Develop applications for Android - as if to be (demonetized) by YouTube
As you know, some authors on YouTube are extremely dissatisfied with the conditions offered by this platform. A similar battle is now leading the developers of Android applications on the platform of Google Play. I will try to explain in 20 minutes what is wrong with Android.
Once upon a time, Android was considered the best mobile platform: control, customizability, advanced features, real multitasking, support for even rare use cases and the freedom of developers. It was the best platform for science and education: firstly, development tools are free and cross-platform, secondly, Android was a very flexible OS, which did not interfere with experimenting with innovative concepts and messing with equipment. Now it all disappears quickly.
Previously, the main releases of Android brought new features that pleased both developers and users. But from a certain moment I already began to be afraid of announcements of new versions, and still I am looking for strength in myself (heh) to look at the list of changes and recommendations for developers for the latest release. And new versions are not the only reason for the hassle: changes in the Google Play Store policy are also always fun to read.
For a start, a little context: before Android, I experimented with Windows Mobile 6.x and switched to Android after version 4.2 was released: I remember that soon after that 4.4 was announced, and it stood on my first Android phone until the end of its life. Android became the first and so far the only mobile OS where I seriously invested in application development.
')
I began to tinker with developing applications shortly before the release of 6.0 (Marshmallow), so I’m not an old-timer and can’t say that I’ve watched the Android evolution from the very beginning, and, of course, I didn’t see the whole process from the developer’s point of view. Nevertheless, a decade of changes passed before my eyes - even while experimenting with Windows Mobile, I paid attention to what was happening in the Android camp, although I still didn’t have enough money for these phones (everything went to handheld computers for Windows Mobile) . I understand perfectly how inconvenient it was for users and developers of Android 4.x before: I myself could try these versions, and my applications had to support them.
With each version of Google changes the Android API. These interfaces largely define what applications can and cannot do. In addition, some APIs require permissions that you agree to during installation, and some of these permissions can be set at startup (the idea is that the application should degrade gracefully by providing certain functions without obtaining some permissions). This refers to the contact list or location API.
Newer versions of Android include new APIs. Previously, the old API from previous versions did not make almost any changes. That is, the old applications continued to work normally.
In the last two or three years, new versions of Android have begun to delete and modify the old APIs. For example, if an application wants to remain active in the background, then it should now display a permanent notification. The idea sounds good in theory, but in the end, you always have several notifications, one for each background application. For example, I constantly have two notifications on my phone: one for the voice recorder, the second for the equalizer. One of my own applications should also constantly show a notification in Android 8 / Oreo and newer versions for reliable Wi-Fi background scanning in order to establish the appearance of the user in certain places.
In the future version of Android 10 / Q, applications will be further restricted. Google removes access to the clipboard , killing a whole category of applications for managing the clipboard (history of copied fragments, synchronization with other phones, computers, etc.). Currently, all applications can access the buffer without special permissions. It was possible to solve the problem by adding a request for permission, rather than completely removing the API. Applications can no longer turn on and off Wi-Fi , which does not allow, for example, to automatically turn off Wi-Fi when traveling by car. Google thinks to completely deny applications access to arbitrary files in the "external storage" (SD-cards and the internal memory area on your phone, where screenshots and photos, MP3, images for emulation, etc.) lie.
Notice that they remove all these things for “security”, but they could simply be protected by a request for permission, like with a list of contacts or a location. Instead, they decided to completely remove the features. Even if users want, applications will not be able to implement them. Existing applications are likely to be crushed by users, because people will not understand why the program suddenly stopped working after updating to the wonderful new version of Android.
These are significant changes. Normal applications may stop working. Developers will have to update them to implement less convenient workarounds, implement explanatory messages, and so on. This requires time, effort, money, etc., which could be spent on fixing other problems or developing new functions. Small teams or indie developers, especially those who do this in their spare time, can be very difficult to catch up with the latest “trends” of Google. For example, due to changes in the work of background services, I spent most of my free time during the summer, redesigning the architecture of one of the applications, which in turn led to the appearance of new errors that had to be diagnosed, corrected, etc., so that the said application showed notification and worked correctly in the latest versions of Android.
Even without the release of new versions of Android, Google may recycle old APIs: for example, install new Play Store rules by disallowing applications with certain permissions. Recently, Google has banned permissions to access SMS and call log: accordingly, all such applications have been expelled from the catalog.
Such applications can still be installed directly from the APK or alternative directories, but not the Play Store. In practice, it turns out that key functionality is cut out from many applications in the Play Store. For example, the voice recorder can no longer indicate the phone number in the audio recording, and automation applications can no longer use SMS messages as a trigger for actions. Since 99% of users download applications from Google Play, this functionality is now prohibited and only available to a very absolute minority of users who know how to get around these limitations.
Developers at the Play Store increasingly feel like content creators for YouTube, where policy changes occur suddenly and without warning. On YouTube, producers always fear that the content will be demonetized for some reason: this solves a fully automated, non-transparent system, as well as a response to complaints from the rights holders. In the Play Store, now, too, you have to constantly keep track of why a new reason may suddenly remove your application or block a developer account, along with all other accounts that Google considers to be implicated:
And these are just some examples of not even the most “scary” stories, which are published in r / androiddev in a day. In the relevant "category" dozens of stories on each such topic. Sometimes similar cases fall on Hacker News. It seems that Google treats the account ban and deletion of the Play Store applications with the same levity as the moderators of online games, which, at the slightest reason, ban players on suspicion of fraud. For most players, online games are just fun, unlike developing applications for Android. An obvious question arises: what do people who are banned do?
Now I understand that the analogy from YouTube is terrible. You see, YouTube usually comes with warnings. There is no one that you woke up and suddenly discovered that your account is banned. Video authors usually have the opportunity to benefit from the drama by contacting users. The audience usually sympathizes with them, while application developers deal with the outrage of users who have no idea or do not want to know why we have to massively remove functionality or reduce the performance of our applications. For example, the developer of the popular ACR voice recorder, after removing the permission to access the call log, ran into bad reviews, abuses and profanity from thousands of angry users - and this after an extensive campaign warning of upcoming changes (as an ACR user, I deleted the Play Store version and installed via XDA Labs unbound version, which retains the old functionality).
For independent developers and small companies, developing for Android has become more risky than ever. Today I will start working on the project, and after six months, when I prepare the first version, changes in the catalog policy will not allow it to be published or will seriously affect the functionality ... in addition to the above API clause, which become obsolete and change semantics, requiring constant support for the code, to keep up with the latest versions.
If you followed the links above, you understood something else: Google actually has no user support for live people, and if their bots were as responsive as Google Assistant ... If these are not bots, but people, then the difference is not felt: they spit out the sample answers. It is widely known that the best way to solve listing problems on Google Play is to attract the attention of a Google employee on social networks.
It seems that the level of support for Google depends on how loud the noise you make on social networks. And this is an exponential correlation, because a lot of noise is not enough to get a moderate level of support; need to make a giant noise. This is a problem with most Google services, especially if you don’t use the G Suite (apparently, application developers are not considered “paid customers” when it comes to support). One of the things that I would like to regulate at the state level, of course, is the obligation of such mega-corporations to provide actual user support.
Although the YouTube analogy was probably erroneous, there is another parallel here: many people believe that in recent years, YouTube has been making changes in business models and algorithms, favoring larger, well-known authors and making it more difficult for smaller ones. I believe that we are seeing a similar trend in the Google Play Store - just keep in mind that the popularity of the application or its “level” should be measured not by the number of downloads or active users, but by the amount of commission fees for Google from advertising and in-game purchases.
“Android is open source” was a joke five years ago. Although the Android Open Source Project (AOSP) still exists, many components that are really important for end users and developers are becoming increasingly closed.
Applications from Google can do what third-party applications are virtually unavailable due to the close interaction with the proprietary behemoth, which is Google Play Services. This is especially noticeable in the Google app itself, as well as in Google Assistant and the Google Launcher (Google Start).
There is a lot missing from an AOSP build, and many applications, including mine, will have problems with normal operation. Android's “de-glue” projects have developed free alternatives for many of the features of Google Play. But the fact that the community has to develop these alternatives and that they are essential for running most popular applications show that at present Android can be considered free only as a Linux distribution.
By itself, AOSP is effectively controlled by Google. This project is important because it defines common APIs for various “OEM versions” of Android, so that we can develop for Android, not for Samsung Android or Nokia Android. But which APIs to implement and which to exclude is completely decided by Google. The same goes for the overall system architecture, security model, etc. This means that Google can tilt the AOSP in any way, remove functions, and transfer to proprietary components it wants.
Obviously, the implementation of important functions through Google Play and the binding of the OS to Google components is important to maintain control over the OEM builders. The positive effect for users and developers is that security features and fixes are available even on devices that do not receive updates from the OEM or receive updates only for their version of Android, but not for the new one. The negative effect is that these changes overnight can affect even older versions of Android. This remains entirely at the discretion of Google, as well as application restrictions in the Play Store.
It seems that Google opens only the necessary minimum of Android, as necessary, so that the OS runs on OEM devices. We do not reach the extreme point mainly because the largest OEMs have enough leverage to prevent this. I feel that if Google could make Android a completely closed system, it would do it. I wonder what will change in the future operating system Fuchsia.
Google has two excuses for changes in Android and Google Play policy: “security” and “user experience”, the latter including “battery life”. Not sure for whom Google has been developing its “user experience” in recent years, but definitely not for “advanced users” like me. But first, let's talk about security.
Security measures must be proportionate to what they protect. With each version of Android, we see an increasing emphasis on security: for example, it becomes more and more difficult to ruin the phone without a custom firmware, which initially includes the superuser's functionality. It can be concluded that Google acts in a blessing. But it's easy to see that, under the pretext of security, they prohibit certain permissions, such as call logs and access to messages, or delete APIs, including access to external storage.
Strengthening security measures makes sense because we store more and more valuable information in our phones: from “old-fashioned” private information to biometric data, such as fingerprints, face scans, and retina. Of course, Google and others are probably most concerned about protecting access to payment systems, DRM keys, and so on.
Before concluding on security considerations, let's talk a little about user experience - this is another popular excuse for limiting or completely removing certain functions. If 1% of people use a function that is too complex (or even “unsafe”), then it is often simplified ... and the above 1% remains with a system that no longer supports their use case. Doesn't sound so bad? But Google is obliged to repeat this process quite often when new versions are released (so that employees can receive their bonuses), each time having their hands tied 1% more users, and what will be the result? Probably only the function of viewing ads (obviously, Google ads). You don't need to call, right? In the end, the interlocutor may be a fraud, draw you into a scheme of social engineering or something like that. ...
It is difficult to combine strong security and good user experience. It appears that permission requests do not provide either. It’s probably easier to remove permissions altogether than to give users a choice.
In fact, it all comes down to the choice of the user. Android used to allow a little sacrifice of security in exchange for more powerful and innovative applications than in iOS. I used to run 10 apps in the background and put the battery in half a day, but now, if I want to do this, I’ll have to look at 10 current notifications. Previously, I could share files between applications as on a desktop, but apparently this is also an insult for good security. Previously, I could scan Wi-Fi networks every minute, but on Android 9 even this was limited to a few scans per hour, killing some normal use cases, including my graduation project. Fortunately, at the university, we can just pretend that the latest version of Android is the eighth.
Smart cards, including SIM cards, were invented for the containerization of the protected part of the systems. Authentication, certification - all security features should be made there so that a large system remains less secure and more flexible. But at some point in recent decades, several companies have decided that it will be better (maybe for “user experience”?) To transfer important security operations to an application processor, including entire contactless payment systems. Systems like SafetyNet were developed. And let's forbid to run a banking application on the phone? Imagine that Internet banking on the desktop refused to work, because the information reached him that I know the password to the administrator account ...
In the end, by limiting normal applications in its directory, Google ultimately encourages direct download and installation of the APK. This is undesirable from a security point of view; it is not necessary to explain why.
Our phones have definitely become safer, but excessive “security” spoils life for people who want more from their phones than to watch YouTube without a break and check their feed on the social network. You also need to remember that many people have a smartphone - this is the only computer and they can not say "Just do this difficult task on the desktop." How about not keeping so much sensitive information in the phone so that we can return to the same flexibility with the same risks? Android, please allow me to shoot myself in the leg, as before.
I wouldn’t be so worried about this Android movement towards the masses (or Google’s understanding of what the general public is allowed to do) if there was a viable alternative to the mobile OS. But we do not have it. There is only Apple's iOS, whose appeal from the very beginning was the motto “it just works”: a secure platform with limited functionality, which simultaneously limits the possibility of errors. No doubt this is a godsend for most users. But personally, this platform does not suit me. As I said, give me the opportunity to shoot myself in the foot, if I want to: give me 2 hours of battery life, if I wish, and let my own applications spy on my location, if I let them.
The limitations of iOS were fine, because for many years we had Android, which allowed us to do such things. It so happened that thanks to AOSP and the lack of competition, Android turned out to be the de facto standard for every smartphone that is not Apple. Among inexpensive Android smartphones is actually the only option. Of course, because of this, the market share of Android has grown. Since now “all” use it, there was a temptation to copy the iOS model “it just works” and to impose security on people “prone to self-harm” - now you can’t hurt yourself even if you want.
The efforts of Android competitors are ridiculous at best. Windows Phone / Windows Mobile failed in part because of a weak and possibly too late market entry, combined with dubious "vision" and poor management decisions from Microsoft. Although the Microsoft system was actually good, otherwise there are so many dedicated WP / WM fans, but it entered the market so late (and with such an uncertain future) that it couldn’t attract developers, and without top applications, people don’t need the platform, no matter how excellent She was not from a technical point of view. Obviously, the problem is that many of the top applications released by Google; she released these apps for iOS mainly because the iOS platform appeared earlier.
If even a big player with deep pockets, like Microsoft, cannot provide a third mobile platform, then what can we say about smaller-scale attempts, such as Firefox OS. Here the result is quite predictable. They also have an additional problem with finding iron to run. Unfortunately, the phone can not take and change the OS, as on the computer. Back in 2015, I already complained about the lack of standardization in the hardware of smartphones . In fact, it is interesting to read the article when Android 4.4 was the latest version, and see how my perception of Android has changed.
I should also note that a successful Android alternative should definitely launch Android applications, possibly through a compatibility layer. In a sense, Android set the standard for applications, as IE6 dictated web standards 15 years ago in the worst possible way. Did someone say antitrust ?
Thus, Google through Android sets the standard - and implementation - of the functionality of modern smartphones, except when Apple is a major innovation that has to be quickly introduced into Android. Now it seems that Apple is slowing down a bit with innovations, so Google seized the initiative, making Android more like iOS, turning it into a soft, limited, safe for children operating system that ties hands to developers and experienced users.
Google eliminates some garbage and even a bit of malicious applications from the Play Store, enhancing automation, while sticking up and being deaf even more than ever. On the machine it is difficult to distinguish a normal application from a malicious one, and the user is not allowed to solve such an important issue. Therefore, Google simply "prohibits" the use of certain functions by deprecating the API and prohibiting these functions in the program catalog, thus blocking virtually all applications that arbitrary files in the user's store want to open, as well as voice recorders, action automation programs, etc.
We desperately need an alternative to Android. But it is not clear who will develop and use this alternative. I only know that I no longer feel happy either as an Android developer, or as an Android user, and in general I will hardly recommend Android to friends and relatives .
Once upon a time, Android was considered the best mobile platform: control, customizability, advanced features, real multitasking, support for even rare use cases and the freedom of developers. It was the best platform for science and education: firstly, development tools are free and cross-platform, secondly, Android was a very flexible OS, which did not interfere with experimenting with innovative concepts and messing with equipment. Now it all disappears quickly.
Previously, the main releases of Android brought new features that pleased both developers and users. But from a certain moment I already began to be afraid of announcements of new versions, and still I am looking for strength in myself (heh) to look at the list of changes and recommendations for developers for the latest release. And new versions are not the only reason for the hassle: changes in the Google Play Store policy are also always fun to read.
For a start, a little context: before Android, I experimented with Windows Mobile 6.x and switched to Android after version 4.2 was released: I remember that soon after that 4.4 was announced, and it stood on my first Android phone until the end of its life. Android became the first and so far the only mobile OS where I seriously invested in application development.
')
I began to tinker with developing applications shortly before the release of 6.0 (Marshmallow), so I’m not an old-timer and can’t say that I’ve watched the Android evolution from the very beginning, and, of course, I didn’t see the whole process from the developer’s point of view. Nevertheless, a decade of changes passed before my eyes - even while experimenting with Windows Mobile, I paid attention to what was happening in the Android camp, although I still didn’t have enough money for these phones (everything went to handheld computers for Windows Mobile) . I understand perfectly how inconvenient it was for users and developers of Android 4.x before: I myself could try these versions, and my applications had to support them.
API aging and loss of backward compatibility
With each version of Google changes the Android API. These interfaces largely define what applications can and cannot do. In addition, some APIs require permissions that you agree to during installation, and some of these permissions can be set at startup (the idea is that the application should degrade gracefully by providing certain functions without obtaining some permissions). This refers to the contact list or location API.
Newer versions of Android include new APIs. Previously, the old API from previous versions did not make almost any changes. That is, the old applications continued to work normally.
In the last two or three years, new versions of Android have begun to delete and modify the old APIs. For example, if an application wants to remain active in the background, then it should now display a permanent notification. The idea sounds good in theory, but in the end, you always have several notifications, one for each background application. For example, I constantly have two notifications on my phone: one for the voice recorder, the second for the equalizer. One of my own applications should also constantly show a notification in Android 8 / Oreo and newer versions for reliable Wi-Fi background scanning in order to establish the appearance of the user in certain places.
In the future version of Android 10 / Q, applications will be further restricted. Google removes access to the clipboard , killing a whole category of applications for managing the clipboard (history of copied fragments, synchronization with other phones, computers, etc.). Currently, all applications can access the buffer without special permissions. It was possible to solve the problem by adding a request for permission, rather than completely removing the API. Applications can no longer turn on and off Wi-Fi , which does not allow, for example, to automatically turn off Wi-Fi when traveling by car. Google thinks to completely deny applications access to arbitrary files in the "external storage" (SD-cards and the internal memory area on your phone, where screenshots and photos, MP3, images for emulation, etc.) lie.
Notice that they remove all these things for “security”, but they could simply be protected by a request for permission, like with a list of contacts or a location. Instead, they decided to completely remove the features. Even if users want, applications will not be able to implement them. Existing applications are likely to be crushed by users, because people will not understand why the program suddenly stopped working after updating to the wonderful new version of Android.
These are significant changes. Normal applications may stop working. Developers will have to update them to implement less convenient workarounds, implement explanatory messages, and so on. This requires time, effort, money, etc., which could be spent on fixing other problems or developing new functions. Small teams or indie developers, especially those who do this in their spare time, can be very difficult to catch up with the latest “trends” of Google. For example, due to changes in the work of background services, I spent most of my free time during the summer, redesigning the architecture of one of the applications, which in turn led to the appearance of new errors that had to be diagnosed, corrected, etc., so that the said application showed notification and worked correctly in the latest versions of Android.
Even without the release of new versions of Android, Google may recycle old APIs: for example, install new Play Store rules by disallowing applications with certain permissions. Recently, Google has banned permissions to access SMS and call log: accordingly, all such applications have been expelled from the catalog.
Such applications can still be installed directly from the APK or alternative directories, but not the Play Store. In practice, it turns out that key functionality is cut out from many applications in the Play Store. For example, the voice recorder can no longer indicate the phone number in the audio recording, and automation applications can no longer use SMS messages as a trigger for actions. Since 99% of users download applications from Google Play, this functionality is now prohibited and only available to a very absolute minority of users who know how to get around these limitations.
Google Play Store is YouTube for application developers.
Developers at the Play Store increasingly feel like content creators for YouTube, where policy changes occur suddenly and without warning. On YouTube, producers always fear that the content will be demonetized for some reason: this solves a fully automated, non-transparent system, as well as a response to complaints from the rights holders. In the Play Store, now, too, you have to constantly keep track of why a new reason may suddenly remove your application or block a developer account, along with all other accounts that Google considers to be implicated:
- Your application may be banished for “fraudulent advertising” (incredible, but this includes links to other applications. Do you know that it is forbidden to ask for donations if you don’t do this through in-app purchases?);
- This can happen even if you have no ads (see also the comments on Hacker News )
- Your application may be deleted because of the ban on some used permissions ;
- Your developer account can be blocked for “communication with a previously blocked account” (and that’s all they will tell you);
- Your application can be removed by requesting DMCA, and when you agree with the copyright holder, Google will ignore this ;
- As a last minor annoyance: you will have to sort out complaints from “users” who openly admit that they have never used the application ...
And these are just some examples of not even the most “scary” stories, which are published in r / androiddev in a day. In the relevant "category" dozens of stories on each such topic. Sometimes similar cases fall on Hacker News. It seems that Google treats the account ban and deletion of the Play Store applications with the same levity as the moderators of online games, which, at the slightest reason, ban players on suspicion of fraud. For most players, online games are just fun, unlike developing applications for Android. An obvious question arises: what do people who are banned do?
Now I understand that the analogy from YouTube is terrible. You see, YouTube usually comes with warnings. There is no one that you woke up and suddenly discovered that your account is banned. Video authors usually have the opportunity to benefit from the drama by contacting users. The audience usually sympathizes with them, while application developers deal with the outrage of users who have no idea or do not want to know why we have to massively remove functionality or reduce the performance of our applications. For example, the developer of the popular ACR voice recorder, after removing the permission to access the call log, ran into bad reviews, abuses and profanity from thousands of angry users - and this after an extensive campaign warning of upcoming changes (as an ACR user, I deleted the Play Store version and installed via XDA Labs unbound version, which retains the old functionality).
For independent developers and small companies, developing for Android has become more risky than ever. Today I will start working on the project, and after six months, when I prepare the first version, changes in the catalog policy will not allow it to be published or will seriously affect the functionality ... in addition to the above API clause, which become obsolete and change semantics, requiring constant support for the code, to keep up with the latest versions.
If you followed the links above, you understood something else: Google actually has no user support for live people, and if their bots were as responsive as Google Assistant ... If these are not bots, but people, then the difference is not felt: they spit out the sample answers. It is widely known that the best way to solve listing problems on Google Play is to attract the attention of a Google employee on social networks.
It seems that the level of support for Google depends on how loud the noise you make on social networks. And this is an exponential correlation, because a lot of noise is not enough to get a moderate level of support; need to make a giant noise. This is a problem with most Google services, especially if you don’t use the G Suite (apparently, application developers are not considered “paid customers” when it comes to support). One of the things that I would like to regulate at the state level, of course, is the obligation of such mega-corporations to provide actual user support.
Although the YouTube analogy was probably erroneous, there is another parallel here: many people believe that in recent years, YouTube has been making changes in business models and algorithms, favoring larger, well-known authors and making it more difficult for smaller ones. I believe that we are seeing a similar trend in the Google Play Store - just keep in mind that the popularity of the application or its “level” should be measured not by the number of downloads or active users, but by the amount of commission fees for Google from advertising and in-game purchases.
“Android is open source”
“Android is open source” was a joke five years ago. Although the Android Open Source Project (AOSP) still exists, many components that are really important for end users and developers are becoming increasingly closed.
Applications from Google can do what third-party applications are virtually unavailable due to the close interaction with the proprietary behemoth, which is Google Play Services. This is especially noticeable in the Google app itself, as well as in Google Assistant and the Google Launcher (Google Start).
There is a lot missing from an AOSP build, and many applications, including mine, will have problems with normal operation. Android's “de-glue” projects have developed free alternatives for many of the features of Google Play. But the fact that the community has to develop these alternatives and that they are essential for running most popular applications show that at present Android can be considered free only as a Linux distribution.
By itself, AOSP is effectively controlled by Google. This project is important because it defines common APIs for various “OEM versions” of Android, so that we can develop for Android, not for Samsung Android or Nokia Android. But which APIs to implement and which to exclude is completely decided by Google. The same goes for the overall system architecture, security model, etc. This means that Google can tilt the AOSP in any way, remove functions, and transfer to proprietary components it wants.
Obviously, the implementation of important functions through Google Play and the binding of the OS to Google components is important to maintain control over the OEM builders. The positive effect for users and developers is that security features and fixes are available even on devices that do not receive updates from the OEM or receive updates only for their version of Android, but not for the new one. The negative effect is that these changes overnight can affect even older versions of Android. This remains entirely at the discretion of Google, as well as application restrictions in the Play Store.
It seems that Google opens only the necessary minimum of Android, as necessary, so that the OS runs on OEM devices. We do not reach the extreme point mainly because the largest OEMs have enough leverage to prevent this. I feel that if Google could make Android a completely closed system, it would do it. I wonder what will change in the future operating system Fuchsia.
Security to the detriment of functionality
Google has two excuses for changes in Android and Google Play policy: “security” and “user experience”, the latter including “battery life”. Not sure for whom Google has been developing its “user experience” in recent years, but definitely not for “advanced users” like me. But first, let's talk about security.
Security measures must be proportionate to what they protect. With each version of Android, we see an increasing emphasis on security: for example, it becomes more and more difficult to ruin the phone without a custom firmware, which initially includes the superuser's functionality. It can be concluded that Google acts in a blessing. But it's easy to see that, under the pretext of security, they prohibit certain permissions, such as call logs and access to messages, or delete APIs, including access to external storage.
Strengthening security measures makes sense because we store more and more valuable information in our phones: from “old-fashioned” private information to biometric data, such as fingerprints, face scans, and retina. Of course, Google and others are probably most concerned about protecting access to payment systems, DRM keys, and so on.
Before concluding on security considerations, let's talk a little about user experience - this is another popular excuse for limiting or completely removing certain functions. If 1% of people use a function that is too complex (or even “unsafe”), then it is often simplified ... and the above 1% remains with a system that no longer supports their use case. Doesn't sound so bad? But Google is obliged to repeat this process quite often when new versions are released (so that employees can receive their bonuses), each time having their hands tied 1% more users, and what will be the result? Probably only the function of viewing ads (obviously, Google ads). You don't need to call, right? In the end, the interlocutor may be a fraud, draw you into a scheme of social engineering or something like that. ...
It is difficult to combine strong security and good user experience. It appears that permission requests do not provide either. It’s probably easier to remove permissions altogether than to give users a choice.
In fact, it all comes down to the choice of the user. Android used to allow a little sacrifice of security in exchange for more powerful and innovative applications than in iOS. I used to run 10 apps in the background and put the battery in half a day, but now, if I want to do this, I’ll have to look at 10 current notifications. Previously, I could share files between applications as on a desktop, but apparently this is also an insult for good security. Previously, I could scan Wi-Fi networks every minute, but on Android 9 even this was limited to a few scans per hour, killing some normal use cases, including my graduation project. Fortunately, at the university, we can just pretend that the latest version of Android is the eighth.
Smart cards, including SIM cards, were invented for the containerization of the protected part of the systems. Authentication, certification - all security features should be made there so that a large system remains less secure and more flexible. But at some point in recent decades, several companies have decided that it will be better (maybe for “user experience”?) To transfer important security operations to an application processor, including entire contactless payment systems. Systems like SafetyNet were developed. And let's forbid to run a banking application on the phone? Imagine that Internet banking on the desktop refused to work, because the information reached him that I know the password to the administrator account ...
In the end, by limiting normal applications in its directory, Google ultimately encourages direct download and installation of the APK. This is undesirable from a security point of view; it is not necessary to explain why.
Our phones have definitely become safer, but excessive “security” spoils life for people who want more from their phones than to watch YouTube without a break and check their feed on the social network. You also need to remember that many people have a smartphone - this is the only computer and they can not say "Just do this difficult task on the desktop." How about not keeping so much sensitive information in the phone so that we can return to the same flexibility with the same risks? Android, please allow me to shoot myself in the leg, as before.
Lack of real alternatives
I wouldn’t be so worried about this Android movement towards the masses (or Google’s understanding of what the general public is allowed to do) if there was a viable alternative to the mobile OS. But we do not have it. There is only Apple's iOS, whose appeal from the very beginning was the motto “it just works”: a secure platform with limited functionality, which simultaneously limits the possibility of errors. No doubt this is a godsend for most users. But personally, this platform does not suit me. As I said, give me the opportunity to shoot myself in the foot, if I want to: give me 2 hours of battery life, if I wish, and let my own applications spy on my location, if I let them.
The limitations of iOS were fine, because for many years we had Android, which allowed us to do such things. It so happened that thanks to AOSP and the lack of competition, Android turned out to be the de facto standard for every smartphone that is not Apple. Among inexpensive Android smartphones is actually the only option. Of course, because of this, the market share of Android has grown. Since now “all” use it, there was a temptation to copy the iOS model “it just works” and to impose security on people “prone to self-harm” - now you can’t hurt yourself even if you want.
The efforts of Android competitors are ridiculous at best. Windows Phone / Windows Mobile failed in part because of a weak and possibly too late market entry, combined with dubious "vision" and poor management decisions from Microsoft. Although the Microsoft system was actually good, otherwise there are so many dedicated WP / WM fans, but it entered the market so late (and with such an uncertain future) that it couldn’t attract developers, and without top applications, people don’t need the platform, no matter how excellent She was not from a technical point of view. Obviously, the problem is that many of the top applications released by Google; she released these apps for iOS mainly because the iOS platform appeared earlier.
If even a big player with deep pockets, like Microsoft, cannot provide a third mobile platform, then what can we say about smaller-scale attempts, such as Firefox OS. Here the result is quite predictable. They also have an additional problem with finding iron to run. Unfortunately, the phone can not take and change the OS, as on the computer. Back in 2015, I already complained about the lack of standardization in the hardware of smartphones . In fact, it is interesting to read the article when Android 4.4 was the latest version, and see how my perception of Android has changed.
I should also note that a successful Android alternative should definitely launch Android applications, possibly through a compatibility layer. In a sense, Android set the standard for applications, as IE6 dictated web standards 15 years ago in the worst possible way. Did someone say antitrust ?
Last thoughts
Thus, Google through Android sets the standard - and implementation - of the functionality of modern smartphones, except when Apple is a major innovation that has to be quickly introduced into Android. Now it seems that Apple is slowing down a bit with innovations, so Google seized the initiative, making Android more like iOS, turning it into a soft, limited, safe for children operating system that ties hands to developers and experienced users.
Google eliminates some garbage and even a bit of malicious applications from the Play Store, enhancing automation, while sticking up and being deaf even more than ever. On the machine it is difficult to distinguish a normal application from a malicious one, and the user is not allowed to solve such an important issue. Therefore, Google simply "prohibits" the use of certain functions by deprecating the API and prohibiting these functions in the program catalog, thus blocking virtually all applications that arbitrary files in the user's store want to open, as well as voice recorders, action automation programs, etc.
We desperately need an alternative to Android. But it is not clear who will develop and use this alternative. I only know that I no longer feel happy either as an Android developer, or as an Android user, and in general I will hardly recommend Android to friends and relatives .
Source: https://habr.com/ru/post/446346/
All Articles