending your users automatic updates anyway.
> People barely even like going into Google Play to download stuff.
This might have something to do with the lack of curation, though. Hence, losing a bunch of apps is actually beneficial to the ecosystem. As that snippet was pointing out, lots of these apps were just basic wrappers for text/pdf, which is is what the web and/or built-in media viewer apps are for.
You do understand most people won’t sideload an app.
Friction compared to clicking install from app/play store is orders of magnitude higher for sideloading especially for non tech people.
"Trash apps" and "more todo apps" isn't what this rule is preventing. It's preventing "apps" that are essentially just a viewer for a built in static text, PDF or image file. Which can and should be replaced by a text, PDF or image file, or a web site.
Not at all - it is preventing people not having a company from uploading their apps.
If you setup a company you still will be able to publish crap apps, it might not be profitable as it was before due to bureaucracy overhead - but the same for people who want to make useful apps but don’t want burden of setting up company.
Meh... That website might not be available in offline mode. I may want 5 PDFs in an app because it's still easier to find the app than it is to search through 'files' on a device that wasn't designed for managing files.
Well PlayStation, Nintendo, etc don't just let anyone publish anything. I see no reason to force them to lower their standards for trash shovelware. As long as you can still sideload apps, it's their store and they can set their own standards.
PlayStation, Nintendo, Steam etc. are competitors where you can say they are really competitors.
Play store from Google is basically only store for all Android devices out there and no relevant competition.
Where do you set the bar for "good enough" app? It makes sense to allow shitty apps and let the reputation grow somehow.
One could assume that the previous priority was "grow the app catalog through the use of a permissive listing model," and it's changed to "improve the quality of the app catalog by being more selective about who and what is allowed to be listed."
Good, I hope it dies off and we get to a state of decentralized app distribution just like PCs have. App stores suck, I don't need Google of all companies knowing every single one of the apps I have on my phone
What would actually happen in that case is exodus towards App Store which I'll not be happy about. For all its issues, I vastly prefer the flexibility of Android over the walled-garden and would hate to leave it.
It is also nice to keep packages we like for whatever reason.
I’m an iOS dev coming to Android because I was lucky enough to recently make an iOS app that’s making enough money to be worth porting.
The developer experience of PlayStore is SO BAD compared to the AppStore - which isn’t even that good to start with.
It’s like all the software and websites are just made by people who don’t care at all if you use it or not.
It doesn't surprise me.
There are more apps than people care about.
Nowadays I only install games, or apps for services where I can't do otherwise.
The time for "there is an app for that" is long gone, and the push for developers to artificially update their apps for whatever was presented as great Google IO innovation, or be out of the store, can only lead to outcomes like this.
I imagine that the numbers on Appstore aren't much different.
It's also impossible to find good apps.
The store has flags indicating whether an app uses in-app purchases or ads, and knows the file size of apps (which is a good proxy of how much data-collecting bloatware is inside).
It doesn't let you easily see the size before installing and doesn't let you search by any of these criteria. So if you wanted to publish a high quality, free, ad-free app, you would immediately be crowded out by the apps that can spend money on ads and SEO because they're full of crap, and your potential users have no chance of finding your app.
Given how easy this would be to implement, it seems obvious that this is an intentional, user-hostile choice because Google doesn't profit off these apps.
Each app should be rated by a new criteria 1) Size 2) Speed 3) Design 4) Customer Support Speed 5) Average downtime 6) Functionally Satisfactory Score
Same. I have a bunch of Apple devices now and the only apps I install are vlc, kindle and brave.
Maybe related? https://news.ycombinator.com/item?id=43804937
I don't get the new D-U-N-S number requirement. Actual scammers can easily jump through the hoops. It's the small independent devs that won't bother with the bureaucracy, especially those that do it for free.
I’ve read through the comments here, and something most people here don’t get is the importance of App Stores for discoverability. The first thing non-developers think when you tell them “download xyz app” is to open the App/Play Store and search there. If your stuff isn’t there it just doesn’t exist.
That’s specially true for 3rd-world countries (I can only speak about Brazil, but my guess India would be pretty similar), where for a long while obtaining apps was a dice roll if you’d get a malware or not. Eventually the Play Store made it safer, but also created a group memory of “stuff outside Play Store is cut-and-dry unsafe”. In the circles I have access, people would hesitate to even open your website if you tell them to, but saying “my app is on the Play Store” makes it instantly “safe” in their minds.
I’m still in the process of bringing my App to the Play Store (after being on Apple’s for 3 months now), and honestly catering to Android with the new rules has been the biggest regret in my 20-year career so far. Yet, there is no alternative, because every time I tell people about my project, they always come back saying “I couldn’t find it” when the project name is literally a domain name.
Google didnt let me keep my developer account because I couldnt verify address. The only ways they accept address is with bills that are not in my name so I couldnt verify my address. It's ridiculous given that I have an android phone a gmail account and they know where I live based on location data.
That's absurd, every other industry requires proof of address to be IN your name. What are Google doing :/ malicious compliance perhaps?
I cannot remember the last time I downloaded and installed an app from the Play Store (it must have been several years ago). Instead I have been getting apps from GitHub, F-Droid or the developer’s website.
I had an app on the Play Store, but I took it down. Bureaucracy isn’t for me.
Here is a chart with the number of Android Apps in Google Play (over time): https://www.appbrain.com/stats/number-of-android-apps
As others have noted this is basically security theater because many legitimate apps are being removed and many spammy apps are staying up.
I work at a company that created some whitelabel apps for some popular brands and recently the apps have been taken down for "impersonation" despite the fact that we presented all the necessary paperwork mutliple times before (documents signed by the legal owners of the trademarks).
This supposed "cleanup" operation of the Play Store is just a very sloppy attempt by Google, a company that should be able to do better given the its size and resources.
This is phrased like a bad thing, but it’s actually a good thing. I’m an iOS user and I can tell you Apple is not doing a good job keeping the App Store free of scams. I’m guessing Google is doing a much better job and this is the result
I’m an iOS user and I can tell you Apple is not doing a good job keeping the App Store free of scams.
No App Store is going to be 100% free of scams.
In my experience of having downloaded several hundred iOS apps over the years, it’s pretty difficult for most people to download a scam app unless a user is specifically trying to download free, fringe apps from developers you’ve never heard of.
But if you’re interested in mainstream apps that address real issues by developers who are attempting to make excellent apps that take advantage of Apple’s technology and ecosystem, the quality of iOS apps has never been better.
I just checked—the revenue of the App Store was over $100 billion dollars in FY 2024. That says to me customers are finding useful apps they’ll willing to subscribe to.
but it can be made 99% free from 90% right ?
> That says to me customers are finding useful apps they’ll willing to subscribe to.
My kingdom to hear Microsoft argue that in the IE case.
"Yes, we're obviating serious competition and deliberately hamstringing our competitors. But just look at how large the Internet Explorer install-base is! Clearly users are deriving value from our browser. Also it stops viruses or something."
Genuine question, how do you encounter the scams?
I haven't "browsed" the app store for a long time, I only go to find an app if I already know it exists.
F-Droid needs more apps!
Are there specific apps it's missing?
I don't think more is necessarily better.
unfortunately crappy UX experience + shaming closed-source apps with "anti-feature" labels is keeping it away from growing
wonder if PWAs will normalize under all this grip tightening.
I've starting using less and less apps as the years go by. No more facebook, insta, twitter, tic toc. A lot of very useful apps like a calculator, flashlight, magnifyer, all that stuff is stock.
Unfortunately, buying basic things requires an app now. Paying off my credit card and house requires an app. Getting a "taxi" needs to be done by app. School updates for tomorrow's homework go through Telegram, telling the teachers to send my daughter down from class requires WhatsApp. Whitelisting visitors to come in requires a security management app.
I have an autogate that can't be opened manually. It came with a remote, but only one, so we use an app to open the gate. My door has a fingerprint sensor that malfunctions when it's humid. So I need to open my front door with an app and because it's a free app, I have to watch an ad to open my front door.
These seem like poor tech choices more than "an app is required to buy basic things."
When the whole "there is an app for that" mess started, I could be found saying, there is a browser for that too!
You are right about one thing, and that is everyone is asking whether people have their app. This is constant.
My answer has and will continue to be, "nope."
And yes, I have a browser for that.
The apps I find worth using are all enabling in some way, sensor data, advanced calculator, viewers and the like have real value.
Wrapping transactions into apps where the sole purpose is data harvesting and blasting me ads and offers, adds ZERO net value.
Products that require an app should be considered broken.
Seriously.
All of that pushes people, who for whatever reason choose app dependency, into scenarios like you shared with us here.
That stuff us broken man. You really would benefit from a general reconsideration of your product and service selection means and methods.
What is the product value when "needs your phone is off the table.
Does it have value without a phone? Should it? (In almost every case, yes!)
Please don't take my comment as an attack. Nothing personal here, no judgment either. You are by no means alone. M
What is the alternative though? Do I boycott it? Buy my games from Epic Store, book taxis while I'm on the train, ignore messages from teachers, and do all my banking from ATMs? Apps are still more convenient and cheaper.
Admittedly digital locks are dumb, though.
...Are you serious about opening the door? What app/company makes your door?
It's this app: https://play.google.com/store/apps/details?id=com.tongtongsu...
It's not the same company as the one that made the door. To be fair, the door is a one time purchase and they shouldn't have to maintain it, so it's all done with a third party app. The hardware is solid, it's just the software that's a bit dodgy.
The lock can be opened with fingerprint or NFC tag, but it freezes after 3 tries. The master key is a physical key or the app. I didn't get a fingerprint door to use keys, and the keyhole is also at a weird angle from beneath the door. So the app it is.
It sounds ridiculous but I need apps for everything anyway, thanks to 2FA. I can't even log in to work without an app.
Can you not just install an android app from a website? I always thought that was part of the attraction of Android - you could install without an app store requirement like ios. Actually.... I seem to remember building a couple android apps and just linking from a website but... that was... 8(!) years ago. Is that still a thing? Was it ever, or did I just misremember that?
Yes, but:
1. It's disabled by default. You have to dig around in your phone's settings to enable APK installations, and APK installations through the specific app you prompted the installer from. And if the developer hasn't updated the app for recent versions of Android, Google will throw up a antivirus-esque "warning this app is unsafe blah blah" prompt.
2. You can't automatically update an app if you manually installed it through an APK. There are apps that can kind of do this (automatically download APK from source website on new release, notify user). But that's clunky and not suitable unless your audience is FOSS-land. Oh, and the user still has to manually click the install button for each app they update this way. No silent updates unless you're rooted.
This makes the distribution of apks through your own processes wholly unviable unless your app is mandatory for your users (I. E for work/school), or your user base is Android FOSS enthusiasts - who probably prefer that you use F-Droid (3rd party FOSS appstore) anyways
> It's disabled by default. You have to dig around in your phone's settings to enable APK installations
At least since the time that the "install apps from unknown sources" permission was migrated from a global toggle to an app-specific permission (maybe even before that?), the dialogue that pops up to tell you that installation has been blocked has a button for directly taking you to the correct settings screen for toggling the permission, so it's just two extra taps.
Sure, at scale even that will confuse/scare off some users, but it's not insurmountable and nowhere near as obscure as having "to dig around in your phone's settings" – just two extra taps and you're good to go (unless your phone manufacturer has made things more complicated there, which does remain a possibility).
Thanks. I've asked people to do testing like this, and with limited people it was manageable. And the last android app I did was internal to a company with maybe 15 users. Getting people to do install/update was ... manageable, just.
I don't know if it's related, but I recently started using apps from f-droid. Maybe I should have done that much earlier, but necessity forced ky hand. I just can't find good apps on the Play Store anymore. Everything is enshittified. Even simple SMS apps have ads and in-app purchases. For what!?
F-droid apps are simply better these days.
What do you think maintains this difference on the F-droid side, given there are presumably lower barriers to entry with F-droid?
Actually, F-Droid has quite strict requirements on the apps it will accept, and it enforces them.
Low-effort spammy apps with ads and in-app purchases are unlikely to be accepted.
Standard Android in-app purchases, efficient notifications, or ads which use Google services, won't be accepted at all, though FLOSS versions of those things are ok in principle.
From https://f-droid.org/docs/Inclusion_Policy/ :
> All applications in the repository must be Free, Libre and Open Source Software (FLOSS) – for example, released under a GPL or Apache license.
> Every effort is made to verify that this is actually the case, both by visual inspection of the source, and by building the application from the published source.
> We cannot build apps using Google’s proprietary “Play Services”.
> We cannot build apps using proprietary tracking/analytic dependencies like Crashlytics and Firebase.
> We cannot build apps using proprietary ad libraries.
> The source code for the application must be maintained in a publicly accessible Version Control System which we have support for
> The original app author has been notified (and does not oppose the inclusion).
Weren't the number of apps already down by like 60% since 2016?
Great development.
F-Droid continues to be great.
How very American that the requirement to register is to obtain a private fee for service business identification, not some kind of institutionalised public interest registry.
Wait - you mean the EU-driven requirement?
Yes. It's totally bizarre that a formalised business identity is held in a commercial enterprise, not some kind of not for profit mutuality or a state enterprise.
Who requires them to do it isn't the point, what Google decided is the formalism to meet EU requirements is the point.
Here is a european collated list of worldwide business registries. The Australian one is a gov.au. the US one is the SEC not D&B
https://ebra.be/worldwide-registers/?location=au
The SEC is not a registry of all businesses in the US. The SEC concerns itself with business that sell shares to the public; this would not cover (for example) a single-member LLC that a software developer might use.
In the US, businesses are chartered and registered by the states, not the Federal government. There is no Federal equivalent to the UK's Companies House.
Which in itself is quite bizarre. You are of course right about the SEC although private companies raising debt securities fall under its role.
The real issue here isn't what the app store sets as requirements. It's that the users can't avoid it to get the applications (or doing so it too confusing).
Do people still actively care about phone apps? I avoid installing them whenever possible.
Apple have been forced by EU to allow the web and PWA's to work on iOS, so there is no longer a need to make natives apps for both Android and iOS anymore, u can just make a PWA.
Google's loss
I had useful free apps deleted. They worked, now the alternatives are all ad infested slop.
I CBF jumping through their hoops, might just move them to alternative stores
Google has always been hostile towards indiedevs but they have become complete garbage. They do things like removing apps because they have "banned" keywords in the naming. Apps that been around for +5 years. Or you have to comply to some new bs. Or they tried to force you to use Google pay and so on.
Google play has always been totally corrupt. But it is even worse today. The amount of trash spreading through their own programs is massive and then they are banning apps that does not even claim any permissions.
As always with Google, money talks. If you are a small corp you are pretty much screwed. If you are a big client Google will call you and tell you how they fixed your issues before you even knew about them. I really hate working with Google and hope they get split up and destroyed in the anti-trust case. (Yeah, I know the corp is named Alphabet)
[flagged]
spammers are better at bureaucracy than indie developers
Depressingly true. Also the Google Play changes that require indie devs (if they have an LLC/business) must have their address publicly listed. For many of them (us) that's our home address. I'm not at all a fan of having my house's address publically available, especially since some of my apps are for local events.
There is no scenario in which having my address public benefits me. Zero. Only downsides.
I don't make apps that are controversial but there are a lot of less-than-sane people out there.
fyi, a sole prop can get an address from ipostal1 for about $25 up front and $250/year. And LLCs should be using an agent.
I understand this is yet another cost, and for a hobby, etc etc. Just letting people know these services exist.
In my experience, these addresses are tracked and usually banned.
> LLCs should be using an agent.
Why? Everyone says this but I don’t understand why I need to pay someone to get mail for me.
It makes sense if you incorporated in a different state but I created my LLC in my home state, though the “One Stop Business Portal” (it actually was very easy). Contrast that with when I created a Delaware LLC for a previous startup which cost a couple hundred to get started and 100-200/year in fees.
As for the ipostal1 I’m concerned about the address not looking legit (I don’t know what one of their addresses look like and/or if they will be banned/rejected). On top of that I don’t want to pay $15/mo for the ~10 letters I get a year for my business. See also: checks I need to deposit, not sure how that works.
LLCs / agent: to keep your address private. In most states LLC-associated addresses are a matter of public record. So if you care about privacy / crazies, app stores are far from the only place that lists that address.
ipostal1: It's basically a software layer over stores that offer various services. I've had no problems with the address. Most places offer a check deposit service.
this is also true for scammers. Their objective is to get through the machine, not construct things of value.
It's an endemic property of con-artists and these systems.
They're often designed poorly.
How many times have you had to be dishonest to jump through hoops and get something honestly done? At my last job, their receipt checking system for recomp was terrible. We had to create receipt forgeries with the proper values that were formatted in the way the system wanted because it only accepted forgeries.
It would be like a vending machine that only accepted crisp pristine flawless money so you had to feed it with counterfeits out of necessity.
Anyway, don't design these systems wrong otherwise perversity thesis in full effect.
Good riddance! Apps (in general, there are many exceptions) are a slimy way to put your idea into the world. The vast majority of apps can simply be a website with zero loss of function. If you're not doing something special with my phone hardware, I'm absolutely not downloading your app.
Too late. This google store is full of scams apps.
Ah no, it's intentionally made for scammers to boost the Google Play users.
So it's worth to kill itself. Your dirty marketing tacticts is cheap, human become more smarter these days.