Hacker News new | past | comments | ask | show | jobs | submit login
Google terminated our business via our Google Play Developer Account (usejournal.com)
1668 points by jacquesm on Feb 9, 2019 | hide | past | favorite | 498 comments

The question I always have with this stuff is this:

To attract developers, these platforms make some promises. A "review" process for supposed violations of TOS causing cancellations is always among them. But to me these "reviews" always seem either completely faked or some version of a lowest-level employee simply restating that the algo has made its choice and they are powerless.

More incriminating is that every time a story starts to go viral, it seems a higher-up jumps in and instantly fixes it. (i.e. they can deliver a "real" review if they want to)

Since you paid them money (which they never refund) and they promised you an actual review if something goes wrong (which they never seem to actually deliver)...How is this any different than selling a counterfeit product? Isn't this legally actionable fraud?

When dealing with a bureaucracy (ie, not Google specific) a "review" might not mean "reconsider the issue" instead meaning "check the process was followed".

In an extreme example, lets say that a bureaucrat takes an action because they have an unreasonable personal dislike of something. A bureaucratic review of the situation will confirm that the person had authority to act as they did then close the case. The reasoning behind the decision may not be examined at all in the review.

A symptom of things getting bad is that reviews will never seem to achieve anything, because a bureaucracy won't take unauthorised action, so any action is by definition going to pass a review. Very frustrating to deal with that sort of system. This sort of thinking is so screwy that it makes sense for the reviewer to report directly to the original decision maker, because the reviewer isn't supposed to challenge the decision, they are supposed to make sure that the decision was made by the person they report to!

I like it.

roenxi's law: "In any sufficiently advanced bureaucracy, all oversight degrades to tautology".

We did it therefore it was right otherwise we wouldn't have done it. Case closed.

There's also a riff on Arthur C. Clarke's law. Any sufficiently complex or opaque system of control is indistinguishable from tyranny.

What we see over and over with tech cases like this is 1) We can't tell you exactly how we figure stuff out because then you'd game it, 2) Things happen based on actions and associations you don't realize are important

This is effectively having somebody show up at your house at random times and punch you in the face.

But, we are told, it's all for the greater good. I don't doubt that the averages work out -- more good is done than evil. I do, however, doubt that such over-generalizing is so much for the greater good as it is for the bottom lines of the tech companies involved.

So says you. This is what the ToS say:

Google may terminate this Agreement with You for any reason with thirty (30) days' prior written notice. In addition, Google may, at any time, immediately suspend or terminate this Agreement with You if: (a) You have breached any provision of this Agreement, any non-disclosure agreement or other agreement relating to Google Play or the Android platform; (b) Google is required to do so by law; (c) You cease to be an authorised developer, a developer in good standing, or are barred from using Android software; or (d) Google decides to no longer provide Google Play.


Caprices of TOS details, reviews, algorithms, service quality, or whatever are not the real problem. The real problem is when you can't reasonably choose to do business with someone else and move on, as they are free to do with you.

Network effects are causing more and more important things to both expand into great significance and to be dominated by a single company (or pair of gatekeepers, both of whom must be appeased, as in the phone platform.) Your business can be utterly wiped out with no realistic recourse by any of a thousand actions that could be taken at any time by the giant, like an elephant stepping on an ant.

I'm afraid that the only real recourse is to have certain anticompetitive regulations automatically kick in once a business rises above a certain percentage control of access to some market or medium that has become significant. They lose the ability to unilaterally ban, for example, except in narrow cases involving fraud or suspected criminal activity, which will eventually have to be proved to some official. If they fail to prove it, the official will order compensation without the banned party having to fight the giant's lawyers.

The real problem is when you can't reasonably choose to do business with someone else and move on, as they are free to do with you.

Something I learned the hard way when I first started out in business is to never make your business dependent on a single entity.

Whether it's a supplier, or a publisher, or a telco, or whatever. They are all single points of failure, and unless you're a huge business, one failure can be all that's needed to take you down, too.

Yes, Google Play is effectively the only way to publish an Android program. But it's also a single point of failure, which is why until there is no longer a mobile program duopoly, I don't invest in app companies.

That is precisely the problem with the current landscape for online businesses. Nearly every step of the way there is a single entity that you need to work with, or you are toast.

The biggest one lately comes down to marketplaces and payment processing. For example, if you are running a business selling a physical product, and you are banned from:

- Amazon

- PayPal

Your business is dead. It usually comes down to exposure and payment processing. Some businesses can gain exposure through a variety of channels. But most businesses get the majority of their customers through a small list of channels. That can be Facebook Ads, SEO, Forums, etc.

If you wake up one day and Google de-lists you from organic search, and the majority of your traffic was from SEO, you're dead. You can try refocusing and investing in other channels, but the majority of your potential new customers probably use one or two channels to find your service. So unless you are the only person offering said service, they'll just go to a competitor.

These companies like Amazon, Google, Paypal, Facebook, Apple have become gatekeepers. Try and do any type of e-commerce without using the above services. Good luck buddy!

Many businesses boil down to 1-3 of the above. Losing access to one can be all it takes to go from a highly successful company to a doomed company. And these services will ban you on ToS violations, without ever explaining what part of the ToS you violated. The implication from such a ban is that your business, your livelihood, your life's pursuit is instantly crippled or dead. The implication to them is nothing.

Do you avoid companies that take only Master/Visa who are happy to prevent certain businesses receiving payment?

All internet business that needs Google search to get visits? 5% bing doesn't really cut it.

I mean it's easy to say and believe that you should avoid those single points of failure, but the real, practical landscape often includes many of them.

GP stated they avoid investing in them. i.e. the risk profile doesn't align with their I vestment strategy.

What you're bringing up is kind of obvious but also irrelevant.

I'd ask what businesses do they invest in and figure out if those businesses are really less risky. I would posit they are probably not. The risk of having amazon Google or apple being a single point of failure is abysmally small compared to all the other risks out there.

Hardly irrelevant as if that's the strategy, you're going to be left with few businesses to start or invest in. From a practical point of view even a single office site may be such a single point of failure.

There are many practical single or narrow points of failure a bootstrapped startup or small business may encounter. The real risk to most starting out business is being seen as irrelevant - by the potential customers or search, whether app store or Google.

> Something I learned the hard way when I first started out in business is to never make your business dependent on a single entity.

Seems impossible. Assuming you're an internet business, how did you make your business not dependent upon your domain registrar?

Typically, a registrar is not irreplaceable. They could terminate your account so you'd have to transfer to another registrar, but unless their TOS says they can seize your domain they shouldn't be able to completely block you. Even then you have the ability to sue then if they break the contract terms.

This is in contrast to the app store gatekeepers, where there are effectively two, each serving a non-overlapping chuck of market, and you can't shop around for better terms or an alternative.

Not an ideal situation if something happens with your registrar, of course, but at least there is some possible recourse. The risk of this leading to your business closing is significantly lower.

how did you make your business not dependent upon your domain registrar?

It wasn't an internet business, so I didn't have to deal with those kinds of perils.

But more to your point, I knew a guy who put one on .com, one on .info, one on a county tld. Advertising material rotated through the three. His logic was that it didn't really matter what address was advertised because people just hit a search engine for the brand name. I haven't spoken to him in years, so I don't know how it worked out.

Seems effective, but I assume he took a huge SEO penalty, possibly without being aware of it. The search relevance of the site got divided by all the domains.

Google at least is smart enough to identify alias domains, and you can even tell it how to behave in the search console

> Advertising material rotated through the three. His logic was that it didn't really matter what address was advertised because people just hit a search engine for the brand name.

This is a great idea, thanks for sharing

I can't remember the exact details of the story I read here on HN, but there was a case of some SaaS company that had this exact issue. Fortunately they were able to spread the word to temporarily use a backup domain on a different registrar via social media until the issue was resolved.

If anyone reading this remembers that story, I would very much appreciate a link.

It was Zoho. Their registrar took down their main domain after a few phishing reports.


I don't have a link, but pretty sure it was Zoho

Jotform & Zoho had similar issues in the past.

Out of the myriad registrars, you can pick a good one, or at least one that lets you transfer out easily.

I agree, but this is the equivalent of choosing not to walk through dangerous neighborhoods. At a personal level, where you don't make the world but have to deal with reality as it is, this is wise if you have the option. Save yourself if you can. But at the same time, you should also support policy changes that you believe will make the dangerous neighborhoods safe. Save others, too, if you can. Anything that makes a neighborhood "dangerous" should be removed as long as it's not simply replaced by something equally dangerous.

If a market or medium is too dangerous to enter because there is no realistic alternative to submitting to the 800-lb gorilla, the gorilla's ability to threaten rather than compete must be eliminated.

Most media companies effectively have this as a single point of failure: Google Search. And, it's not from lack of trying to diversify. Countless businesses must depend on it, espcially media and content based businesses. I of some very large media companies in existance for over 10 years, and they still get over 50% of their traffic directly from Google. If google decided to ban them, their multi-million dollar business would dissappear almost overnight.

> I'm afraid that the only real recourse is to have certain anticompetitive regulations automatically kick in once a business rises above a certain percentage control of access to some market or medium that has become significant.

Companies like to say they're providing a "platform"; maybe it's time for that to become a legally recognized concept.

There's a difference between "a platform" and "the platform."

Sounds like you’d like to see Google classified as a class II common carrier...

I wonder - how big does a company have to become before a society steps in and says "you have enough power to control and affect the lives of X% of our citizens. Therefore, we must have a say in how you conduct your affairs." I mean, this is for all intents and purposes what regulation is - and the reason for it. Otherwise, set aside the very idea of government as a farce, and populate the world with a dystopian patchwork of private corporations that behave like nations.

This of course can never be true for mom-and-pop. But hell yes it is true for Google.

I think it isn't even a matter of bigness per say but of monopoly essentially. Your local water company can't decide to just jack up prices to $2500/gallon because they have an exploitable monopoly position.

Meanwhile say GE could be very huge and produce 50% of lightbulbs but if they decided to be grossly unreasonable people could just stop buying lightbulbs from alternatives. Now if they had created their own bulb-socket standards and enforced them so that only they could produce bulbs that fit into the socket then there would definitely be an abuse of monopoly standard and ample grounds to argue "No you abused the patent and it will go into public domain now as part of the punishment.".

Exactly. It's always been the same bargain as with government.

'We the people / customers / market recognize that it's in our interests for your functions to be centralized (whether through functional necessity, efficiency, etc), however, in return for our granting you a monopoly we demand some say in how you run your affairs.'

The alternative should be, if Google isn't willing to accept that, then they deserve a lot harsher anti-competitive regulation. The GDPR would be the tip of the iceberg, and would continue into preventing their leveraging their size and customer knowledge into new related industries.

Would that be so wrong?

Yes - they're a private company, albeit unfair in this particular instance.

Almost all title II common carriers are private companies.

I can't believe the down-voting for suggesting Google - clearly NOT a provider of essential infrastructure like phone lines or internet connectivity - NOT be classified a class II common carrier!

In what universe are companies like Google, Apple, ... classifiable as class II common carriers? On what grounds?

Hell yes!

The first real recourse is not to invest your money or time in such an institution in the first place. It is foolhearty to ignore researching your busniess partners and I don't, for a minute, think these people failed to do so; they're just trying to recoup their money at this point.

Nobody is forcing you to use google products, and they are not a replacement for the real security in a business of loyal customers and employee's anyway. Why anyone ever consider investing in making apps for a phone given the way the market is today I will never understand.

Your second real recourse, if you can't get away from them and at that point this becomes a responsability, is to resist or fight them. In this case, getting some capital together and filing a class-action lawsuit. Another way to resist; make an app that roots the phone and poisions the data-brokers well by feeding them garbage information in a way that is impossible to effectively filter. Charge $5 a year, update the phone like antivirus updates it, have teams that work on popular vs unpopular apps, and before launching a campaign against a large app or investment firms, short the companies stock for added revenue. Invest in breaking the model of a closed ecosystem, which is required for all this spyware and for abusive EULA's to actually work right in the first place.

And when you do those sorts of things, you create a ruckus, and plenty of economic damage. That tends to draw the ire of law enforcement and government, and you will find that is the most effective way to demand new regulations. In politics, its only when you hit critical mass that change occurs.

And the final recourse, which is also a responsability that nobody likes to talk about. Their business addresses of them and their executive management can be found, and there are 17 guns per man women and child in the USA for a very good reason. You really have to fail as a society for violence to be justified and to be the only effective measure; arguably right now we're failing pretty hard if the fertility rates and life expectancy statistics are any measure. Google might not be responsable for that, but they are part of the symptom of a disease.

One could say the moment Google decided instant search was a requirement and began putting people in a bubble so effective that the only way to really survive was to decide free news is fake news. That at that moment violence became inevitable. I certainly hope it isn't.

But it is going to require people begin acting like grown-ups and taking some risks to avoid that. You'd do well to remember that.

or, of course, stop developing apps. If this is actually a common problem for app developers, then few people will go into this business, and the supply of apps will drop. That will then tell Google/Apple that this is actually a problem that they need to deal with.

All businesses have risks. At least these risks you know about beforehand (a <1% chance that your app developer has been shady in past and will get your account banned). This is actually a pretty small risk compared to the >99% chance that the app will sink like a stone in the sea of apps available, never to be seen again, along with every penny invested in it.

The app stores are swamped with apps. Every single one of those apps was some person's dream that they spent significant time/money/effort on - building an app and getting it on the store is not a trivial undertaking. The overwhelmingly vast majority of those apps will never make a cent for their creators.

From Google's perspective, one less app on their app store at this point is probably a good thing.

From the OP's perspective, unless they're seeing significant revenue from the iOS version, writing the whole thing off as a sunk cost and walking away is probably the best plan. Which is ridiculous, I know, but logically true.

> Google may terminate this Agreement with You for any reason with thirty (30) days' prior written notice.

The irony's that the mentioned notice was sent to the junk folder by Gmail. (I'm assuming Gmail from the screenshots)

I see this all the time. Legit mail from Google gets stopped by Googles own spam filters on our Corp google apps account. But clearly forged phishing emails purporting to be from our CEO (sent “from” their email address but not from Googles own servers when we use Google apps and have DKIM/SPF setup) gets through to the inboxes.

I just found my Google support chat transcript in my spam folder on Gmail.

If they specially whitelisted themselves it would raise antitrust issues.

System messages getting through the spam filter isn't an antitrust issue, they're not marketing or competition or sales. In this case it's a 'your account is about to be terminated' message which absolutely should not be getting sent into the spam bin, that's actively harmful to your business.

Imagine if the gmail spam bin was eating important renewal notifications and business notices for a company that competes with google, would it still be anti-competitive for Google to make sure gmail's spam filter works right?

The problem is that Google might be sending those emails in a way that activates the spam filters on other email providers.

So if the message is "use Gmail or otherwise you can lose important messages from Google and then your business gets screwed" ... that's definitely an anti-trust issue.

That said, they should definitely fix this issue.

Adding DMARC would put a stop to that.

There are varios ways a ToS may be not applicable depending on the jurisdiction. In this case considering the monopoly position of Google here I doubt they can terminate an account that is equivalent to market access for any reason in the EU

You are quite right about that. I guess the question is, can they very publicly offer a review process which is essentially a functionless placebo button or is that misleading enough to subject them to any liability at all?

This agreement requires 30 days notice if your agreement is not terminated for breach of terms. So in the case that you have a dispute, they could in fact be in breach of the terms without that 30 days notice. E.g. They can't just say "we don't want to do business with you anymore starting now," at least from this clause.

They could presumably argue that they close your account today, but the agreement is terminated 30 days in the future.

Disclaiming liability is not an excuse for treating your customers poorly.

Google’s customers are advertisers, not app developers.

Google took money from the developer in exchange for the performance of a service. The developer is a customer of Google's.

I believe the point parent was trying to make is that advertisers are more valuable customers while app developers, as customers, are expendable.

Those app developers who have been dutifully paying fees to Google may be surprised to discover that they are somehow not also paying customers...

Ancillary customers that Google throws some crumbs to, not the raison d'être of the enterprise.

They have collected billions from developers via their 30% commission on sales and IAPs on their app store, plus the massive volume of advertisements shown in their customers apps for which their split is much more than 30%. Many developers are paying thousands or more a month to Google.

Google's customers include advertisers, and they include people paying them for hosting, and people paying them to buy apps, and people paying them to publish apps, people paying them for online services, people buying their hardware, etc.


Their revenue last year was 136 billions. Even if we charitable assume app developers spend 10 billions per annum in aggregate, that's only 10%. Ancillary revenue.

Android alone accounted for $31b revenue in 2016, according to Oracle, of which $22b was purportedly profit just for 2016. Excluding Android's contribution to their advertising ecosystem, which is another chunk of that $136 billion you mention. That's far more than 10% of their gross profit, but even if it was less why would that absolve Google of responsibility? The % doesn't create the customer the transactions do.


Wait. I'm reading that differently.

I read it as saying $31 billion in revenue since Android was released, not in 2016 alone. That was more than 10 years ago.

And of that $31 billion, $22 billion is profit.

Finally, a lot of that revenue came from payments made to Google by handset operators, not app developer fees.

It's probably wrong, just something internal Oracle leaked on a topic without much transparency. But even if all Google ever made was the $25 one-time fee all Play Store developers have paid they meet the criteria to be customers.

It's got to be about 2 decades since only advertisers gave Google money in exchange for goods and services, since then there are dozens of ways to be their customer.

> Play Store developers have paid they meet the criteria to be customers.

totally agree. Google has a lot of customers and it seems like a lot of them receive mediocre or poor service, especially app developers.

then again, i've seen other HN posts state that corporate customers also receive mediocre service from Google.

I'm extremely sympathetic with Mark. And Google's support for its ~free services is indeed cursory.

Sure, one possible lesson is not making your business dependent on such third parties. But if your business involves an app, you're pretty much stuck being dependent on Google and Apple. I mean, ask Facebook about that. And amusingly, Google re Apple ;)

The key lesson here, I think, is the importance of vetting any consultants, developers, etc that you use. In particular, the importance of vetting their reputations with Google and Apple.

And indeed, maybe it's best to isolate consultants, developers, etc from Google and Apple. They do work for you, and then you interact with Google and Apple. And you make sure that everything gets sanitized, in the process. That would protect businesses, consultants, and developers from each other regarding their reputations with Google and Apple.

For many years, I did work for attorneys. But I never submitted anything directly to any court, opposing counsel, or whatever. And I was careful to wipe my identity from any electronic files that would be submitted.

Have those TOS been validated through the courts?

They’re just torts, so yes

There's no such thing as a terms of service that gets you out of openly commiting fraud.

The issue isn't the ToS. It's fighting Google in court. If fraud is occuring, the ToS will not actually protect you.

You want to know what's keeping Jack Dorsey and Sundar Pichai up at night right now? They both recently openly lied to Congress and can be put in prison at any time for it. A powerful congressperson merely has to decide to act on it. Dorsey has begun walking back Twitter's aggressive deplatforming against the political rightwing because he's scared now, he knows they can get him on lying to Congress. They can get anyone on lying to Congress, all they have to do is get you to testify extensively, then you're fucked. It's why Google didn't want to send their CEO to testify.

The only way to deal with a corporation as powerful as Google is to get their executives in front of Congress or on record in front of federal agents and pin them to the wall. Once they've testified enough under oath, they're effectively in a permanent minefield. They have to be very careful with all related business practices after that.

That works when you have a hot political issue, like election tampering. I doubt it's possible to scare up enough attention for app store bans. The only recourse there is to pursue it in court and or hope some state AG will jump on board.

What lies did Pichai tell Congress?

Ha, like the state cares about anyone but themselves. :)

>Isn't this legally actionable fraud?

Does it matter if it is? B2B lawsuits only get down to the actual law if the parties have a relatively equal amount of money. A small or medium business going after google _after google has shut off their revenue_ is not going to ever win

Why not? If you take them to court over this they would have to at least send a representative and that costs money - in a case like this they would almost definitely tell the engineering team to fix this specific case. Especially since this is in the UK so if Google lost they would be liable for the process fees. Maybe even small claims court would be enough, and that's 100% not worth sending a lawyer for.

I'm nowhere close to a lawyer and law is always a head-scratcher for me, but I'd hope that if that theory held even the slightest amount of legal water, a letter for your lawyer to their legal team might be enough to nudge them to fix your account and that'd be the end of it.

That's basically how it works. It costs you very little(couple hundred £ at most) to ask a lawyer to craft a letter to send to Google legal team saying they have to resolve the issue for you within 14 days or you will be taking them to court. And if there's one thing that's absolutely certain is that Google's law team's time is way more expensive than whatever lawyer you found to write a letter or two is going to charge you . So yes, they can write back telling you to fuck off. But they will know that if you do file a case against them, they will have to send someone to court - and that's going to cost them a lot more than just fixing the stupid issue.

No, Google sends a "litigation paralegal" to small claims court. But you will eventually lose:



Because any other approach would be game-theoretic suicide. If it became common knowledge that you could threaten to sue Google to get special treatment, that's exactly what everyone would do in every situation where some kind of special treatment was desired. The special treatment would no longer be special; it would be the normal treatment. And so the typical costs associated with handling developers detected as fraudulent by automated defenses would skyrocket. Somebody would have to pay for that, either the shareholders (lol, not likely), or non-fraudulent developers, in the form of handling fees.

Write a letter in plain language yourself, and escalate, escalate, escalate, then them being represented by a paralegal drone will begin to bite them.

Another advice: have 1 account per project, invariably of what their tos say.

> Google's law team's time is way more expensive than whatever lawyer you found to write a letter or two is going to charge you.

The reality of it is that the legal team is a sunken cost to the company. They hire or retain lawyers for whatever's going to happen anyway.

If your theory here was true, why does every small business who gets in this situation get stuck with no recourse when its just a few hundred to fix the problem?

Yes, Google could likely not handle the legal costs if everyone went after them in court. Much like prosecutors in the US, what Google does is go hard on anyone who tries to defend themselves legally. At the point the calculus a small business has to make is if its worth it to try and get a remedy in court when Google will make sure to push back as hard as possible and likely destroy your business.

Do you have some examples of Google doing that?

(Honest question. I would remember it if I'd heard about that happening, but I might very well not hear about it in the first place.)

I'd expect Google to be devious enough to say "as a gesture of good will we'll pay your legal fees if you sign this NDA".

FWIW, this isn't Google going "hard" on someone. Rather, it's just Google defending themselves under the law, as you would expect.

No, this article illustrates that Google took the effort disproportionate to the judgement amount. That means going hard.

OK. Under this definition of "going hard," literally all companies will "go hard" to defend themselves against incorrect small claims suits. The alternative is to always pay anyone who sues you for $100, since the effort of defending any individual suit in that amount will always be greater than the amount of the potential judgment. Of course, you can't do that, because then more people will start suing you for $100, seeing as you're just giving away money for the asking.

Personally I think that a definition of "going hard" that encompasses the behavior of all actors in a space is absurd. But you're free to interpret those words how you wish.

Have you considered that perhaps a better alternative is to act in ways that don't make customers feel they need to sue you for redress?

Everything is tradeoffs. I think Google's stance is probably near optimal for what they are trying to do, even if there are errors from time to time.

Would a class action work here?

Or Google might realize acquiescing to every small legal request might become untenable and create a policy of only giving in to well-funded threats.

That's why you buy a lawyer to craft the letter - so it looks indistinguishable from threats with actual funding behind it.

Let's imagine for argument's sake that there's a developer account team inside Google which could pull the relevant machine levers and reinstate OP's account. OP has already talked to developer relations support managers who have proven to be unable to get the developer account team to comply. Why should a Google legal team be more successful than a developer relations support manager at getting the developer account team to comply, when Legal is almost certainly laterally farther away inside Google?

Ultimately, in-house counsel at an org the size of Google is tasked with making the problem go away. It's easier to do that by burying the opposition in machine-generated paperwork than it is to convince people laterally far away in your org to comply. As a small business, you can't afford to pay for lawyers to deal with all the paperwork, so the bigger side (Google) always wins.

You're correct if the case has any amount of complexity to it. This case does not. So unless they actually commit to it, the chances are very decent that the court will ask "yeah Google, why did you take this person's money and then closed their account? Unless you provide extremely compelling evidence for a good reason to close it, I'm going to order you to reopen that account".

You can't bury a small claims court in paperwork - that's by design. And like others have suggested, if you write the letter in plain language, stating that they should at least look over your case again or it will be taken as bad will by the court, then the legal team might request that this information be provided by the engineering team - who will in turn say ok yeah, this is bollocks. Or they might not and he will lose. Either way, I would at least send a letter indicating such intention.

> small claims court would be enough, and that's 100% not worth sending a lawyer for.

I think the UK is like the US, and you have to represent yourself in small claims (to avoid wasting the court’s time). A county judge would probably find in the claimant’s favour in 2 seconds if you sent a solicitor…

we need more of the Max Schrems type in Tech. I wonder what a lawyer that moved into software / Tech or vice versa could achieve. I wouldn't underestimate the havoc "little men" can reach

Where does Google promise that review process? The sign-up flow for a developer account doesn't appear to mention anything like it.

Even if they did, fraud is a high barrier, it sometimes producing "bad" results that are reversed for PR reasons isn't enough. Given the case here, "A human has looked at the account and has confirmed that the only developer that has ever used it has been banned, this matches the criteria for banning the account" would be a review. (If they really gave the app developers the credentials to the account, that alone might be a violation of the rules? But I don't know how the Play Store backend works in detail)

Businesses treating businesses badly aren't that easy to reign in.

avip actually responded similarly below actually citing the relevant section of the TOS but got downvoted? Don't know why, this is perfectly valid.

I'd simply ask, can they very publicly offer a review process which is essentially a functionless placebo button or is that misleading enough to subject them to any liability at all?

I doubt it's actually functionless, but it's not a "please reconsider your decision", but only "please check you haven't made an error" they probably expect everyone to hit, and treat it as such.

I guess it boils down to if anything is actually checked, ever, or if its just a glorified autoresponder. The always super-vague nature of the responses does not fill me with confidence as to the former.

The problem here is lack of evidence and availability bias makes the decision process look terrible, without giving us enough evidence to be confident about that conclusion.

If a decision is appealed and reversed, would we hear about it? If the employee did a proper review and concluded that, yeah, it's legit, for reasons we would agree with, how would we know from only hearing the other side of the story?

This is why actual judicial systems are more transparent. Cases are tried mostly in public. Judges write justifications for their decisions. This allows us on the outside to review what they're doing and understand how it works.

But, the downside is that it's slow, expensive, and there is rarely any privacy.

No, it's not fraud. A key element of fraud (civil and criminal) is that the accused knowingly misled, and to prove that you'd need to prove that there is no reasonable interpretation of what they said that they could have believed was true.

With Google they offer enough data points to analyze for just such intent. In the absence of intent fraud is out of the question, but a jury might be convinced that a persistent pattern of incompetence which is brought to Google’s attention again and again without change meets the bar of fraud, especially in a civil court with the mere preponderance of the evidence standard. The post-banning behavior of automated responses and refusal to escalate customer service calls won’t help them either. As in the case of MS back in the day, it can seem like the law is just disinterested, but the law is merely unbelievably slow and equally inevitable. The day some prosecutors can make a career out of taking on Google, they will, and by then Google will be fully on the wrong side of public opinion.

Prosecutors don't make civil cases. I mean, all this is silly, but start there.

That second half of my post was not in relation to a civil case, which I think was painfully obvious given the reference to MS. Did you really misunderstand?

As in the case of MS back in the day, it can seem like the law is just disinterested, but the law is merely unbelievably slow and equally inevitable. The day some prosecutors can make a career out of taking on Google, they will, and by then Google will be fully on the wrong side of public opinion.

That is pretty damned unambiguous, unless you found as in the case of MS... confusing. If you want to explain what you found “silly” I’m open to reading your perspective of course.

I don’t know about the Google Play process but the App Store review process has been worthwhile. I’ve had many phone calls with them over the years detailing specific changes which need to be made to conform to policy. They are definitely not “low-level” employees but they are also not technically proficient. They are policy enforcers.

I’ve also had reviewers push for internal change on my behalf when policy seems poorly applied.

One specific example I can give is I had a link to my website in a game made for kids. They asked me to put a parental lock on tapping the link (e.g “ask your parents to enter the code” type thing). That was a really good addition.

That’s actually good advice, bur doesn’t appear to be applied to mist kids apps. All apps that I’ve come across have been litterd with ads placed in such a way to increase the possibility of the kid accidentally clicking on them. A dark grey UX pattern.

Yeah it disgusts me.

My oldest is going through apps almost entirely by jumping through ads which force you to install the next "free" game.

The reason Apple applied extra scrutiny to my app is because I checked the box indicating "Made for kids."

The review money is ridiculously small when compared to the investment they made.

I would assume if they could show that they depended on the promise made by the "supplier (google)" when they purchased the fraudulent good, the supplier would be liable for damages as well. Sort of like if I sold someone "aircraft grade aluminum" and then delivered compacted used soda cans and they actually did try to build a plane from it resulting in a crash.

That's assuming that someone associated with the developers actually did something wrong. For all we know, it could have been a mistake, a misinterpretation of some activity by Google's algorithms etc. - we'll never know because the lack of transparency gives Google advantage, and they're not legally required to provide any information on that.

That's why I think it's in the best interests of everyone to support alternatives like Librem, so that no single entity can make such kind of decisions.

Same thing happened to me on PayPal when I reported a fraudulent transaction. Automated process said nope it’s not fraudulent and I was unable to appeal this.

It wasn’t until a few times contacting them and DMing their support team on twitter that I was able to force an actual person to look at the obviously fraudulent transaction and fix it up instantly.

The algorithms suck, if I say someone took money from my account with an email and name that I’ve never seen before then you can’t just say nope not fraudulent!

There is a very simple solution to this mess which both Apple and Google have created through they duopoly.

Any business that is profitable and employing many people but has single point of failure with Play Store can solve this problem by giving Google some money for a more detailed review with an option to submit additional evidence. Say company X gives Google $10K to do this extended review. If the party wins, Google returns the money and reinstates the account else Google keeps the money.

Secondly, a private arbitrage company which may be setup by all big players in the game that can further review the whole process and provide a neutral view of the whether the ban was warranted or not.

I have advocated with most of these large companies to come together and form an open Privacy Working Group which will advice all companies to adopt privacy standards and also help evolve those standards by a widespread industry participation. If we could do it for HTML, Javascript and Web Standards we can do it for Privacy as well. This will also pre-empt government's heavy handed approach to force these giants to adopt standards that might be completely arbitrary like GDPR.

I had an app attached to a service which required sign in to do anything on the Apple store for 4 years, and according to our metrics no one ever signed into the App Store review account you’re required to set up, which definitely backs up your theory that they’re at least sometimes just doing an automated scan of your app and hitting a button.

I think recourse to Google's behavior, has to be through appeal to mobile operators.

it is not just google that makes promises or benefits from positive user experience, availability of options to end users and so on.

It really seems publicly shaming corporations is the only way to get justice in this new digital world. That's not the way justice is supposed to work.

Not sure what you mean by "attract developers". Attract implies competition, but when a startup releases an app, there's no choice but submit it to the Play Store, due to its 80% smartphone market share.

> How is this any different than selling a counterfeit product? Isn't this legally actionable fraud?

They are just selling you a low-quality product. You are free not to buy it.

I note from the mention of £25k that you're probably in the UK.

If you don't mind burning fifty quid or so, you might find it satisfying to use the small claims process to issue for a sensible (not super-inflated) estimate of damages. The below is not legal advice, but is written from personal experience.

Try to leave a clear paper trail of your reasonableness: send a clear notice before action with a reasonable time limit for reply, offering to settle for the estimated damages or reinstatement of your account. After this time expires, you can file a claim online.

There are then three cases to consider:

1. Google settle immediately in response to your notice before action, either with damages or another action that satisfies you.

2. You file and Google fail to turn up at the resulting hearing. You will get default judgement and should be able to add your court fee to the judgement against them given your offer in the notice before action.

3. You file, Google oppose and send representation. Assume they win with probability 1. You are down a court fee and your time to turn up and sit round the table. They've been forced to engage properly with you and the judge to ensure they take your complaint seriously, and you've had as good chance as you'll get to argue that their behaviour and/or terms are unreasonable. Their costs will be substantial and the rules do not allow them to recover them from a non-vexatious claimant...

Assume they win with probability 1

I would not assign that probability at all. The small claims system is actually designed to be fair! Going in all lawyered up is more likely to raise eyebrows and could be counter productive. The whole point is a quick and easy process with the minimum of fuss. You present your argument and they present theirs and a general test of reasonableness is applied. More Judge {Rinder|Judy} and less Rumpole of the Bailey.

Yes, sorry, that was badly written: it was intended as "this is what happens in the worst case" rather than "this is guaranteed to happen".

It is part of their ToS. Just because the ToS is a bit too liberal doesn't mean they broke any law.

But why would Google have to pay for any damages?

I spoke with a lawyer about this and looks like it won't work at all. From what I understand Google doesn't have any obligation to serve his app on the play store. Unless you can prove that they are a monopoly, but to do that it's very hard and you need a lot of investigation.

The point here is not that you will win if they defend it. The point here is that you will win if they don't, and at the very least cost them significant non-reclaimable money if they do.

> Their costs will be substantial and the rules do not allow them to recover them from a non-vexatious claimant...

Do the rules allow them to bring the question of whether the claimant is non-vexatious to litigation?

The first test in U.K. common law is whether or not the case has any merit; not a losing case, not mistaken, but without merit. The kind of case we’re typically talking about are either fraudulent, or completely bonkers, and that’s what this is meant to prevent. Second, the vexatious litigant is a serial offender, not just some fool who doesn’t understand how the courts are meant to work.

Someone claiming their livelihood was impinged on by termination of their accounts by Google, given said termination actually occurred and not in the context of a criminal enterprise won’t meet that standard. Not a chance. Now if you made dozens of accounts and sued over each one, or were a spammer, drug dealer, etc... that would probably annoy a judge.

I've been a claimant from time to time but am not a solicitor, so you'd need to ask a proper lawyer.

Nobody has even tried anything like that in any of my claims, it's deliberately a very high bar, but as far as I know, it'd be a decision you'd ask the judge to make at the end, in the same way you ask for your court fee when the respondent refused your offer to settle in the notice-before-action.

I sincerely hope you go that route (well, if you can't resolve the issue otherwise, of course), and if you do, please please please make a post about it later.

I actually just got my Google Ads account suspended because I forgot to update my billing address before adding a new card.

The suspension was for "suspicious billing activity", tried appealing twice with the correct billing address, and was told the suspension is final (some automated email) both times.

They won't take my calls because the account is suspended, which leaves me not being able to advertise on the #1 service to do so.

It's completely unacceptable, especially for a business in their position. One tiny mistake leads you to a lifetime of suspension to a service vital to almost any business.

I was also suspended.

- Having friends inside google does not help (I suppose at some level they can, but L5/L6 engineers aren't enough)

- Creating a new account with a different credit card does not help. Subsequent accounts they can link back to you will also be banned

- I haven't found a solution yet, except for keeping all of my new projects outside of google (no google analytics, no google search console (which obviously still allows your site to be indexed) no gsuite. That way if I never need google advertising, a co founder can pick it up and google has no way to trace the company back to me.

no gsuite is probably key - I'm thinking of terminating all my gsuite accounts simply due to no desire of having my business basically be terminated due to some stupid algorithms maintained by google's idiots.

Keep G Suite, but buy your own domain (whatever.com) so you are in total control. If they ban you, just change DNS records to point to zoho or some other provider.

> Keep G Suite

Why, so Google can pull the rug out from under me at the least opportune moment?

And lose all the emails and Google docs associated

This also requires maintaining decent backups of the gsuite emails, calendars, contacts, and drives that people are using.

Which is good practice anyway, just in case of an outage, or someone hacking your account, or whatever.

But I agree, too risky. Just stay away from Google. Cons outweigh the pros, for me personally. The only thing I used it for was sheets, docs and gmail. LibreOffice is more than adequate for me, and far better than the Google alternatives.

On the plus side, they are helping you remove your dependencies on Google! If you ever decide you’re done with them it’ll be easier to cut them out of your life.

When I was in college I ran a forum that got some decent traffic. I put Google Ads on my site and after a few months had enough money to pay for school books. I went to cash out and they suspended my account claiming click fraud and stole the money.

This is how google has always operated, and it's one of the reasons why their near monopoly on advertising is horrible for everyone.

This exact thing happened to me too. They claimed click fraud and terminated my account.

It was 10 years ago, and I have tried to make an appeal about it but always with the same response.

Exact same situation here. I don't need Google Ads so it doesn't really affect me, but I'm terrified that some day in the future it will come back and kick me in the ass somehow when some algorithm (sorry, "AI") decides that it has some significance so I get kicked out of email, YouTube, Maps, Google docs, etc

I also had my account suspended due to a failed payment method.

I was just exploring Google Places API to see if I could integrate it with a side project. The signup process claimed that it only needed a credit card to "prove that you're a financially capable human," which makes sense (and it also said that it would not charge your account until you gave it express permission), so I happily agreed. Despite this claim, Google apparently requires an active, chargeable card at all times, from account inception until you die. Failure to do so will result in terminating your account.

Whatever, let them terminate the account. Google's public favor is in a tailspin, and I can get the data I need from FourSquare at a fraction of the cost.

My google ads account has been suspended for 19 years. I'm still waiting for the results of my appeal...

Don't hold your breath, you're not the only one. They claimed I clicked on my own ads which was never the case, of course there is no way to appeal. They stole my money because yes, they still owe me money, these punks sent me a 25€ voucher to buy ads, like it solves anything.... I will never ever trust them or rely on any of their services like the Google Cloud Platform.

Google settled a case like yours for $11m on the grounds that it would be too expensive, after four years of fighting, to prove they didn't steal your money lol.


My wife's paypal account has been suspended for 10 years now, for some utterly ridiculous reason I've long forgotten. After a year of trying to persuade them to un-suspend it, we gave up.

We really need tech monopolies like Google to be regulated, in order to stop abuses like this.

They're regulated. The problem is that our threshold for bad monopolistic behavior is that customers suffer, and it can be damn hard to prove when it's indirect, like in this case - how much do customers suffer from not having access to the app in question? But even then, when you aggregate all that across the entire store, I'd say that there's that aspect as well.

Back when our anti-monopoly legislation was first introduced, that wasn't the case - monopolies were busted just as well because they did something anti-competitive, even if that was presented as benefiting their customers (and even if it really did, short term).


Google is regulated in many ways. It just got the fattest antitrust fine in EU history (read all about it https://news.ycombinator.com/item?id=17556497).

No. They need to be broken apart so they arent so vital individually.

Regulation and anti-trust action are not mutually exclusive.

Regulation isn't a silver bullet. Maybe a little bit for certain things. But, You'll never be able to develop enough rules to make sure everyone is treated fairly.

the best way out of this is to educate users and start getting them to use other search products. we need more diversity of choice.

Google Play is not a monopoly! It takes one checkbox in Settings to open the floodgates to any app (or app store) you want, and device manufacturers (such as Amazon) can ship their own app stores pre-enabled if they want.

What percentage of android devices, in the world, have that box ticked?

Enough for Fortnite to get players on Android

I'd guess most of them, if you actually consider the whole world.

Probably not enough to matter, if you are only looking at the UK.

Actually, alternative app stores can make use of that as well. The installer app needs to be installed as a system app with proper permissions, and it will them be able to background install apps on demand just like Google play does. The F-Droid Privileged Extension[0] does just that. While you need to be rooted to add/register such apps, that's not a problem for device manufacturers.

[0] https://gitlab.com/fdroid/privileged-extension/

As of Oreo Google doesn't allow this for devices if they're to pass CTS without users jumping through multiple hoops first.

Oh, good point. I forgot about China.

If you open an APK it prompts you to go right to Settings and enable it. Actually easier than installing Firefox on a brand new Windows Surface, which requires an MS account to enable unknown app sources.

Correct me if I'm wrong but it's seem that technically 3rd party store can't do unattended upgrade while Google Play can.

Its actually no more single button. A button per apk source

Why is it an abuse for Google to arbitrarily deny you access to Google’s website?

Everyone has the right to revoke consent at any time.

Additionally, why do you believe Google is a monopoly, and in which line of business?

My colleague got banned for not using Google wallet instead of PayPal back when Google wallet was launched.

He is still banned today

> One tiny mistake leads you to a lifetime of suspension to a service vital to almost any business.

This really is where Google might be too big...

Since Google is such a force, and they don't have time to support or help people/companies lost in the algorithms, maybe competition is the only thing that can solve this because most companies are too small/medium for them to care.

Lots of these systems are probably well intentioned and risk averse by default, but in the end have too much influence on the market as a single point of failure.

Highly concentrated systems with single points of failure that fail on a large scale are bad, but even worse is highly concentrated systems that randomly get in an error loop but too small to correct, only here it is small/medium companies stuck in that algorithm purgatory vortex.

Why not open a new account, or release a new copy your app using a different namespace? I mean it is an inconvenience, but we aren't exactly as powerless as is described in the article.

It's probably trivial for Google to associate his new account with the old one. Nothing to hide, nothing to fear..

That just puts you back in the same position for relatively little effort. So it’s not like that’s a loss.

Unfortunately not, because it could succeed long enough for their business to get some success, hire people, have assets, debts, responsibilities, customers, and then Google cuts off their oxygen.

Of course, Google could do the same to ANY of us who end up depending on them. The only real solution is whatever makes you not significantly reliant on Google.

Any account they can connect with you also gets banned.

What if OP made a new company, and did an arms-length asset sale at fair market value of the old company's IP?

What makes you think google algorithms would care, or that any human would care to review the case ?

It's worth mentioning that GDPR gives people rights to allow them to appeal automated decisions, and receive a clear explanation of how the decision was made:


I'm not sure if it'll help for the author of the article, as Google's decision is clear, just their logic in unfair, and I assume they are talking about a business, not a personal, account.

>One tiny mistake leads you to a lifetime of suspension to a service vital to almost any business.

One sometimes needs a lawyer to deal with the complexity of government laws. It seems like soon there will be a small thriving job market for "googlawyers" -- people who will earn they bread and butter by getting through the Google's bureaucracy.

PS. Jokes aside, it's a sad state of things.

There are already "Amazon lawyers"!

It’s not hard to create a new account and get accepted again, hypothetically.

It sounds like the problem is with the outsourced developers responsible for the app. It's their account which has been banned - for multiple violations of the ToS. Now, perhaps this is just over-zealous enforcement on Google's part, but it's also possible that these developers have created shady apps before, or are adding shady code to apps developed for others.

The OP doesn't seem to know for certain what code is in their app. Is it possible that the outsourced developers they're using could have introduced dangerous code, and have a track record of doing so before? Nowhere in the post does it suggest that the author has contacted them to find out why their account is banned, which seems a little odd given how frustrated they have become with Google for banning them.

Google has the burden of proof to show why they are guilty by mere association, but won't do it, likely because they don't want to reveal any information about how they determine who is violating the ToS. There should be greater transparency and a better appeals process, but there won't be.

At the very least it doesn't seem that Google has thought of a better way to handle the scenario where an honest client relies upon a firm that has within it one bad actor, which seems kind of short-sighted given the heavy-handed nature of their policy - ban and delete someone else's work..

Look at it from the other perspective - if Google doesn't police the Play Store then users are put at risk. When bad actors are detected, they're banned. It sucks if you've hired one of these bad actors to do development work for you, but that can't trump the need for users to be protected from malicious code.

In an ideal world, code review of the app would reveal whether or not there's anything fishy going on. It doesn't seem like anyone has done this - not the OP, or Google. OP thinks their developers must be OK, and Google thinks (based on some past evidence) that they're not. This doesn't strike me as totally unreasonable on Google's part.

I’ve seen enough posts like this that end with the developers being reinstated to doubt google here. They need to provide actual humans as resources to developers and companies. They take a huge cut, they should provide the service.

But really we should move away from these app stores.


take a huge cut

Exactly. It seems there should be some certain legal "level of expectation" that they will act in good faith for 30% (I'm guessing- I don't use them).

But really we should move away from these app stores

Yep. Which is why I have to guess at the 30%.

I find this whole story very disturbing. I understand Google's need to protect their ecosystem from malicious code, and the desire to ban developers who try to do harm (although I suspect that the real bad actors find work-arounds for the bans), but I can't help thinking that this isn't the way a good (morally) company would behave.

I guess it points to way more developers out there than Google needs in order to have a vibrant ecosystem, so if they burn through some percentage it isn't worth their time. It makes me think of fishermen who fished ruthlessly and perhaps wastefully when the ocean harvest was plentiful. Years later, however, those fishermen face some dire times, with perhaps more ahead, because the harvest is more modest and future harvests are threatened.

I don't know if Google gets a huge cut now but they certainly didn't start that way. Originally when Android shipped Google took 30% but only got 5%, the other 25% went to the carrier. The fact that they only got 5% apparently meant they were barely covering costs.

That maybe have changed in the last 10 years but I don't think it has. The help on it says

> The remaining 30% goes to the distribution partner and operating fees.

In other words Google is not getting 30%


> But really we should move away from these app stores.


My carrier has nothing to do with which phone I chose and use, so I highly doubt it's true at least outside of the big US operators.

The problem here isn't that Google terminated the account (which seems reasonable, given the circumstances), but that's its essentially impossible to have it reinstated because there's no real appeals process.

Google does not seem bound by the burden of proof you describe. What evidence supports your claim?

They can do whatever they want but it's just a standard that I find valuable. That's my opinion, not a fact.

(For whatever it’s worth, I agree with your opinion, and wish it was legally binding upon them.)

>Google has the burden of proof

no they don't; this is not a trial.

The problem is, people would then use that information to evade bans.

I don't think you can - once you get banned, they run you through some automated thing which usually just tells you the decision is final, and you're banned for good. Then you CANNOT talk to someone. And if you do speak with a customer service rep that finds out you've been banned, they have to stop talking to you.

I had an account representative from google at some point. As soon as I was banned, all my calls were routed to voicemail automatically.

I’m assuming this means you were paying them as well?

No. I had just started and I was banned before my first billing cycle. The assign account managers to all new clients to help you get setup properly

I tried paying my outstanding balance (peanuts) but the system won't let you after you're banned

> Nowhere in the post does it suggest that the author has contacted them to find out why their account is banned

Which, to be fair, is by design. The article admits straight up that it's an attempt to get publicity and embarrass Google into reinstating the account. Giving a complete and forthright accounting cuts against that goal, they want to seem as sympathetic and innocent as possible.

And, to be fair, the iPhone set around here is eating it up. Pitchforks are sharpened, torches are lit and the march to the castle is underway.

As to the truth? We really have no idea. I think your theory sounds most plausible -- they hired someone scammy to write the app and Google happened to bring the banhammer down on them while this app was being launched.

I get where you're going, but Google has been guilty of similar egregious behavior in the past countless times. The testimony of so many people in this thread alone swings the case in OP's direction, not by virtue of evidence but by virtue of reputation

Yeah this makes sense. This one particular example seems fishy but when so many people have voiced their support it's clear something is really broken with Google's procedures. This kind of thing is always hard to deal with though it seems Google does have it worse than many other similar behemoths.

ding ding ding.

It seems to be the issue to me as well.

The analogy given in the article is wrong. It has nothing to do with incriminating you for your neighbors crimes.

I do realize it sucks for Mark but if the reason is indeed that these devs are suspended, the suspension of his app is perfectly understandable.

> suggest that the author has contacted them to find out why their account is banned

With how Google makes the appeal/review process opaque, they might not even know themselves.

Transparency is a major issue here, you cannot even defend yourself because you don't even have access to the "exhibits" or any other kind of details.

It might be but in that case they should have told them so. Not just "you are banned because of somebody else, sorry, good bye"

I'd love to see the source code of the uploaded app.

The owner most likely doesn't have them. If he had from the beginning none of this would've happened. Considering the publisher is the offshore developer, the owner would've gotten worse trouble than this in the future.

Knowing all these, I wouldn't touch their iOS app with a ten-foot-pole.

Google is such a joke. They need to get their heads out of their asses. Constant stories of bad support. Youtube is a complete horror show.

And I seriously question if their cloud offerings have actual product designers attached.

One great example:

If you are using Google CloudSQL, you are one command away from losing everything:

> gcloud sql instances delete prod-instance-name

When you delete a CloudSQL instance, it also deletes the back-ups associated with that instance along with it. So if you accidentally delete your production database: Your backups? Poof. Gone.

It says this in the fine print of the on-demand backups documentation: https://cloud.google.com/sql/docs/mysql/backup-recovery/back...

> They persist until you delete them or until their instance is deleted.

There is also no way to mark a CloudSQL instance as "protected" so one bad CLI command can lose you your production database and all backups.

In order to get an actual backup workflow that will not affect production traffic, you have to script your own database dumps.

For me, Google CloudSQL does not do enough to protect my production data from accidental deletion. I would argue it is unclear how your production backups are being handled. I would argue their product treats your production data and backups irresponsibly.

With RDS instances in AWS, it’s the same behavior: destroying a database instance removes all of the automated backups that were made. Make sure to take a final snapshot!

In just the last few months they've made it possible to preserve these snapshots after destroying the database: https://aws.amazon.com/about-aws/whats-new/2018/11/amazon-rd...

And there is also delete protection by default for new prod databases: https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-rd...

TIL! Thank you!

> I had created a Google Developer Account simply so I could pass on the login details to my app developers who uploaded and updated the app via my account each time.

Sounds like one of those developers was previously banned for violating ToS and Google suspects the author is the same person with a new account trying to evade the ban. Instead of sharing login details, the correct thing to do is add a user and give them permission to upload. Not let them pretend to be you.

The situation sucks but Google's action seems reasonable? Like they can't just let people create new accounts to evade bans.

> The situation sucks but Google's action seems reasonable? Like they can't just let people create new accounts to evade bans.

It seems like the opposite of reasonable to me. You hit the nail on the head for _why_ this happened but this person now has _zero_ recourse for correcting their mistake.

Yes, they screwed up. They shouldn't have let them do it through their account. But now, because they screwed up, you're fine with the action that they can literally never be on the Google Play store ever again? The largest mobile store with the largest share of phones and you can't be on the store because of this?

Absolutely unacceptable.

> ... they can literally never be on the Google Play store ever again

question: is Google really that good at detecting the relationship between an account they banned, and some other new account created under a different name with someone else's credit card?

i mean couldn't this small business get another credit card under a different name and then create a totally new developer account under a different name -- and keep that all totally isolated from the previously banned account?

is that just not practically possible? if it worked at least initially -- what would they have to lose?

I mean, even if it is possible, it's against the ToS and if they find out you're gone again.

It seems reasonable to me as well.

So far 99% of the people I have seen complaining about their account being suspended were unwilling to read the ToS, even less to try to comply with them.

I am pretty sure that the review process does mistakes as well, but as always bad actors spoil everything for everybody.

FWIW, I had 2 apps removed from the play store earlier this month. They were all based on the same codebase (different flavors) and were banned for using a forbidden permission (after asking it to the user of course).

I was super surprised since when I coded the feature using that permission, it was legal to use it. The rules have changed since then and I had pushed an update to remove the use of that permission (to be honest it was not that necessary, it just made the UX a bit smoother in one case).

BUT I did not realize that for these 2 apps, I had retained apks in the play store for lower api levels with the faulty code :///

(I use an upload script to gain some time .. multiple apks take a long time to upload for each update otherwise; so I don't see the play store console often)

Still; I was clearly in the wrong.

I just removed the faulty retained apps and was again in the play store a couple of hours later.

> unwilling to read the ToS, even less to try to comply with them.

So... a sane human being? Someone who can't afford to spend literally hours reading legalese and trying to figure out what it means?

This is in a business context. If you think you don't have to read the TOS, then you better have your lawyers doing that for you.

Now back to the real world...

How is reading a legally binding contract with regards to your business not a real world expectation?

In a lot of jurisdictions a contract that you were not able to negotiate properly is simply void.

Sure, a ToS is different, and there's basically an implicit contract when you buy a service, but that doesn't mean that the ToS is all powerful. It can be still unfair practice. (Some jurisdictions have that too.)

Now of course courts can't really force G to do business with you, but as others mentioned they can be sued for damages.

Still, you have to read TOS first to understand which part is definitely enforceable and which part isn’t. Ignoring it completely is foolish for a business.

In my jurisdiction it is assumed people do not read the ToS and any part of the ToS that is not generic boilerplate must be shown separately or otherwise highlighted, otherwise it might as well be food for the shredder.

That plus business can certainly not terminate your business relationship for any reason they like.

Right. Now imagine how it would feel if you made your entire living off those apps, the ban was for life, and they didn't even bother to explain to you what you did wrong.

Many people are in this exact situation. That is why they are upset.

I guess that would be a proper reason to use the word 'kafkaesque'

And most people don't see the other side of the coin, which is that millions of bad actors are trying to break this exact system. When you start doing suspicious things like that, you look exactly like the scammers trying to evade bans.

> ... when I coded the feature using that permission, it was legal to use it.

was it related to SMS?

Indeed !

In retrospect it was a mistake even when it was in the ToS. It needs way too much precautions : warn the user and explain what we do, have them accept the permission, handle the case where some phones need 'phone state' (because no way we ask that one, too frightening and powerful).

If you are not a SMS app, just open the default one (if there is one) with a pre-filled message.

Reminds me of how gaming accounts are frequently banned for automation or similar cheating, only to pull at heart strings saying they were hacked and that they themselves did not commit the cheating. With VPNs and similar tools it can be difficult for the moderator to know for sure so bad actors take advantage of the situation. As a result you get a painful margin of error the is difficult to reduce without significant changes to the system.

I'm not on Google's side, look at my post history, but there are always two sides to a story.

I've never heard of such a case in gaming resulting in the person being unbanned, but maybe it's a newer development?

My experience comes from a specific niche: MMORPG botting which using an automation script to train/goldfarm for the account while the player is not at the computer. This is coupled with a large amount of account scamming/hacking such that it is fairly reasonable that someone might have stolen your account and botted on it for their own gains.

Or maybe those devs were unfairly banned because another bullshit reason. Unfortunately we don't know because Google operates in the most opaque ways.

This is also what I find most infuriating. One should at least be able to receive compelling evidence of what lead to the banning decision, and get a fair chance to dispute it.

I understand Google doesn't want to give bad actors information that could help them avoid the counter-measures, but the side effects on people who are innocent or make minor errors are too severe. They could make the whole process lengthy, and require proper, detailed authentication to make sure it's different persons & companies each time - that adds enough cost to deter bad actors from using the "appeals" process, but it would save honest people from the frustration.

A lifetime ban because they suspect an account was shared is not "reasonable". One person at most deserves a permanent ban, and it's not the OP. A state/national ID card should be enough to clear things up and solve the "can't just let people create new accounts" problem.

This is awful and I feel terrible for them, but a lot of alarm bells went off when I read this:

    I then attempted to login to my ‘Google Developer Account’ for 
    the first time. Previous to this our app developers were the 
    only ones to access our account to upload and update our app for us
It sounds like they violated probably one of the first requirements of the ToS not to share account credentials. From there ... really anything goes as to what that developer could have done with those credentials intentionally or otherwise.

Google definitely needs to up their game here. Lifetime bans that are completely irrevocable are a completely unacceptable system for the #2 or #1 app distribution platform in the world. Such a ban should be a last resort after many, many transgressions and a result of extensive manual review, not handed out on an automatic basis. Nonetheless, developers need to do their part and also read and take serious the ToS of the developer agreements too.

It has been a while since I lived in the UK, and paid close attention to IT legilsation. At one stage it was considered illegal under the Data Protection Act (1998) to share credentials to an account, due to the lax control it offers over potential access to personal information.

In this case, I would imagine the Google Developer Account would presumably give them access to some level of information about the customers of their application.

"From there ... really anything goes as to what that developer could have done with those credentials intentionally or otherwise."

They paid them to make the app though, they could put literally anything in there and even with them sending them builds that they uploaded themselves it would have been just as easy to be nefarious so this justification is thin at best.

Are there shared accounts in the google app scene or is giving your credentials to the developer the only way to give them access?

You can share account access with other accounts. There is a Users & Permissions panel in the Google Play Console you can use to invite new members. There's no need to share your password with other people.

> They paid them to make the app though, they could put literally anything in there...

Unless Google found something concrete, this speculation doesn't matter at all, shared account or not. A lot of software/websites/services are developed and managed on behalf of other businesses/people, with those people just trusting the developers/admins with no way to verify anything really.

"Such a ban should be a last resort after many, many transgressions and a result of extensive manual review, not handed out on an automatic basis."

Surely not, but that's what happens if you manage millions of apps and developers with minimum human labour. But even if they would increase human labour ... I guess it is really hard to look into all the cases, because what do you do with (smart) malicious actors, trying to circumvent bans?

Had work with malware author before. Don't think it is possible to manual review those ban due to the massive scale of malware industry.

I have a hard time empathizing with people unwilling to read the ToS.

It contains hard rules regulating what you can do with your app, not just with respect to Google, but also with your consumers.

If you can’t read the ToS you are not qualified to participate in society at the level required to distribute software for people to use. There are other tests, but this is one of them.

The real threat to Google will come when someone sues over this behavior as an antitrust case. This is part of "supply chain" antitrust law. It's sometimes called a "refusal to supply", where a manufacturer refuses to sell to a retailer. That's legal if it is not "part of a predatory or exclusionary strategy to acquire or maintain a monopoly."[1] If you're the only supplier of something, antitrust law starts to apply. That's basic monopoly law.

That's a can of worms Google would not want opened.

[1] https://www.ftc.gov/tips-advice/competition-guidance/guide-a...

Indeed. And we know from the previous lawsuits there was definite employer based collusion between FAANG to artificially keep engineers' wages low.

How do you deal with the digital mafia? RICO act.

So few people understand this when these situations arise. We just need the right people with the right pockets and the right connections to DC to have such an issue.

The problem is that they don't. :(

Why hasn't this happened yet? It seems like Google has been behaving this way for a very long time.

The people big enough to do so, with the pockets to do so, aren’t subject to the problems faced here.

The saddest part is that such behaviour will bring full power of regulation on all of us, just like GDPR did. Sooner or later lawmakers will come after all of us because of neglect of that sort.

So now you know not to blame the government or a political party.

Even in systems with automated processes, the bare minimum for communication should be a log of activities that is visible to all parties (e.g. account owner and company). The log should remain visible for quite awhile even after a severe action such as a ban.

And in such a log, every action taken by an employee should be marked with an employee number, even if it is a number that only means something inside the company; and every action taken by an algorithm should be marked with an identifier for that program.

It would be a lot easier for everyone involved to understand what the hell is going on if you could see entries like:

- <YYYY-MM-DD> algorithm XYZ flagged account due to suspicious activity [link] - <YYYY-MM-DD> employee 123456 verified accuracy of terms violation [link] - <YYYY-MM-DD> algorithm ABC notified account owner via E-mail of violation [link] - <YYYY-MM-DD> algorithm ABC auto-banned account

Instead, it seems for a lot of tech companies the communication amounts to ONE E-mail basically listing all the lazy non-effort they went to before ruining everything for you with no recourse.

The piece of the puzzle that you're missing is that people use accounts for fraud, and if they find out why an account got banned, they'll know which behavior triggered it and will learn to avoid that behavior in the rest of their accounts and future accounts.

It sucks, but automating sharing reasons for flagged actions will be self-defeating.

Ultimately it needs to be reviewed by a person at the company who is equipped to judge the situation with more intelligence and discretion to determine if it's really fraud or not.

> The piece of the puzzle that you're missing is that people use accounts for fraud, and if they find out why an account got banned, they'll know which behavior triggered it and will learn to avoid that behavior in the rest of their accounts and future accounts.

Compliance is the goal, no? How's it self-defeating if you ban non-compliant behavior and only way around it is to basically get more compliant with the rules?

How will you get compliance if you don't share details with clueless violators, so they can avoid the mistakes in the future? That seems self-defeating, because this gets rid of clueless, but potentially valuable developers.

> The piece of the puzzle that you're missing is that people commit crime, and if they find out why they got in trouble with the law, they'll know which behavior triggered it and will learn to avoid that behavior.

> It sucks, but automating sharing reasons for illegal actions will be self-defeating.

Yes I changed your text from corporate "illegal" to government "illegal". We wouldn't let THAT fly in a court of law. We have rules on that, like the 4th and 5th amendment. Right to have the charges read before them; right to face their accuser; right to a fair trial; right to be secure in their houses/papers/effects

So what are the charges? "We will not tell you what you did."

Who's the accuser who said I did the thing? "It cannot be in the courtroom. It is an algorithm.

Secure in your effects? You waived them (unilaterally) in dealing with a monopoly. Too bad, soo sad.

Fair trial? SURELY YOU JEST!

With respect, I am 100% sure that Google does this (no insider knowledge here - just conjecture on my part). I am completely sure that Google - a company that lives and dies by data - keeps logs.

But there is zero value sharing this with "customers". If you shared this and it said "Algorithm/Employee #12345678 linked this account with previously banned account" where does that get you? It doesn't get you any further - all it gets you is another thing to argue about, but they've already made their decision and you agreed to their TOS about how they can cancel your account at any time, so you've gained nothing really: Google still don't want to do business with you, sorry.

I imagine the comments will be either: its your fault, dont trust google and have a strategy that totally relies on a party out of your control, & in this day and age you have to do this and this happened to me with google/apple/paypal/microsoft etc.

While i think relying on google (or a single platform) is dangerous, these platforms really need to address these issues. While their isn’t much competition, they are really eroding developer trust. Developers may decide to build for an entirely different platform or work on a different idea that is outside mobile. This ultimately hurts app stores and this these platforms.

Short term a small amount of discontent doesnt matter, but it could reach a tipping point.

> Dont trust google and [don't] have a strategy that totally relies on a party out of your control

Last week, much of Google and Facebook were brought to a halt after Apple revoked their enterprise certificates. While the circumstances justified Apple's actions in this case, the fact remains that even Google and Facebook are largely reliant on another large company. If Apple completely banned all Facebook apps from the app store tomorrow... well, Facebook would probably survive, but it would be a serious blow.

I don't see how you can not be reliant on Apple/Google.

> I don't see how you can not be reliant on Apple/Google.

This is the very definition of a monopoly, isn't it? If the government was working properly, it would be ready to break up these companies, as well in other areas of oligopoly such as oil and banking.

Well, there's two of them.

Duopoly, then ogliopoly after that.

> MONOpoly

> thESE companIES

Antitrust covers market manipulation and coercion though, which you could easily argue these companies have (monopoly over certain platforms such as the iPhone; magically identical pricing).

I'm not so sure Facebook could survive. At least, assuming they were not able to get some alternatives in place fast and even then, it would not continue to be the same company it is today. FB gets 85% of their revenue from mobile ads. I haven't seen the breakdown, but I'm guessing based on other stats I've seen that way more than half of that comes from iOS. If they were banned from the app store, it would be catastrophic.

I guess it would hurt Apple quite a lot as well, as I guess many users use their Apple products mainly to use Facebook's apps...

For most of my family and friends, their smart phones may as well be designated Facebook portals. As sick as that makes me, that is the world we live in.

> have a strategy that totally relies on a party out of your control

If it's possible to implement the app as a PWA sure, but then discoverability becomes an issue.

Sadly, App Stores are a natural monopoly and everyone expect them to be fair but they clearly can't.

Are they a natural monopoly by choice or by necessity? Not sure what "natural" means, here. I could imagine some sort of federation that would make them less of a monopoly, understandably not Google's choice, though.

Natural probably means that for a given mobile platform it's natural - due to network effects and other market forces (e.g. the platform owner heavily subsidizing/supporting their choice of store) - for one store to emerge as a monopoly.

> “This ultimately hurts app stores

Good, app stores need to die.

App stores are the least-unreliable mechanism I have to trust executable code. I don’t even enable JavaScript by default.

Do you have an alternative trust mechanism that can’t be subverted via, for example, algorithmic voting?

I think there's a couple solutions to this. First, "trust" should depend on your own evaluation of the developer, based on metrics like how long their app has existed, customer reviews, what protections they have around handling data, etc. You have the ability to do a much better job evaluating trust than Apple or Google are likely to. But even beyond that, sandboxing needs to be made effective enough that even if you do install a malicious app, it doesn't matter. iOS actually does a really good job of this - apps are contained in their own sandbox, and have to get your permission to access any sensitive data, which you can easily choose to accept or deny. There are also limits on resources, and apps can't do much to your system unless you actively open them, which makes it really easy to escape from a bad app.

I know you mentioned disabling javascript, but browsers are also a really good example of this. Browsers run your code in a sandbox, and the rendering engine itself is sandboxed in case of bugs. As a result, you can pretty much visit any random website and know that it won't compromise your system - as far as I know, there haven't been any widespread attacks using browser vulnerabilities since sandoxing was introduced (except maybe Internet Explorer, which doesn't really count). The worst that can happen is that a browser tab starts using too many resources or doing something annoying (like autoplaying a video), and you can just close the tab and make it go away.

""trust" should depend on your own evaluation of the developer, based on metrics like how long their app has existed, customer reviews, what protections they have around handling data, etc. You have the ability to do a much better job evaluating trust than Apple or Google are likely to."

Wow - no, we do not have the ability to ascertain the overall trustworthiness of a dev, certainly not better than Google or Apple.

Reviews can be faked, and 'how long their app has existed' is not a very good measure of anything. Their T&C's on 'protections' don't mean anything if they are not already trustworthy.

So unfortunately, this is one of the valuable things that AppStores can provide.

Assuming the developer has been in business for a significant amount of time, there are a lot of signals that help tell you whether an app is legit or not. As a random example, if I look for information aout Overcast (a fairly successful app from an independent developer), I get:

* A bunch of reviews from users, very few of which sound fake: https://itunes.apple.com/us/app/overcast/id888422857

* Articles about the app from well-known websites: https://9to5mac.com/2018/04/29/overcast-versus-apple-podcast...

* A wikipedia article: https://en.wikipedia.org/wiki/Overcast_(app)

* Information about the developer: https://marco.org/about

You could fake all of this, but it would be really difficult and expensive, and probably wouldn't work in the long-term.

It's true that for a brand-new app from an unknown developer, it's difficult to say what their intentions are, but Google and Apple don't really have any more information to go off of than you do regarding that - at best, they likely have the developer's contact information, but you can probably find that yourself as well. Additionally, the nice thing about sandboxing and permissions is that you don't really have to trust the developer in order to run an app. For example, the other day I was looking for a protractor app that would give me measurements in tenths of a degree, and I found this app [1]. Aside from a few reviews (which, as you said, could easily be fake), I know absolutely nothing about this developer - for all I know, they could be trying to steal all my data. But because iOS sandboxes everthing, they won't actually be able to access any of my data or do anything bad unless I approve it, and if I don't like the app, I can press one button and get rid of it. As a result, I can feel comfortable installing the app anyway, even if I don't trust the developer.

[1] https://itunes.apple.com/us/app/angle-pro/id750327028

"but Google and Apple don't really have any more information to go off of than you do regarding that "

Apple requires people to provide a business number among other things, and they have substantial ability to 'dig in' to a developers background.

Users have zero interest in this, and nobody has time to do some big investigation into some company for the sake of some app.

The whole point of the app stores are to filter through the crap for us and give us some idea of what's good and what's not.

I mean, both Google and Apple analyze apps for any sort of detectable malicious libraries/code. It's not perfect by any means, but it's something.

I don't know why this business got banned. I assume it's due to the outsourced dev they used. I doubt they're technically competent and reviewed the app themselves, so who knows what kind of bullshit the dev stuffed in their or their other apps.

Disregarding security, the app stores also (try) to filter out crap applications, blatant rip-offs, applications that steal your data or ruin your battery by mining bit coins. These things usually don't really need to circumvent the sandbox. One can of course argue that the stores don't really do a great job policing the right things but they are efficient to some degree (e.g.: the recent facebook spy-vpn fiasco).

One other thing is that, at least in Apple app store, the review process catches use of private APIs which are in theory harmless but are not considered stable and could cause the application to crash if a minor update changes the way they work.

If an application is a "blatant rip-off", users are most likely going to realize it and uninstall it/stop spending money on it/dispute it with their credit card company, which should eventually stop the scammers from making money. And even before you install the app, you can still read reviews from other people to determine whether it's trustworthy.

Excessive resource usage is already pretty easy to avoid - iOS will limit resource usage when an app is in the background, and show you which apps are using a lot of battery power so you can uninstall them. I would imagine Apple could expand this more by showing an unobtrustive notification somewhere with a message like "____ is reducing your battery life, would you like to stop it?"

Regarding private API's, if Apple's position is that third-party apps are not allowed to use them, they should just stop exposing these APIs to other apps completely.

Solving privacy issues is tricker, at least in the short term, although I think this should eventually be handled by government regulation. Assuming we can get fair and well-written regulation (which, to be fair, is a big if!), we could have clearly-documented rules that apply equally to all market participants, and aren't quite as clearly biased based on commercial incentives (although there would still be an indirect effect due to lobbying).

> as far as I know, there haven't been any widespread attacks using browser vulnerabilities since sandoxing was introduced (except maybe Internet Explorer, which doesn't really count).

While non-malicious, jailbreakme.com seems to come back once every few years or so.

That's a good point, although the only recent exploit (in 2017) depended on a combination of 3 vulnerabilities that had already been fixed over a year and a half ago when the exploit was released.

A generalization is not necessary here, for me there is a huge difference between Apple's App Store and Google Play. The former actually has real people behind it that you can talk to, also on the phone, and who are really friendly and will reach out to help you fix problems. Also, they do really review the app, obviously using automated tools, but still there's some human involvement. Google tries to be smarter than everyone else but they're not. Many people have this love-hate relationship with them, but recently there's less and less love in it.

>App stores are the least-unreliable mechanism I have to trust executable code.

And yet almost weekly I read a new story about malicious apps being found in app stores. Like this one posted today:


Personally I trust things from app stores about as much as I trust random things from the web.

Which is why I phrased it “least unreliable” rather than “best”.

Considering there aren't many totally reliable ways to avoid shady software save going through the source of a program line by line and verifying it yourself, least-unrealiable sort of comes across as best.

The trust you have in an app store is because you believe in their processes for auditing apps. But the two do not need to be linked.

Google Play Protect, for instance, works just fine on sideloaded apps or apps downloaded from other stores.

The distribution and marketing channel don't need to be the same as the trust mechanism. There's a whole anti-malware industry out there that can do the latter, and could easily do as good a job as Google currently do.

> App stores are the least-unreliable mechanism I have to trust executable code

More so than the repositories that various linux distros use? I honestly think that something like apt for android would be a much better solution - too bad, it will never happen because it would mess with google's monopoly.

There are Play Store alternatives, such as F-Droid, Aptoide and ApkMirror.

But it still comes down to discoverability and trust - you need to know about and trust these alternatives, and you need to change a setting on your device to "allow untrusted sources".

Distro repositories are great but they are several orders of magnitudes smaller than the app stores. Ubuntu has ~50k packages available, app stores host millions of apps. Package maintainers to a great job but I don't think this model can scale up.

I think you should be crediting sandboxing for that.

> App stores are the least-unreliable mechanism I have to trust executable code. I don’t even enable JavaScript by default.

How did the rest of us ever live through the 80s and 90s when we had to purchase software from physical stores based on reviews in magazines and word-of-mouth...

More seriously, the PC software industry works well without app stores, download sites usually check for malware to some extent and successful publishers earn trust by not screwing over their users.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact