Developing applications for Android is like being a (demonetized) YouTube

Original author: Gabriel Maia
  • Transfer
As you know, some authors on YouTube are extremely dissatisfied with the conditions that this platform offers. A similar battle is now being fought by developers of Android applications on the Google Play platform. I'll try in 20 minutes to explain what is wrong with Android.

Android was once considered the best mobile platform: control, customizability, advanced features, real multitasking, support for even rare cases of use and freedom of developers. It was the best platform for science and education: firstly, development tools are free and cross-platform, and secondly, Android was a very flexible OS that did not interfere with experimenting with innovative concepts and tinkering with equipment. Now all this is quickly disappearing.

Previously, major Android releases brought new features that delighted both developers and users. But at some point I was already afraid of the announcements of new versions, and I’m still looking for the strength (heh) in myself to look at the list of changes and recommendations for developers for the latest release. And new versions are not the only reason for the hassle: changes in the policies of the Google Play Store are also always fun to read.

To begin with, there’s a little context: before Android, I experimented with Windows Mobile 6.x and switched to Android after the release of version 4.2: I remember that they announced 4.4 shortly after that, and she stood on my first Android phone for the rest of his life. Android was the first and so far the only mobile OS where I seriously invested in application development.

I started tinkering with application development shortly before the release of 6.0 (Marshmallow), so I was not an old-timer and I can’t say that I watched the evolution of Android from the very beginning, and, of course, did not observe the whole process from the developer's point of view. Nevertheless, a decade of changes passed before my eyes - even during experiments with Windows Mobile I paid attention to what was happening in the Android camp, although I still didn’t have enough money for these phones (everything went to “handheld computers” under Windows Mobile) . I perfectly understand how inconvenient it was for Android 4.x users and developers before: I myself could try these versions, and my applications had to support them.

Deprecation of API and loss of backward compatibility

With each version of Google changes Android API. These interfaces largely determine what applications can and cannot do. In addition, some APIs require permissions that you agree to during installation, and some of these permissions can be set at startup (the idea is that the application should degrade gracefully by providing separate functions without obtaining some permissions). This applies to the contact list or location API.

Newer versions of Android include newer APIs. Previously, almost no changes were made to the old APIs from previous versions. That is, old applications continued to work normally.

In the last two to three years, new versions of Android have begun to remove and modify old APIs. For example, if an application wants to remain active in the background, then it should now display a constant notification. The idea sounds good in theory, but in the end you constantly have several notifications, one for each background application. For example, two notifications constantly hang on my phone: one for the recorder, the other for the equalizer. One of my own applications should also constantly display a notification in Android 8 / Oreo and newer versions for reliable Wi-Fi background scanning in order to establish the appearance of the user in certain places.

In the future version of Android 10 / Q, application capabilities will further limit. Google removes access to the clipboard, killing a whole category of clipboard management applications (history of copied fragments, synchronization with other phones, computers, etc.). Currently, all applications can access the buffer without special permissions. You could solve the problem by adding a permission request, rather than completely removing the API. Applications can no longer turn Wi-Fi on and off , which prevents, for example, automatically turning off Wi-Fi while traveling by car. Google thinks to completely ban applications from accessing arbitrary files in the “external storage” (SD cards and the internal memory area on your phone, where screenshots and photos, MP3s, images for emulation, etc.).

Note that they delete all these things for “security,” but they could simply be protected with a permission request, like with a contact list or location. Instead, they decided to completely remove the features. Even if users want to, applications will not be able to implement them. Existing applications are likely to be crushed by users, because people will not understand why the program suddenly stopped working after updating to a wonderful new version of Android.

These are significant changes. Normal applications may stop working. Developers will have to update them to implement less convenient workarounds, implement explanatory messages, and so on. This requires time, effort, money, etc., which could be spent on fixing other problems or developing new functions. For small teams or indie developers, especially those who do this in their free time, it can be very difficult to catch up with the latest Google trends. For example, due to a change in the operation of background services, during the summer I spent most of my free time redesigning the architecture of one of the applications, which in turn led to new errors that had to be diagnosed, corrected, etc.

Even without the release of new versions of Android, Google can send old APIs to the scrap: for example, set new rules for the Play Store by banning applications with certain permissions. Recently, Google has banned permissions to access SMS and call logs: accordingly, all such applications are expelled from the directory.

Such applications can still be installed directly from the APK or alternative directories, but not the Play Store. In practice, it turns out that out of many applications on the Play Store, key functionality is cut out. For example, the recorder can no longer indicate the phone number in audio recordings, and automation applications can no longer use SMS messages as a trigger for actions. Since 99% of users download applications from Google Play, this functionality is now prohibited and is available only to a very absolute minority of users who know how to circumvent these restrictions.

Google Play Store is YouTube for app developers.

Developers on the Play Store are increasingly feeling like creators of content for YouTube, where policy changes occur suddenly and without warning. On YouTube, producers always fear that content will be demonetized for some reason: this is decided by a fully automated, opaque system, as well as responding to complaints from copyright holders. The Play Store now also has to constantly monitor for what new reason they may suddenly delete your application or block the developer account, along with all other accounts that Google considers involved:

And these are just isolated examples of not even the most “scary” stories that are published every other day in r / androiddev. In the corresponding "category" dozens of stories on each such topic. Sometimes similar cases get on Hacker News. It seems that Google treats banning accounts and uninstalling Play Store apps with the same frivolity as moderators of online games, who, for the slightest reason, ban players on suspicion of fraud. For most players, online games are just entertainment, unlike Android app development. The obvious question arises: what to do to people who have been banned?

Now I understand that the analogy with YouTube is terrible. You see, YouTube usually receives warnings. There is no such thing that you woke up and suddenly found that your account was banned. Video authors usually have the opportunity to capitalize on the drama by reaching out to users. The audience usually sympathizes with them, while application developers deal with the indignation of users who have no idea or do not want to know why we have to massively remove functionality or reduce the performance of our applications. For example, the developer of the popular ACR recorder, after removing permission to access the call log, was faced with poor reviews, abuse and profanity from thousands of angry users - and this is after an extensive campaign warning of upcoming changes (as an ACR user, I uninstalled the Play Store version and installed an unattached version through XDA Labs that retains the old functionality).

For independent developers and small companies, Android development has become more risky than ever. Today I’ll start working on the project, and six months later, when I’ll prepare the first version, changes to the catalog’s policy will not allow it to be published or seriously affect the functionality ... in addition to the above paragraph on APIs, which become outdated and change semantics, requiring constant support of the code, to keep up with the latest versions.

If you followed the links above, you understood something else: Google actually lacks user support for real people, and if their bots were as responsive as Google Assistant ... If they are not bots, but people, then the difference is not felt: they spit out template answers. It’s widely known that the best way to solve problems with listing on Google Play is to get the attention of a Google employee on social networks.

It looks like Google’s support level depends on how loud noise you make on social networks. And this is an exponential correlation, because a lot of noise is not enough to get a moderate level of support; need to raise a giant noise. This is a problem with most Google services, especially if you are not using G Suite (apparently, application developers are not considered “paid customers” when it comes to support). One of the things that I would like to regulate at the state level, of course, is the obligation of such mega-corporations to provide actual user support.

Although the YouTube analogy was probably erroneous, there is another parallel here: many believe that in recent years YouTube has been making changes to business models and algorithms, favoring large, well-known authors and making it more difficult for smaller ones. I believe that we are observing a similar trend in the Google Play Store - just keep in mind that the popularity of the application or its “level” should not be estimated by the number of downloads or active users, but by the amount of commissions for Google from advertising and in-game purchases.

“Android is open source”

“Android is open source” became a joke five years ago. Although the Android Open Source Project (AOSP) still exists, many components that are truly important to end users and developers are becoming increasingly closed.

Applications from Google can do things that are almost inaccessible to third-party applications, due to their close interaction with the proprietary hippo, which is Google Play Services. This is especially noticeable in the Google application itself, as well as in the Google Assistant and the Google Launcher (Google Start).

There is a lot missing in the AOSP assembly, and many applications, including mine, will have problems with normal operation. Android’s “deguggling” projects have developed free alternatives for many of the Google Play features. But the fact that the community has to develop these alternatives and that they are essential for launching most popular applications shows that at present Android can be considered free except as a Linux distribution.

AOSP itself is effectively controlled by Google. This project is important because it defines common APIs for the various “OEM versions” of Android, so that we can develop for Android, not for “Samsung Android” or “Nokia Android”. But which API to implement, and which to exclude, is entirely up to Google. The same goes for the general system architecture, security model, etc. This means that Google can tilt AOSP at any rate, remove functions and transfer it to proprietary components whatever it wants.

Obviously, the implementation of important functions through Google Play and the binding of the OS to the components of Google is important to maintain control over the "OEM-assemblers." The positive effect for users and developers is that functions and security fixes become available even on devices that do not receive updates from OEM or receive updates only for their version of Android, but not for a new one. The negative effect is that these changes overnight can affect even older versions of Android. This remains entirely at the discretion of Google, as well as application restrictions on the Play Store.

It seems that Google only opens the necessary minimum of Android, how much is necessary for the OS to work on OEM devices. We do not get to the extreme point mainly because the largest OEMs have enough leverage to prevent this. I feel that if Google could make Android a completely closed system, I would do it. Interestingly, what will change in the future operating system Fuchsia.

Safety to the detriment of functionality

Google has two excuses for changes in Android and Google Play policies: “security” and “user experience”, the latter including “battery life”. I’m not sure for whom Google has been developing its “user experience” in recent years, but certainly not for “experienced users” like me. However, let's talk about security first.

Security measures must be proportionate to what they protect. With each version of Android, we see an increasing emphasis on security: for example, ruining a phone becomes more difficult without custom firmware, which initially includes superuser functionality. We can conclude that Google is acting for the good. But it’s easy to see that, under the pretext of security, certain permissions, such as call logs and message access, are denied or APIs, including access to external storage, are deleted.

Strengthening security measures makes sense, because we store more and more valuable information in our phones: from "old-fashioned" private information to biometric data, such as fingerprints, face scans and retinas. Of course, Google and others are probably most concerned about protecting access to payment systems, DRM keys, and so on.

Before we finish our discussion of security, let's talk a bit about user experience - this is another popular excuse for restricting or completely removing certain functions. If 1% of people use some function that is too complicated (or even “unsafe”), then it is often simplified ... and the aforementioned 1% remains with a system that no longer supports their use case. Doesn't that sound so bad? But Google is required to repeat this process often enough when releasing new versions (so that employees can receive their bonuses), each time tying the hands of another 1% of users, and what will be the result? Probably only the function of viewing ads (obviously, Google ads). You don’t need to call, right? In the end, the interlocutor may turn out to be a scammer, draw you into a social engineering scheme or something like that. ...

It is difficult to combine strong security with a good user experience. It seems that permission notifications do not provide either. It’s probably easier to remove permissions altogether than give users a choice.

In fact, it all comes down to the user's choice. Android used to allow a little sacrifice of security in exchange for more powerful and innovative applications than iOS. Previously, I could run 10 applications in the background and put the battery in half a day, but now, if I want to do this, I will have to look at 10 current notifications. I used to be able to exchange files between applications as on the desktop, but, apparently, this is also an insult to good security. I used to be able to scan Wi-Fi networks every minute, but in Android 9 even this was limited to a few scans per hour, killing some normal use cases, including my graduation project. Fortunately, at the university, we can simply pretend that the latest version of Android is the eighth.

Smart cards, including SIM cards, were invented for containerizing the protected part of systems. Authentication, certification - all security functions must be done there so that a large system remains less secure and more flexible. But at some point in recent decades, several companies decided it would be better (maybe for a “user experience”?) To transfer important security operations to the application processor, including entire contactless payment systems. Systems like SafetyNet have been developed . And let's ban the launch of a banking application on a rooted phone? Imagine that Internet banking on the desktop refused to work, because it came to the information that I know the password for the administrator account ...

In the end, by limiting the normal apps in its directory, Google ultimately encourages the direct download and installation of the APK. This is undesirable from a security point of view, no need to explain why.

Our phones have definitely become safer, but excessive “security” spoils the lives of people who want more from the phone than without stopping to watch YouTube and check their feed on the social network. You also need to remember that for many people a smartphone is the only computer and they cannot say, “Just do this difficult task on the desktop.” How about not storing so much sensitive information on the phone so that we can revert to our previous flexibility with the same risks? Android, please allow me to shoot myself in the foot, as before.

The lack of real alternatives

I would not be so worried about this Android movement towards the masses (or Google’s understanding of what the general public is allowed to do) if there were a viable alternative to the mobile OS. But we don’t have it. There is only iOS from Apple, whose appeal from the very beginning was the motto “it just works”: a secure platform with limited functionality, which at the same time limits the possibility of errors. I have no doubt this is a find for most users. But personally, such a platform does not suit me. As I said, give me the opportunity to shoot myself in the foot if I want to: give me 2 hours of battery life if I wish, and let my own applications spy on my location if I allowed them to.

The limitations of iOS were fine, because for many years we had Android that allowed us to do such things. It so happened that thanks to AOSP and the lack of competition, Android turned out to be the de facto standard for every smartphone that is not Apple. Among low-cost smartphones, Android is actually the only option. Of course, because of this, the market share of Android has grown. Since now “everyone” uses it, there was a temptation to copy the iOS model “it just works” and impose security on people “prone to self-harm” - now you can’t harm yourself, even if you want to.

The efforts of Android competitors are ridiculous at best. Windows Phone / Windows Mobile failed in part due to weak and possibly too late entry into the market, coupled with dubious “vision” and poor management decisions from Microsoft. Although the Microsoft system was really good, otherwise there were so many WP / WM fans, but it entered the market so late (and with such an uncertain future) that it could not attract developers, and without top-end applications, the platform is not needed by people, as it were, excellent she was not from a technical point of view. Obviously, the problem is that many of the top applications are released by Google; she released these iOS apps mainly because the iOS platform came earlier.

If even a big player with deep pockets, like Microsoft, cannot imagine a third mobile platform, then what can we say about less ambitious attempts, such as Firefox OS. Here the result is quite predictable. They also have an additional problem with finding iron to run. Unfortunately, you can’t take and change the OS on your phone, just like on a computer. Back in 2015, I already complained about the lack of standardization in the hardware of smartphones . It’s actually interesting to read that article when Android 4.4 was the latest version and see how my perception of Android has changed.

It should also be noted that a successful alternative to Android should definitely run Android applications, possibly through the compatibility layer. In a way, Android set the standard for apps, just like IE6 dictated web standards the worst way 15 years ago. Did someone say antitrust ?

Last thoughts

Thus, Google through Android sets the standard - and implementation - of the functionality of modern smartphones, unless Apple introduces a major innovation that has to be quickly implemented in Android. Now it seems that Apple is slowing down a bit with innovation, so Google has seized the initiative, making Android more like iOS, turning it into a soft, limited, child-friendly operating system that ties hands to developers and experienced users.

Google eliminates some of the junk and even a few malicious Play Store applications, enhancing automation, while being even more crouched and deaf as ever. It is difficult to distinguish a normal application from a malicious one on the machine, and the user is not allowed to solve such an important issue. Therefore, Google simply “prohibits” the use of certain functions by deprecating the API and banning these functions in the program directory, thus blocking literally all applications that want to open arbitrary files in the user's repository, as well as voice recorders, automation programs, etc.

We desperately need an Android alternative. But it is not clear who will develop and use this alternative. I only know that I no longer feel happy either as an Android developer or as an Android user, and in general I will hardly recommend Android to friends and relatives .

Also popular now: