Hacker News new | past | comments | ask | show | jobs | submit login
Google bans my events app for referencing Covid-19, or related terms
590 points by kujaomega 11 months ago | hide | past | favorite | 214 comments
I'm an independent developer and in this thread I will show you the succession of events that lead to Google ban of my app.

In september 2019 I decided to start developing as a fulltime project an Android app about physical events in Spain.

At the end of February 2020 I launched the app.

March 14 2020 started the confinement in Spain. Weeks later I decided to pivot the app to include online events, movies and tv shows ranking of online streaming platforms.

This May 2020, I launched the update and reoriented the app as a Things to do app (Only available in Spain). So I used the following description of the app:

Title: "Tintodo - Things to do"

Short description: "The best things to do, online events and movies"

Full description:

"Are you thinking of things to do when bored? Or are you planning what to do tomorrow? With this app you can discover online events and movies from your favourite online platforms.

Find out online events in your quarantine like activities, meetups, cooking recipes, business and networking events. You can also filter the types of events and if they are free or paid events.

Thanks to this app, you will never be bored tonight. You have a ranking of the best movies in all online movie platforms, which will allow you to enjoy this confinement and is one of the main sources of things to do in your free time.

Note: We don’t play movies in this app. This app allows you to browse movies in your favorite platform, some of the movies are free, some not, the owners of those platforms are the ones who own the rights of the movies."

17 May 2020, Google suspended my app for using keywords related to COVID-19.

This is my case, but in a near future, how I can advertise my users or future users that my app behaviour is different due to COVID, I have no chance. 8 months developing that lead to a suspension for using covid words, at least, It's not 9 years like the Podcast Addict app.

Slightly different topic, but Google also suspended our company's adwords account, I believe for using keywords related to COVID-19.

The business is an American manufacturer that added capacity to manufacture PPE to make up for the lack of Chinese supply. Since we were supplying direct to the market, the prices of the PPE were in-market from before COVID times, or cheaper. We weren't out to make a killing, just to fill up some manufacturing time and help folks out. We had the equipment, the people, the facility.

However, we didn't have a great way to reach people who needed it - healthcare was not our normal industry - so we decided to put it up on Adwords.

Within 24 hours, the account was suspended. We appealed it (thinking it must have been a mistake), and a month later, they told us they reviewed it and maintained the suspension. We told them we were only promoting PPE to help people in health care find supply and they didn't care. We've never had suspension issues before.

The whole experience left a very negative taste for Google. With their extreme dominance in market share for advertising, they no longer need to cater to customers' needs. (Maybe they care if you're a multimillion dollar customer, but certainly not if you're an everyday SME manfuacturer.) And there's not a lot of alternatives to turn to for that type of advertising. There was no recourse, no discussion, no reasoning. Just the Google blank wall.

We wound up manufacturing lots of it anyway to hospitals in need, but Google actively tried to stop distribution of American-made PPE during the pandemic.

> "Google actively tried to stop distribution of American-made PPE during the pandemic."

This sounds like a great headline to shine some light on Google's banning practices. Some bad PR may help them reconsider their lack of customer service.

Great headline.

Shame there won't be any ads put on that article to pay any of the staff. Another one of the problems that comes from a near-monopoly.

Considering the mainstream press like NYT love to attack the tech industry/silicon valley, I'm surprised they haven't zeroed in on this one yet.

I guess much like mass-surveillance before Snowden, we in the tech-world are the only ones who know how bad it really is and why that is so dangerous.

Writing a letter about this to some representatives in Washington might resonate well

Welcome to the club. Don't get your hopes up getting the ban lifted. Had my startup AdWords account banned because we developed dApps using Solidity and Google didn't like Ethereum at the time.

After countless email replies from "Emily" - the Google support bot, and actual phone hangups from the call center, we gave up.

And there are plenty of other examples out there.

Speak with your state attorney general.

Why don't people start lawsuits against them for these unfair business practices? If the damages to your company are small you can even file a local small claims court case. https://kahlerfinancial.com/financial-awakenings/weekly-colu...

Small claims isn't always a cake walk. The defendant can pay to upgrade to general division, turning the somewhat informal case into a full-fledged case.

Small claims and certainly general courts are often (and I think in this case) more about getting the attention of a big company than actually winning. Is google really going to send a representative and lawyer to fight you in either small claims or general over disabling your adwords account when any sane review would conclude that they are wrong? They will 99% just turn it back on. This isn't solving the larger systemic problem here but probably is a great way to get your account reenabled.

A friend’s company was doing something similar and I shared a link to their website on my Facebook. Not an advertisement, just a link to the homepage of a company I personally knew that is making and selling PPE (at normal/reasonable prices, this wasn’t some shady operation). It got taken down for “going against community standards”. I tried to appeal but it was just a black box and I never heard anything back. I feel like tech companies are actively making this pandemic worse even if they think they are helping.

I successfully ran game promoting ads at the end of march, without any limiting despite having "virus" words in the ad. 2 weeks later, the game was released and got banned on Google Play one week after the release.

More story and screenshots here: https://news.ycombinator.com/item?id=23229073

One of the most popular podcast apps, Podcast Addict, is dealing with this right now as well: https://www.androidpolice.com/2020/05/18/podcast-addict-pull...


Can someone remind me why there is an "app store" that is run by the phone OS maker? Aside from the anti-trust/monopoly type issue, should there be a more market healthy de-coupling between the place I buy my apps and the OS maker?

Monopolies are almost always bad for consumers.

I kind of chuckle when I think about how Microsoft had such a huge battle over IE being integrated into Windows, and now we sort of accept a situation 100x worse on our mobile phones without batting an eye.

The why is that there was a huge solution/market gap.

Finding software for Palm and Windows phones was often a trek through random forums and websites to download garbage that didn't work.

There needed to be a central registry before smartphones would be adopted by the average person, and the registry needed some quality assurance so that the average person would have a good experience.

Tucows wasn't going to cut it, and the only open model that worked at the time was linux distro package repositories, which would need a dozen features tacked on before it was usable, and only added packages glacially (that QA problem again.)

Smartphones wouldn't be a thing without centralized app stores, but I'm also in favor of allowing users to add third-party app stores, in the belief that 99% of people won't do it, and the 1% would understand the security risks.

> There needed to be a central registry before smartphones would be adopted by the average person

This is revisionist. The iPod/iPhone originally didn't even have third party apps and it caught on anyway. Even now, 90% of the value of a smart phone is having a web browser in your pocket and most "apps" could have just as easily been web pages.

I think the only apps on my phone that can actually justify being apps instead of web pages are Signal (so it can store my conversations on my phone and not a third party service) and Firefox (because it's a web browser). Meanwhile the iOS app store won't allow Signal to be my SMS app and requires Firefox to use Apple's browser engine, so the utility it provides is strictly negative. I could have been just as happy to get Firefox from firefox.com and Signal from signal.org.

I still don't understand why Facebook is an app. Facebook is a web page. (I mean I do understand, it's because the app can hoover up more of your personal information, but why should I want that?)

There was a big gap in parity between a web page and a native app in those days(the gap is still large today, but companies have a vested interest in keeping their software on their servers so you can subscribe forever...). Apple caught a lot of crap for not launching with a way to run native applications, and their web toolkit was a joke.

The functional web browser was the main killer app, but the additional functionality of native applications is a non trivial part of the modern smartphone's success.

> 90% of the value of a smart phone is having a web browser in your pocket and most "apps" could have just as easily been web pages.

They will be very soon. PWA is spreading like wildfire.

Now we just need to teach people to use secure browsers. (Not just ones people think are private.)

> PWA is spreading like wildfire.

Do you mean on Android? I've read they're a bit crippled on iOS

They're a bit crippled on both main platforms, but quite a bit less all the time. and the more average consumer learns about them, the less the friction will be of Menu->Add to homescreen (if you missed the prompt/dismissed it without reading).

the only open model that worked at the time was linux distro package repositories

And also at the time, the company (Lindows/Linspire) that created an app store based on that foundation caught hell for doing so (my first job out of high school was doing QA on that app store).

So even if it was necessary to have app stores for consumers it wasn't an easy transition to make.

The Linspire app store was great, it made Linux easier than Windows for my family back in the mid-2000s. The experience on modern app stores still feels clunky comparatively.

I can pretty easily find very good software for my palm pilot to do almost everything I want (besides things it’s just not capable of like real-time video) and if there’s something I can’t find it’s very easy for normal people to develop for. There’s even an on device C compiler someone wrote although personally I don’t like the included editor.

Contrast the iPhone where the only real things apps get you are push notifications and there’s nothing you can do even if you’re a decent programmer because you’re totally locked out. Plus nowadays we have github so there’s no need to “hunt” for software.

My mother is normal, she isn't going to write any program, let alone in C.

She isn't going to Github to download Whatsapp either.

IT folks are extremely tech savvy and do not count as normal when it comes to the market as a whole.

My cynical view is that it's because both OS makers want vertical integration, in order to justify their 30% platform "tax" on being allowed to sell apps on their platform.

I'd definitely agree there should be a decoupling (made mandatory if needed) to prevent this conflict of interest.

On both platforms, the OS maker enjoys an anticompetitive position of being able to provide their own services without the platform fee (see Apple Music and Spotify dispute), as well as being able to inhibit the visibility of third party rival apps at their whim.

I wonder if the issue is that now we don't have a platform with 90+% penetration, this isn't perceived as a monopoly scenario, even though the effects of it are effectively identical as there are significant (cost and practical) barriers to switching, and no feasible ability to enter and provide an alternative. And on iOS, not even feasible - no actual ability at all.

But that 30% platform tax must be pretty attractive when justifying your position with legal internally...

The "why" is because the creator of the OS can lock down the system to only allow apps from their own marketplace.

The "why is this not being discussed as an anti-trust violation like Microsoft was hit with" is because the US government of the last 10-15 years doesn't have the same viewpoints on anti-trust that they did 20+ years ago.

The US government didn't go after MS over IE bundling. That was the EU. The US targeted them over anti-competitive contracts forcing manufacturers to pay for licenses on systems without a MS OS installed.


The US government went after MS multiple times. Most were over anti-competitive contracts. But the list includes https://en.wikipedia.org/wiki/United_States_v._Microsoft_Cor.... Which definitely did go after MS over bundling IE.

The penalties that Microsoft suffered under from the USA were sufficiently weak that they considered it a cost of doing business. It was only the much larger EU penalties that caused them to change course. But the USA definitely went after them for bundling IE.

>...the US government of the last 10-15 years doesn't have the same viewpoints on anti-trust that they did 20+ years ago.

The Nintendo NES came out in 1983. Didn't they have control of all apps allowed to run on their machine? They weren't charged with anti-trust violations.

> The Nintendo NES came out in 1983. Didn't they have control of all apps allowed to run on their machine?

They didn't.

The security of the consoles from that era was based on trademarks. The hardware would refuse to execute software unless it could find the manufacturer's name at some predefined memory location. Since these were trademarks, game companies had to obtain permission in order to use them.


The judges ruled that people had every right to reverse engineer existing games and produce compatible software for those consoles regardless of the manufacturer's wishes. The trademark violations were the manufacturer's fault since they made it necessary for games to work.

The world was a much better place before the DMCA.

This is actually a really interesting parallel. Like Apple/Google, Nintendo also became successful in part by tightly regulating their console in response to a quality problem previously caused by more open platforms[1].

The comparison breaks down somewhat though when you consider the size of the NES market (61.91 million units sold) vs. smartphones (1 billion+ sold). Nintendo, and the whole gaming market, may have just been too small for the justice department to pursue anti-trust charges.

[1] https://en.wikipedia.org/wiki/Nintendo_Entertainment_System#...

That's an interesting comparison to make, since ultimately Nintendo lost their court case regarding their control over who's allowed to create and publish NES games.

They weren't the only gaming system. There are 2 phone ecosystems today and that's the central device in most people's lives, the phone is a bigger deal.

Sega vs Nintendo, which shortly after Sony enterred the game became Nintendo vs Sony, then Sony vs Microsoft

Duopolies seem to be a natural state

How many gaming systems existed in the late eighties? What was Nintendo’s market share?

The why is because, without a lock down app store windows machines were known to be an easy target for viruses, malwares and fake software. Advanced users can still jailbreak and install other apps.

Unfortunately, the vetting process has issues and I think even though the quality will improve over time due to more/better usage of ML/AI techniques but that will make the process more opaque.

The problem is that it heavily discourages community maintained software.

Most smartphone apps seem like a way for a bank to wedge themselves between you and what you want to do.

On Android you can sideload apps easily but nobody does it. According to Google, less than 0.5% of Android devices do it.

Exactly. Imagine how much criticism Apple could avoid if they allowed side loading. Heck, make it complicated and require a Mac desktop/laptop.

Even then at least power users would be happy. At least I could load up apps that aren’t approved without having to jailbreak.

Power users can use Android.

The problem with side loading us social engineering attacks.

Imagine how many iPhone users could be persuaded to sideload ‘corona 5g bioshield app detunes the software radio in your phone away from the harmful frequencies the NWO is trying to expose us to’.

> Power users can use Android.

I've tried Android, I don't like it. Apple has put a lot more thought into their UX. Also the Apple hardware is better.

Telling someone to use Android because they want control of their iPhone is a ridiculous argument because they aren't substitutes for each other.

> The problem with side loading us social engineering attacks.

Exactly, which is why I said to make it hard to side load. Require you to run an app on a Mac laptop and write some code to make it work. Make it so that there are so many steps that only the most dedicated are interested. But just make it possible.

And besides, somehow Android doesn't seem to have a widespread problem with this, despite allowing side loading.

Android has an enormous malware problem with million node botnets etc.

Exploiters don’t need to leverage side loading because the platform and store are insecure enough as it is.

As to making it into a huge pain to sideload, what you want is already available. You can install whatever you like by downloading XCode.

> You can install whatever you like by downloading XCode.

Only if the source is available. Or the creator is under their 100 user limit.

> Require you to run an app on a Mac laptop and write some code to make it work. Make it so that there are so many steps that only the most dedicated are interested. But just make it possible.

Can't you do exactly that with xcode?

> Can't you do exactly that with xcode?

Only if the source is available. Or the creator is under their 100 user limit.

There is no way for someone to make an iPhone app and put it up online and let anyone who wants to download it and install it.

Ok - but that’s not what you said. We’ve agreed that would lead to the problems already outlined.

The seven day certificate expiration duration also makes this largely impractical.

The parent said: “Make it so that there are so many steps that only the most dedicated are interested. But just make it possible.“

I consider ‘impractical’ (not practicable) to not rise to ‘possible’.

> Imagine how many iPhone users could be persuaded to sideload ‘corona 5g bioshield app detunes the software radio in your phone away from the harmful frequencies the NWO is trying to expose us to’.

Less than 0.5% of them, apparently.

But also, what do you care what idiots do? Nobody is forcing you to install it on your phone. Freedom of choice is not an obligation to choose poorly.

0.5% of 2.5 billion is 125 million. Is sideload malware irrelevant because “only” 125 million phones have flicked the sideloading switch?

I think there’s good reason for the sideload feature to be there, but your argument seems to be about it being unimportant because 0.5% isn’t a big percentage.


Probably more with Fortnite though.

Apple created the app store because they wanted to avoid having people install malware.

Google copied them because they wanted a piece of the app store tax.

So Apple's motivations were solely altruistic, whereas mean old Google is just a money grubbing copycat?

I'm being snarky, but it seems a little naive to think either of these companies wasn't eager to capitalize on the lucrative mobile software market. Aren't you also prevented from buying subscriptions or making other in-app purchases within iOS apps (but not through the app store's integrated system)? Seems like that has little to do with malware as it's not just a ban on malicious IAP, but rather any type of IAP that doesn't include the "app store tax" as you put it.

I think both the Google and Apple stores purport to be a generally safe repository of mobile software in order to encourage the sale and distribution of apps, strengthen the appeal of their respective platforms, and generate revenue by providing these markets (for a cut).

When Apple did it, it wasn't at all clear that there would be a lucrative mobile software market. What was clear is that the success of their platform absolutely depended on applications not giving the platform a bad name. And insisting on control was typical Steve Jobs.

Apple's motivations for continuing to charge outrageous fees are, of course, that they want to keep the free money rolling in. And they must have hoped to generate a revenue stream. But establishing tight control had lots of other motivations.

By contrast Google was deliberately creating an open platform on open sourced software. Their decision to lock down this piece was opposite the rest of the product direction. And it is hard to believe that they weren't looking at the demonstration of what happened with the iPhone and were trying to replicate the revenue model.

> * What was clear is that the success of their platform absolutely depended on applications not giving the platform a bad name.*

Yes, but I see this as Apple desiring tight control, first and foremost (as you hint at). Helping cut a potential malware problem off at the pass was a nice side benefit. I see the flow of causation in the other direction here. Apple just wanted control, because that's just how they do things. Initially they weren't even going to allow third-party apps.

This cuts both ways: while you can't distribute obvious malware on Apple's App Store, you also can't distribute perfectly benign things that people want, but Apple has decided is distasteful... to them.

> By contrast Google was deliberately creating an open platform on open sourced software.

I think that's a fairly naive view of it. They believed that open-sourcing the OS was the best way to gain market share (which worked, for all Android's fragmentation and faults). I sincerely doubt it had much to do with some desire for openness; that would contrast pretty sharply with most of the rest of Google.

> Their decision to lock down this piece was opposite the rest of the product direction.

Except they didn't lock it down! I have several apps on my phone installed via F-Droid. The Facebook Lite app used to (I uninstalled FB a couple years ago, so not sure if it's still the case) have the ability to manage and install its own updates (I assume for lower-spec/non-Google-Apps phones in developing markets). If I feel I can trust an app I download off the internet, I can install it. I have a couple of my own apps installed on the phone, without needing to pay Apple a $99 gate-keeping fee, and the software to install them is open source, not wrapped up in proprietary Xcode.

I will be the first to agree that most people don't avail themselves of this option, and an app developer who doesn't publish in the Google Play Store is kneecapping their market reach. But the fact that it's possible (and not even difficult) to do is the point. Sideloading on an iPhone is something that costs money; requires specialized skills, tools, and a particular brand of hardware; and is out of reach for the vast majority of people who (for example) would otherwise sideload on Android.

> * And it is hard to believe that they weren't looking at the demonstration of what happened with the iPhone and were trying to replicate the revenue model.*

I'm sure that was part of it, but... so what? I don't really see this as indicative of a particular mindset.

Apple originally didn’t want custom apps or an app store at all... folks started jail breaking their phones to have insane and cutting edge features from the future like copy and paste.

It's a mess.

ON the other hand some wise open app store wild west... the android app store is bad enough with malware, can you imagine one with nobody minding the store?

I suppose that was(is) the dream of the mobile web. Where web technology is good enough to deliver an app experience via a website.

No approval process, no banned from App Store.

Yes and yes and yes. Google nuked BlackBerry’s potential at a mobile comeback with BB10 by not allowing play store integration.

It was an upgrade over app stores run by your mobile carrier, which is what it replaced at least in USA.

I've long wished there was a more encompassing alternative to F-Droid, which would include the same payment facilities as Google Play (paid app, in-app payments, subscriptions), allow proprietary apps (but still give FOSS as a search filter and show it as a prominent feature on the app page), and offer plenty of user curation features ala Steam and make filters optional (which would allow communities of independent reviewers to vet apps for child-safety, not being COVID-related, etc... and users to chose whether to restrict themselves to that selection or not).

It's quite amazing when you think about it, that two US companies have absolute power over deciding what 99% of people in the world can do with a device that many would describe as an extension of themselves.

Epic games tried to side step google:

> When Fortnite launched on mobile in 2018, Epic Games very notably sidestepped the Google Play Store and pushed users to download the title directly from their website, an effort made to avoid the substantial revenue cuts that Google takes from in-app purchases of Play Store downloads. After 18 months of harsh rhetoric regarding platform gatekeeping, Epic Games says that Fortnite is now available for download on the Google Play Store, though it will still be downloadable from fortnite.com moving forward.

> Google puts software downloadable outside of Google Play at a disadvantage, through technical and business measures such as scary, repetitive security pop-ups for downloaded and updated software, restrictive manufacturer and carrier agreements and dealings, Google public relations characterizing third party software sources as malware, and new efforts such as Google Play Protect to outright block software obtained outside the Google Play store,: an Epic Games spokesperson said in a statement. "Because of this, we've launched Fortnite for Android on the Google Play Store."

And Epic conveniently forgot to mention the part about the security warning being well deserved when it came to Fortnite...


So while the app was on an alternate store a security lapse was detected and fixed.

Isn't that actually proof that something doesn't need to be on google play to be checked and improved?

That really doesn’t help if there is a 0 day exploit.

Hmm... Well deserved, or a poor security choice for Android? The vulnerability appears to be that any app can overwrite an APK downloaded to external storage with a FileObserver. How is that not pathologically bad security on Android's part?

> Any app with the WRITE_EXTERNAL_STORAGE permission can substitute the APK immediately after the download is completed and the fingerprint is verified. This is easily done using a FileObserver. The Fortnite Installer will proceed to install the substituted (fake) APK.

Android offers app-local storage that no other app can write to. Epic simply failed to use it. The alternative would be no shared filesystem at all, but then people would complain about that as well since things like file browsers wouldn't function and sharing things like photos between apps becomes tricky.

Notably, all operating systems that allow programs to write to files have this "pathologically bad security". Download a .exe file on Windows and check its hash before installing and you have a TOCTOU bug where malware can sub the file after you've checked the hash.

Another alternative is to not permit any application to be installed unless it is signed by the OS manufacturer or some other finite trusted list of signers - but then we are right back at the app store model that pisses people off.

"sharing things like photos between apps becomes tricky."

That's a solved problem. Apps on iOS can request access to the photo library. Why Apple still doesn't allow write access to the music library is frustrating.

It would be nice if you had a universal "folder picker" where multiple apps could be given access to a user created folder on ios, admittedly.

Definitely Well deserved.

That's not Android fault: you're asking Android to give you access to an unrestricted storage area (e.g. because you want to edit photos shot with your Camera app), and the fact that other apps can read/write to it, is the whole point of that storage. Hence you need to treat it as untrusted, and validate that you're going to install the APK that you thought you were going to install.

The flaw appears to be that there is no way to validate in external storage, since the contents can be changed after validation.

Which, yes, is a reason to not use external storage. But for large downloads it's undeniably the norm, since internal storage is frequently limited. Since Android doesn't appear to provide a way to use the SD card and also prevent this, that part of it is an Android flaw IMO.

As evidence, note the external storage options say "can another app access it? yes, if it's in external storage": https://developer.android.com/training/data-storage

They shouldn't have used external storage while using API for silent installs, full stop.


The fact that the norm is different is a good point, but the norm is also not to implement your own app stores.

In fact, if internal storage is so limited that you don't have space for the APK, you'll get errors due to lack of space even while installing apps from the Play store

Sure, normally you need about 2x to install anything (both apps are kept until the new version is done and validated). But that's less than the 3x, if you also kept the download there.

Anyway. Yeah, silent installs make this dangerous, no disagreement there at all (tho they're always more dangerous. I'd prefer to never have them). But there's also no reason that Android can't provide a protected external store, except that they've been self-destructively hostile to external storage in any form. It won't work if you remove the SDCard and manipulate it elsewhere, but that's not the attack vector here - it's entirely possible to protect from things on-device, just like they do for internal storage. They even partially achieve it now, with "adopted" internal storage, so it's absolutely possible.

That article reads like propaganda for Google Store.

> That's because Fortnite isn't available through Google's Play Store. Epic instead chose an unorthodox -- and more dangerous -- route for the game's fans. Rather than download it through the official Google app store, players need to download the game and "sideload" the app on their Android devices instead. That Epic is allowed to do this underscores why Google's Android often gets knocked for its security chops.

No wonder they ultimately folded and came back into the “protection” [racket] offered by Google Play with PR like this coming to bear.

Those security issues would have been rendered moot by the sandbox if they went through the Play Store.

But really? That's the card you're going to play? That "every app has security issues" so this is okay?

The way I see it, a well-funded and very popular entity tried to bypass Google’s stranglehold (and high taxes) on app distribution. Even they ultimately failed to maintain independent distribution.

They probably invested quite a few engineering hours to devise a solution, as there’s a lot of code / Google services that need to be replicated. It’s unsurprising to me that there were some bugs in this code, and I think generally companies that respond to bug reports and issue patches should be commended.

Where I would disagree is if you are claiming that we should be treating Google Play akin to a low-level cryptographic library in the vein of a “don’t ever roll your own” approach. Allowing independent software distribution is usually considered a positive differentiator for Android. For this to be a viable distribution channel it’s actually extremely important for large and popular entities to be using side loading in order to build recognition and trust in its use. Ideally it results in open-source sideloading frameworks and best practices that the larger community can build upon.

Are you as forgiving about security issues with Zoom?

It’s OT but I will totally forgive Zoom for their security issues. Their CEO openly admitted they were wrong, promised to fix it, made real changes fairly quickly to better lock down default settings, have upgraded their ciphers, and made a major acquisition to build-out their security chops (Keybase) to address the larger problem of easy to use key management.

Personally I’ve relied on Zoom to get meetings running quickly (without wasting precious time fighting with hard to install client software) many times on meetings where I would gladly trade ease of use for security posture.

I think Zoom messed up but has shown they can admit fault and course correct.

They are—as far as I’m aware—an entirely content neutral communications network that lets me pay for a service, doesn’t try to analyze and data mine my content, isn’t operating as a middleman between me and my customers, and isn’t at risk of becoming my competitor if it detects my product is becoming successful. They aren’t leveraging a monopoly position to maximize rent seeking and crushing the little guy through arbitrarily enforced content moderation policies. They aren’t exploiting cheap labor or phish a business to intercept their customers.

So as far as growth-hacks go, playing some API tricks on Mac and Windows to get their client ridiculously easy to install and running in a meeting — which risked you entering a meeting without an extra prompt, or potentially provided a pivot for unsigned code....

Frankly they seem about as un-villainous as they come in terms of publicly listed tech companies or venture-backed unicorns.

You mean “API tricks” like surreptitiously installing an always running web server on Macs so that it could reinstall itself when the user uninstalled it?

They aren’t sorry for doing it. They are sorry for getting caught....

Yes, exactly. I believe they used the localhost server to be able to quickly install and launch Zoom with zero extra clicks when you joined a meeting.

It wasn’t used to track their users, or serve ads, or nag users to come back to Zoom or monitor anything on your machine. It was used so that when you wanted to join a meeting, it would get you into the room completely effortlessly.

Again I just feel like compared to the innumerable ways that big and “well respected” companies are regularly screwing their customers, using a technical hack only to make your product easier to use is in some ways commendable even.

I’ve wasted 15, even 20 minutes on some hour long conference calls just trying to get everyone dialed in and able to hear and talk. I actually chose Zoom because of how hard they worked to make it “Just Work”. I guess I feel like they had their heart in the right place, and didn’t actually abuse their users’ trust like almost every other company I’m forced to put up with.

I think Fortnite is even more ethically clear cut than Zoom though, because Fortnite tried to develop a feature that they have every moral and technical right and justification to do.

I see self-distribution along the lines of self-hosting. It’s feature that we want to be able to exist and be well tested and understood how to “do it right” for strong competitive and anti-censorship reasons.

Fortnite just happened to screw up a specific aspect of the implementation. In some cases you screw up, you patch it, you write a blog post explaining what you got wrong and how you fixed it, and you’re a hero for helping the community learn from your mistake!

I don’t understand why Fortnite got pilloried instead of the community wanting them to succeed so that they could blaze the trail for independent developers in the future?!

Why wasn’t the pressure on Google for not having better documentation and support for what they were trying to do, and for imposing arbitrary technical limitations like not allowing developers to keep the sandbox enabled for side-loaded apps?

Wasn’t it Google that actually found and disclosed the bug in Fortnite’s installer? That’s some serious gray hat level hacking.

If Fortnite had succeeded in mainstreaming the concept of side-loading it might have made it much more popular and pressured Google into not making side-loading technically inferior. That put the fear of God into Google and gave them a massive financial motive to undermine that effort.

It’s not like Google hasn’t badly screwed up many times with Android security in the past.

Why would they not allow you to sandbox non-play store apps?

Everyone wants their phone to be just as open as their computer and without restrictions - you have that with Android. The minute apps are forced to be in a sandbox, you forgo “openness” and “choice”.

I don't think there's any relationship except an inverse one between user choice and app sandboxing.

QubesOS, Snaps, Firejail, Sandboxie, browser tabs to some extent, restrict user-freedom in only the most technical way, with no bundled choice traps. On the contrary, a good sandbox allows users to forego human curation/proprietary malware detection services and execute any code they want.

But once you have a sandbox, you limit what the app can do. Would the outspoken users on Android be happy if the sandbox for side loaded apps restricted functionality they wanted?

Yes, the issues highlighted in the thread stem not from the technical limitations of Android sandboxing but political censorship by Google. Covid-19 isn't transmitted through apps. This is a stereotypical false dilemma fallacy, where users are artificially forced to chose between security and censorship.

And government wouldn’t try even harder to censor? The big thing in the early 90s was the government going out of its way to try to force the record labels to censor hip hop groups like NWA (F the Police) , 2 Live Crew, and Ice T (Cop Killer).

Do you remember all of the moral panic about violent video games after Mortal Kombat came out?

That depends on who controls the sandbox. I certainly would like to limit what apps can do. The sandbox should give me control of the software on my device.

>new efforts such as Google Play Protect to outright block software obtained outside the Google Play store

Wait a sec, does this affect F-Droid as well?

Someone needs to take this to the EU courts and force google (and apple) to allow the use of alternate app stores that are not technically hindered.

It was done with Windows and Explorer so I don't see why this is any different.

Alternate app stores have been allowed on Android since day one.

But only if you set a security flag to "allow anything to be installed". I want a security flag that says "allow apps from sources signed by the following keys", where I can import app store keys from the app store(s) of my choosing. So I'm still protected, as long as I trust those app stores that I import.

That has changed somewhat recently (android O I believe?). Now, when an app tries to start an installation, Android will bring you to that app's setting page where you can toggle an option "Allow this app to install other apps" or something along those lines. It's a lot more straightforward than it used to be.

That said, auto-updates are still not possible without root access, I believe.

If anything, new Android is killing termux, one of the best apps for devs:


Yeah, that's going to work really well for the average consumer....

"Allow this app to install other apps" and behind the scenes this means it adds the store's public key to "known sources."

Just because the parent is talking about the implementation doesn't mean the user-facing UI will actually expose any of it.

That doesn't matter when companies ship their own app stores installed as systems apps like Samsung and Amazon do.

Well, everyone wanted Android to be just as open as their computer and for the “experts” to be able to install any app that you wanted. You have your wish. There are no such safeguards on computers.

Not really. You need to be root to have the same experience as playstore - namely auto updates.

So I’m going to both trust an app that is not sandboxed on my phone and trust it to update itself without my consent?

All apps are sandboxed in Android... even the ones installed externally.

Obviously not well enough considering what happened with Fortnite....

What happened to Fortnite?

> For the attack to work, it sounds like you would have already needed to have a piece of malware on your phone, ready and waiting to strike. But not a particularly sophisticated one. After you ask the Fortnite Launcher to download Fortnite, Google claims that any app with the WRITE_EXTERNAL_STORAGE permission would have been able to sneakily replace the real Fortnite app with a fake one after security checks were already complete. It's known as a "man-in-the-disk" attack.

Getting F-Droid is not "hard" but it isn't easy, and IIRC Google's Android gives off warnings. (Also it isn't as refined as the Play Store).

I believe the parent was suggesting, like with Windows/IE decades ago, that Android phones may have to come with a prompt to enable alternative stores to Play.

That worked really well for Windows....

How are app stores on Android technically hindered? I thought except the additional step for installing them, there is no difference in ability?

A 3rd-party application store can't update apps silently to name one, the user has to approve every app update one by one.

At least for fdroid you can update apps silently. You need a rooted device, flash [1] and install the f-droid privilege extension [2].

[1] https://f-droid.org/en/packages/org.fdroid.fdroid.privileged...

[2] https://f-droid.org/en/packages/org.fdroid.fdroid.privileged...

It's certainly possible, but as a regular use, it's a giant pain in the ass.

Alternatively you can install the f-droid privilege extension module in magisk.

This is how it should be. You cannot trust developers to not break things. Whether that's from ignorance, incompetence, just don't give a shit attitude, it results in the same. I'm not saying don't update, but update when you understand what the update will do. It's funny (ironic) that the people that these auto-updates are meant to "protect" are the non-tech types, yet these are also the people that tend to not do backups and are most negatively affected by bad updates.

I fully agree with this for non play store apps from a security standpoint.

I think the problem is that users aren’t given the option. Hence the original question of; what technical disadvantages do non-Play stores face?

I think we agree this is a crucial technical disadvantage. Do you think it would be fair for users to be able to make this decision for themselves on devices they own?

Also I believe a third party installed app cannot do a push notification when app is not open?

XDA Labs originally set out to do a few of these things.


It tries to provide an alternative to the 30% "platform charge", and offers PayPal and cryptocurrency payments (with real-time approval etc from what I recall).

It's hard to gain users on an alternative store, especially when most don't know what isn't available to them. And most also don't see the 30% fee being taken from the developer by the platform. Low cost apps are pretty much unaffordable to do at hobbyist scale when you factor in the platform charge, VAT, and taxes, and I fear for the future with app development heading down the route of only large professional outfits doing so (with their large, professional data gathering and monetisation plans).

Nowadays there is Aurora Droid that solves the curation question:

Aurora Droid supports F-Droid-like repos, you can have multiple selected, and they may include proprietary applications.

All usual issues with Android's security getting in the way still applies though.

Overall Aurora Droid is still miles away from a "proper" store, because there is no payment, there is no user feedback (so apps are still ordered by last updated or name...), and I don't think the author plans on adding such features (Because it also requires backend work). That's still a nice update to F-Droid original app.

Another F-Droid based store app is G-Droid. It is possible to write comments and apps are rated with a mix of user ratings, update intervals and github ratings.

From my understanding, most developers never see this it even know it's there.

Amazon have one but it's never really taken off outside the Fire device range.

It's not exactly what you asked for but there is the Amazon Appstore which can be installed on any Android device. It has paid apps/in-app purchases/subscriptions support.

It will 100% be filled with scammy and fraud apps instantly.

You can sideload apps on Android.

Apple rejected my update for having COVID-19 related keywords, I removed the keywords and submitted again and it was approved pronto. I wasn't trying to piggyback the pandemic or anything like that, I added the keyword because it's relevant to my app.

But as I understand it, Apple is not accepting any apps related to COVID-19 that don't come from an authority like a medical institution or a government body. In the face of the reality that there are many people ready to sell their mothers to slavery for profit(and even maybe likes or the LULs), I am O.K. with leaving the pandemic to the monopoly of institutions that can be held responsible for their actions.

You should try to re-submit your app without referencing to the pandemic in any way. Do not include any keywords that can get you flagged again. After all, the pandemic could have never happened. You are not entitled to profit from it, right?

Your description looks fairly innocent and I see how it is relevant to mention the quarantine and I wish you luck as your app might actually help people with it but it's not the end of the world not to use the word.

Unlike you, there are many people looking to rank high in the most popular keywords simply because these are popular keywords at the moment and it's likely that Google and Apple don't have a better way to separate bad apples from the good apples so they go for the crude but safe approach of banning them.

Google is just such an awful, despicable company, that I've actually moved everything I can from their platform. It wasn't easy, I'd been a Gmail user for nearly 15 years. I'd rather pay Microsoft a hundred bucks a year than support them. That's how much I hate Google.


I am using the German email provider mailbox.org They even report how often the government forces them to release info with a search warrant.

However, I have yet to find an email provider that mimics Gmail's tagging system (=> you can give n many tags to a single email and that email is only kept once on the server).

I often think that Google's "Don't do evil" motto is stretched way too often these days.

> However, I have yet to find an email provider that mimics Gmail's tagging system

IMAP does support keywords, which are basically tags. Probably some good IMAP-Client supports this?

There is also JMAP as a modern alternative to IMAP in development. Fastmail released a beta-interface for this, which also includes tag-support AFAIK.

And finally, Outlook surprisingly seems to support tagging, but they call it categories(?). It's not obvious at first if you only know traditional categories.

Thanks for your comments.

I have used Thunderbird and Evolution mainly. They cannot really do that afaik.

> Probably some good IMAP-Client supports this? The Gmail clients do that (at least the last version's I remember 3 years ago). Haven't seen any other FOSS that does so too. That is what made going away from Gmail kind of "hard".

Currently I'm using K9 on Android and the web client by mailbox.org based on OX AppSuite. Both are ok, but usability could be better.

Hmmm... I'm pretty sure you can give an email multiple tags on Thunderbird. Although, you run into an issue because some email servers don't support tag sync, so that might be creating an issue here. Or so I think.

In any case, best of luck with it!

On Gmail, I used their tags as what they appear on Gmail as, namely "virtual folders".

Thunderbird's tags are a different concept from folders on IMAP.

Ah, that is true. Got what you were getting at now :)

> The Gmail clients do that (at least the last version's I remember 3 years ago).

As I remember the way GMail is using IMAP keywords is considered "broken". They just do it wrong and make it impossible to play nice with alternate clients on gmail-accounts.

They removed "Do no evil" from their guidelines.

It's "Don't be evil" and it's still in the code of conduct:

  And remember… don’t be evil, and if you see something that you think isn’t right – speak up!
- https://abc.xyz/investor/other/google-code-of-conduct/

[^1] is the particular source I had in mind. It seems to no longer be a value but part of the signoff.

[^1]: https://gizmodo.com/google-removes-nearly-all-mentions-of-do...

The last sentence in your article:

'The updated version of Google’s code of conduct still retains one reference to the company’s unofficial motto—the final line of the document is still: “And remember… don’t be evil, and if you see something that you think isn’t right – speak up!”'

So they literally just moved it to the end of the code of conduct and did not remove it.

For real? Now I understand.

FYI, Fastmail has just launched Gmail-alike tagging in public beta.

I am pretty sure Protonmail includes tags (called labels)

Protonmail is very difficult to liberate your email from. I've tried their exporter, it didn't work for me. This was just earlier this year I tried that, too.

I actually run my own dovecot and postfix server, and use an SMTP proxy. That way I know I have full custody of my email.

I just use Outlook as a client, and it was surprisingly not awful.

Honestly, encryption and privacy isn't what motivates me. It's the fact Google could delete my data without warning, because they have with others. They also have no support I've ever been able to speak to. Even when I was using GCP, and I was paying Google hundreds for the privilege of decent technical support, it was like pulling teeth to get ahold of someone who could actually help. Not sure if Protonmail is like this, or has ever deleted paid accounts (I have one with them, too), but their vendor lock-in is very real, and it's justified through encryption and privacy measures.

Honey, if I wanted actual privacy and anonymity, I certainly wouldn't use a paid service. There are ways to get an email and server that never asks for your name, and can be paid for in privacy coin. Then, you can own your own VPN, and that's where you proxy. Tor wouldn't help here, since even if you ran a hidden service and SOCKS proxy, you're still screwed if the logs are compromised. So make sure your distro is adequately LUKS encrypted, etc., etc. Best to think hard about your threat model depending on what you want to do. I don't do illegal shit, but I'd just done the thought exercise of how someone would if they lived in a place where stuff we'd consider an infringement on our freedoms an acceptable reason to do something illegal in their jurisdiction.

The United States is a remarkably safe place to do business and live your life, as long as you keep your nose clean and pay your taxes. Have some money stashed away for a good attorney if necessary. Try to make their job easier by not doing anything the cops would need to care about, of course.

But people like easy privacy, and pseudonymity even when they're doing nothing that could even be misinterpreted as illegal. But if they were, they're absolutely doing it wrong if you pay for Protonmail, or don't but sing up with a phone number they pay for or with their personal Gmail address.

wait... what makes Microsoft any better? I mean, the only reason they aren't flexing the same muscle is because they don't (today) have the monopoly power Google has.

...but when they did, they acted the same way. ...and if they do again, they'll do the same as Google.

The only correct move, IMO, is to self-host.

I've had a private email address and domain for years, sending and recieving via gmail. I'm looking to move away from gmail to some other hosted solution that I can keep my personal domain emails with, without having to have my own SMTP servers running. Any suggestions?

Had very good experiences with FastMail.

try Zoho. recently moved my emails to it. I like it so far..

If Google specifically says in it's Google Play TOS that keywords related to COVID-19 are forbidden, then the decision is correct.

Stop hating on Google! Google is one of the few companies that provide quality services for end-users "for free".

You're right all just "for free" don't mind them now slurping up your emails, tracking your locations at all times, recording your voice, and more. It's free. Don't worry about what's happening outside the Coliseum focus on the bread and circuses being passed out everything is fine.

I mean, the very subject of this thread started with a description that contained no COVID keywords, so "related" must be interpreted (to me, unreasonably) broadly.

Since there are no rules, and no published list of words you can't use, there's also no recourse. Irrational and irresponsible.

Par for the course for Google, really.



>Please don't post insinuations about astroturfing, shilling, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email us and we'll look at the data.

Unlikely. Google employees are paid too much to care what people on a forum think about the company.

Googler here.

You might be surprised about what Google employees care about.

I have a strong love/hate relationship with all this App Store oligopoly. Love because often they are weeding out apps with security/privacy concerns. On the flip side, cases like this where you are 600 feet buried in red tape trying to talk some sense into someone at the company.

You can try to talk to someone at Google, but good luck with that. I think you’re doing what’s best now. Shine a spotlight so far up Google’s hooter via publicity about your case that someone higher up catches your attention and remedies the situation.

I wonder why Apple can’t treat apps the same way they treat charging cables? The Apple approved cables are usually a bit more money but I’m willing to pay a few extra bucks because Apple provides a valuable service to me - I know the cable is much less likely to fry my device. Likewise I’d be willing to pay an extra dollar or two for an app that jumped through all of Apple’s hoops.

My brother made an app to help people remember to wash their hands when they get home. Simple. Free. No ads. Very minimal. Tracks location locally but doesn't collect it or make any network calls. Google denied him from publishing to the app store until he removed all references to Coronavirus or COVID-19.

I only downloaded it because he's my brother but I now realize how helpful it is and it's frustrating that potentially helpful apps are getting banned when they're not even attempting to profit.

>Please remove all metadata and In-app mentions of COVID-19 or its related keywords such as stay home, social distancing, etc.

that is just crazy

As usual they are just using a hammer to crack a nut.

They can't pull this shit with youtube because creators have a direct line to draw attention to it. With developers they know it will go largely unreported

Could you post your back-and-forth with google support?

In the worst case, I doubt it will resolve anything but it could give other developers an idea on how or how not to communicate with google. In the best case, you might restore your app on google and have a template for other developers on how to deal with this issue.

If you have send a request but didn't get a reply, please post those as well.

They banned my app which gives COVID-19 related information in Sign Language. No reply on my appeal yet.

You need to give me more than this. Like: I filed a complaint at date X, time Y, and wrote <this>. Today is date X1 and I haven't received a reply.

It might not matter for your case, but the next time I'm in a meeting I can use this to say "Hey, maybe it's not smart to go with those services from company Z"

I doubt this will be of much use to you but here are the emails I received from Google.

I appealed to Google on March 27th at 9:18AM. Received a response on March 30 at 5:31 AM telling me they received my appeal. Google denied my appeal on March 30 at 8:43 PM with no more information than the original. I responded to Google within minutes on March 30 at 9PM. I received an email back from Google on April 1 at 1:10 AM with a final "fuck you."

Here is the last email from Google:


Thanks again for contacting the Google Play team.

As much as I'd like to help, I’m not able to provide any more information or a better answer to your question. In our previous email, I made sure to include all the information available to me.

As stated in our previous email, we have confirmed your violation, we will not be able to reinstate your app if you don't provide proof that the app is from, commissioned OR supported/acknowledged by a government entity or public health institutions like WHO.


And the original rejection from Google:


During review, we found that your app violates the Sensitive Events policy. Specifically, we don't allow apps that lack reasonable sensitivity towards or capitalize on a natural disaster, atrocity, conflict, death, or other tragic event.

You can read through the Sensitive Events page for more details.

For example, your app currently contains content towards a specific sensitive event, such as Coronavirus, without legitimate source of information.

If you are one of the following, please provide verifiable documentation for our review.

A government body/healthcare organization who developed this app. A developer commissioned to build this app by a government or an official health organization entity (examples include WHO, Red Cross, Hospital, etc). An app supported/acknowledged by a government or official health entity for use. Alternatively, please be advised that we will not be able to reinstate your application without the above documentation.

You may also want to read through the Protecting People From Misinformation paragraph in article Coronavirus: How we're helping on Google's blog.

If your developer credentials are still in good standing with Google Play and if your app allows for it, you can publish a new compliant version of the app by following these steps:

Make the necessary changes to your app to address the issue described above, if possible. Double check that your app complies with all other policies listed in the Developer Policy Center as additional enforcement could occur if there are further policy violations. Sign in to your Play Console and upload a new app using a new package name and a new app name. Thank you for your understanding. Please let me know if you have any other questions on Google Play policy.


Your app can't even mention the words Covid or they'll suspend the app and ding your account. Absolutely preposterous.

That is rough. I had to read your text several times to find anything related to COVID, but I guess it is the "which will allow you to enjoy this confinement" part.

I'm no expert, but I guess you need to try and phrase it like it just the thing you need when you are home, and let the users figure out why they are home.

Could also be mentioning of "quarantine" directly. Might make sense to make your app description more generic to just being home, so that it will still be applicable after the COVID-19 pandemic has come to a conclusion.

Yeah, makes me wonder if apps for "stay at home" parents are getting hit too, despite the fact that the expression is decades old.

They're doing the same on YouTube. Just mentioning covid will get a video demonetized regardless of content. It's as if Google's position is that we have to deny anything is out of the ordinary, like it isn't touching the lives of every person in the world.

My app was suspended back in March just before Google updated their policy regarding to COVID. And my app was just being submitted for (my own) internal testing, didn't even made public.

One would've thought the change in policy back then was to allow Google to offer more clarity and fairness.

Seems things are going the other way.

Hacker News Discussion: https://news.ycombinator.com/item?id=22462315

Updated Link to Blog Post: https://flyingnobita.com/mobile/flutter/2020/03/02/coronavir...

Note that, unlike OP's events app, your app was specifically about Covid/Coronavirus and serves no other purpose but to deliver Covid/Coronavirus information. I expect their judgement call is more plausible in your case than in OP's.

Agree that it's a different case than OP's.

Though I'm still puzzled at how Google allows so many YT feeds showing live COVID stats.

> This is my case, but in a near future, how I can advertise my users or future users that my app behaviour is different due to COVID, I have no chance

Why do you want to advertise that to your future users?

From your description, your app appears to be an event finder that started out for only physical events, and you later expanded that to include online events.

The app itself does not appear to have anything to do with COVID. COVID was simply what personally motivated you to add online events, and so it's not clear to me that including COVID related words in the description will actually help anyone find or understand your app on the store.

With this policy Google should ban Facebook, Twitter, YouTube, Vimeo, every news app, Reddit, etc, etc, etc.

Of course, they won't, because this policy is absurd and enforced unevenly.

Artificial intelligence?

More like dumber than the dumbest human.

Yes. Going after the crop of fraudsters and SEO scammers trying to cash in on the crisis is a fine idea. But between this and Podcast Addict, it's pretty clear they're just indiscriminately deleting everything or trusting and algorithm to make hard calls.

The odds are good they ban Red Cross or a reputable news organization.

Whoa, they took away Podcast Addict? I've used PA for nearly a decade and can't see how they could credibly ban it from their store. Either this is a result of their advanced "AI" making an oopsie or they're using the current situation as an excuse to axe their competition, and I'm more likely to believe the latter. Google always acts with a degree of plausible deniability.

I don't understand how Google could decide a single organisation has the canonical source of truth on a subject, nor the failure in logic Google are using to determine there's any way to determine absolute truth at scale.

Keep in mind the WHO published this in January:

> Preliminary investigations conducted by the Chinese authorities have found no clear evidence of human-to-human transmission of the novel #coronavirus (2019-nCoV) identified in #Wuhan, #China🇨🇳.

If Google's policy of removing anything that contradicts the WHO existed back then, then they would be deleting any heterodox opinion saying Corona can be transferred between humans.


I've had a similar experience about two months ago. Our app is a simple health and fitness tracker. When corona broke out, we made some adjustments so that people could track their symptoms and export them as Excel file in order to share it with their physician or health authorities. We also adjusted our description accordingly and got banned immediately. We appealed to the ban, removed everything related to corona from the description (I guess the word „quarantine” is the offending word in your case) and got reinstated after a few days. Nowadays it's used by thousands of people participating in a COVID-19 longitudonal study and we haven't had any problems again. Takeaway: Unless you're the WHO, don't mention anything related to COVID-19 in your description. Ask your Chinese friends how to deal with censorship, in Finland they simply make „Kotona” („at home”) instead of „Corona” Videos on YouTube. https://www.millionfriends.de/coronatracker-suspended/

Maybe a solution for this sort of thing might be progrsive web apps. You won't be subject to the risk of an app store knocking you off.

Youtube also removed several videos from a youtube channel MedCram.com. Its a channel run by a medical doctor who discusses updates from medical journals in technical detail.

The following videos have been removed from youtube.

- Coronavirus Epidemic Update 10: New Studies, Transmission, Spread from Wuhan, Prevention (2019-nCoV)

- Coronavirus Pandemic Update 43: Shortages, Immunity, & Can a TB Vaccine (BCG) Help Prevent COVID-19

- Coronavirus Pandemic Update 57: Remdesivir Treatment Update and Can Far-UVC Disinfect Public Spaces

- Coronavirus Pandemic Update 60: Hydroxychloroquine Update; NYC Data; How Widespread is COVID-19

- Coronavirus Pandemic Update 71: New Data on Adding Zinc to Hydroxychloroquine + Azithromycin

Watch their latest video to see that they try to stick to the facts and avoid politics: https://www.youtube.com/watch?v=UANgon3Umns

I follow some Brazilian YouTubers who are referring to the covid-19 as "Voldemort".

I believe Google made it clear they will only allow a very small subset of apps related to COVID-19 so they can make sure that

- The information on their app store regarding the virus is 100% medically and scientifically accurate.

- Nobody takes advantage of the pandemics to profit.

"circumstances beyond our control"

"global circumstances"

"event restrictions"

Google pays people hundreds of thousands $ per year so that it acts like a faceless government bureaucracy staffed by lazy drones.

Simple solution is to just stop writing apps for Google's platform. There are other avenues that aren't dependent on the corp whims of entities you can't really talk to.

Not really. The only other option is to limit your service to only desktop PCs/websites which is not super helpful to normal people that just use their phones for everything.

Google has a monopoly on phone apps. If they don't like your app then you pretty much don't exist. You don't have many options.

"Normal people" do not just use their phones for everything. Normal people use their phones for getting around and they stare at the screen when they are bored, for example waiting for a bus or waiting in line.

When they want to do real work or real play they don't do it on their phone, they need a larger form factor with more power, a bigger screen, and better input technology, whether that is a laptop/desktop or game console.

This idea that if something isn't available on your phone, then it's not available is silly. There are many things that, while you can technically put on a phone, really don't thrive there. Phones are low powered, minimal form factor devices with inferior inputs. You do stuff on the phone because the benefit of doing it from any location far surpasses the unpleasantness of the interface. For example getting a cab, or figuring out how to get from A to B, or sending a quick message to someone when you are away from the house.

If it's not related to helping you move around from place to place, or helping you connect to a friend quickly, it's not going to thrive on the phone even if you put it there, and if you look at the usage statistics of phone apps versus regular PC apps, you'll see this confirmed.

> When they want to do real work or real play they don't do it on their phone, they need a larger form factor with more power, a bigger screen, and better input technology, whether that is a laptop/desktop or game console.

That’s clearly not true. For a large portion of the world, the smartphone is their only computing device.

There are about 6 billion smartphones in use. Last I heard, the desktop/laptop install base was around 1 billion, but that’s a fuzzy memory.

Counting install base doesn't matter when you are comparing such different devices. There are more shoes than cars in the world, but that doesn't mean you are going to sell hood ornaments to people who only have shoes. The large number of cheap smartphones simply aren't going to be useful to run your office app, regardless of the size of the install base. And for the types of phones that will run your app well and give you access to the customers with the spending power you care about, you will discover that they cost a lot more than a standard desktop and about as much as a decent laptop. People who can afford those phones have options to use the best form factor and will use their phone when mobility is much more important than a lousy interface, which is why there has been so little success in the mobile app world outside of the top 10 apps, which are stuff like Uber, google maps, etc. But if your reasoning is to be followed, it must be the case that billions of people care mostly about maps, connecting with friends on facebook, and getting taxis than about using other applications, which isn't the case at all, it's just that's what people do on their phones.

Roughly half of lower-income Americans don’t own a PC[1], and we have some of the highest market share in the world. I don’t have numbers handy outside the U.S. but again, 1 billion PCs doesn’t cover much of the population.

The trend has been obvious for years: more and more people do all of their computing on smartphones.

[1] https://www.pewresearch.org/fact-tank/2019/05/07/digital-div...

89% of US households have a laptop or desktop. That doesn't mean each family member has their own, whereas it's more likely to have each family member have their own phone, say on a family plan. But in terms of revenue generating opportunity, if someone cannot afford a laptop or a desktop, they will not own an iPhone either, which accounts for 2/3 of mobile revenue, and they are not going to be running your complex smartphone app on their discount android device, so you haven't responded to my argument at all; you keep fixating on counting the number of devices rather than looking at actual addressable markets and the best way to generate revenue from people who can afford to pay for your product or that advertisers will pay to market to.

Just to throw some numbers out there, as of 2018:

iOS revenue: 47 B. (global, all sources, software, ads, etc) [1]

Google play: 25 B (global, all sources, software, ads, etc) [1]

Global software revenue: ~450 B (global) [2]

Total software revenue (US only): ~260 B. [3]

You are right about the 90% and 10%, but it's not pointing in the direction you think. So you can keep counting devices with very different characteristics and insisting that one number is higher than the other, or you can start counting dollars.

[1] https://www.businessofapps.com/data/app-revenues/

[2] https://www.statista.com/markets/418/topic/484/software/

[3] https://www.statista.com/statistics/184124/estimated-revenue...

> If it's not related to helping you move around from place to place, or helping you connect to a friend quickly, it's not going to thrive on the phone even if you put it there, ...

Then why is the games category the #1 promoted category on the Apple App Store?

Well, there's always the web. PWAs are well-supported on Android, and require nobody's permission.

However Google frames it, I see this as nothing more than them grabbing a chance to monopolize a popular search term for their own revenue with plausible deniability.

Google did not behave like a reasonable business partner. Maybe it would be good to ditch it and support independent web

And how long before Google decides that all detected side-loaded apps are harmful and automatically removed?

I mean, at least they allow sideloading at all, which is more than can be said for that other App Store ecosystem. Still hoping the EU will force Apple to allow sideloading on iPhones, but I’m not super optimistic.

Indeed. And they allow third-party payments from within apps. And they have long since supported the most important PWA features (including notifications) in the mobile browser, making the unrestricted web a viable platform for delivering apps.

I sometimes find it difficult understanding all the complaining about Google and all the love for Apple, with regard to doing what's right.

Since Google is taking such a strong position against what they view as COVID19 misinformation, are they liable if I get sick as a result of some misinformation that managed to get through their filters? I might not try to go after some small time app developer or other rando on the Internet, but if Google is willing to stand behind their guarantee with those wonderfully deep pockets...

That's like saying the police are liable for you being robbed because the thief wasn't in jail.

I think the point is, if Google isn't liable, then why are they censoring apps based on COVID-19 keywords? Doesn't seem to be any of their business.

And if the police aren't liable, why are they putting people in jail?

Liability is not the only reason Google might choose to censor Covid keywords. They might do it because their users expect them to. They might do it because they think it's the right thing to do. They might do it because they care more about blocking disinformation than allowing useful information. They might do it because a programmer has been working on this really cool censoring algorithm and they want to test it in production. They might do it because they're tired of people talking about Covid on their platforms and want it shut down in general.

Section 230 applies to every major/minor platform in the US, granting all of them immunity from liability for most content. And yet, virtually all of them from Facebook to 4Chan, from Youtube to Pornhub, from Reddit to tiny 200-member Wordpress forums -- all of them censor some content. So liability is clearly not the only motivation for platforms to moderate, otherwise every comment section would be 8Chan.

Don't use their services ?

Yes. They are partially liable if you went through them.

Censorship of any content implies approval of all remaining content. One can't be protected from liability as a common carrier if one is curating.

So if you have been provably harmed by anything Google has served you, you can sue the owner of the content and join Google as a defendant.

(Not a lawyer.)

> Censorship of any content implies approval of all remaining content. One can't be protected from liability as a common carrier if one is curating.

No, that's literally the opposite of current US law. See https://en.wikipedia.org/wiki/Section_230_of_the_Communicati...

Moderation does not imply endorsement of remaining content. It only implies disapproval of the rejected content.

There are plenty of people who who would like to change the current legal system, but (thankfully) by either grace, luck, or perseverance they have so far been prevented from doing so.

I stand corrected.

Does taking a third of the revenues imply endorsement?

Not legally. If someone published an app on the Apple store that slandered you, Apple wouldn't be liable, even if they had profited from that app.

The goal of Section 230 is to allow companies to moderate. It was based on two cases: one where a company that tried to moderate harmful content got stuck with liability, and one where a company that did no moderation at all got off by calling itself a platform.

The point of Section 230 is that you should be able to moderate a forum you run or remove malware from the Ubuntu repositories without opening yourself up to liability. There is no exception to Section 230 based on revenue. If you put a paywall up on your forum, you don't suddenly become liable for slander that someone else posts.

I am not a lawyer and this isn't legal advice, but if you really wanted to find a way around that, probably the best strategy would be to argue that the company was purposefully disseminating unlawful content. A lot of old pirate hosting sites got hit with this. They weren't liable because they were publishers, they were liable because lawyers argued that piracy was the only reason their services existed, and that in some cases the companies had gone far as to encourage their own employees to upload pirated material.

So I'm not going to make a 100% black-and-white blanket statement; there are ways you could get around Section 230. But none of them really apply to Google. Google isn't building its own ads for Covid misinformation, and it would be hard to argue that banning the Covid keyword was evidence that they actually wanted misinformation to spread.

I don't think section 230 would be able to establish absolute immunity from liability that does not originate from moderation activity. If that were the case, it would be gamed to Hell and back with disparate legal entities and straw-man corporations, such that the immunized entity would book all the revenue, and the liability-exposed entities would be rendered judgment-proof.

If Google takes 30% of revenues from all apps on the play store, should it not assume 30% of product liability for the content found therein? It seems like a common sense rule, but that doesn't necessarily mean that it is anywhere in law, or that civil courts apply it.

If you put up a paywall on your forum, and it is a platform for libel, you damned well should be liable, at minimum to the extent to which you profited from the wrongful behavior, and possibly lessened by the extent to which any libel is usually moderated away.

If the moderation in place is so strict that it is producing significant false positives, why should the false negatives be protected? Having both is a symptom of sloppy, insufficiently earnest moderation.

I would assume from the actions of Twitter that they implicitly endorse content from people like Elon Musk and Donald Trump, and I would assume from Facebook that they implicitly endorse misinformation campaigns. They are making money on their failure to moderate to their own published standards. Should that be legally protected? Section 230 presumably makes no exception for lazy, insufficient moderation.

> If you put up a paywall on your forum, and it is a platform for libel, you damned well should be liable

But legally, you aren't. Both Compuserve and Prodigy, the companies that Section 230 are based on, were commercial services that made money. Section 230 is a blanket protection, it doesn't have an exception built in to open liability back up in the case of lazy, insufficient moderation.

That's been upheld pretty consistently since the law was created. In particular, in 2008:

> Immunity was upheld against claims of fraud and money laundering. Google was not responsible for misleading advertising created by third parties who bought space on Google's pages. The court found the creative pleading of money laundering did not cause the case to fall into the crime exception to Section 230 immunity.

Scrolling through the case law since Section 230 was founded, you'll see that many of the cases it was used in involved commercial entities that profited from their services.

> If the moderation in place is so strict that it is producing significant false positives, why should the false negatives be protected?

Because that was the intention of the original law. The thought was that if moderation creates liability, companies won't do it. If scanning for malware makes Google liable for malware under some ruling that their moderation isn't "complete", then there's no incentive for Google to scan for malware in the Play Store. And if nobody moderated anything, the Internet would become a cesspool of malware, spam, pornography, advertisements, misinformation, hate speech, and general poor content.

Of course, some people think the Internet already is a cesspool in that regard, but my feeling is they don't have a good grasp on how much worse the problem could be.

Section 230 was created specifically to protect services who tried to moderate content, but who didn't do a perfect job, because (the thought was) imperfect moderation is better than nothing. It didn't come with a clause that said that companies would lose their protection if they were accidentally banned the wrong person, or if they had inconsistent standards, or if their standards were lazy.

> Should that be legally protected?

Legally, it is protected. Should is a separate question, and people are free to believe whatever they want. There is no shortage of Democrats and Republicans in Congress right now who are asking that same question, although the two parties seem to have radically different, incompatible ideas about what the world is going to look like when the protection goes away. And then there are a few people like Barr who mostly just care about using 230 as a proxy to attack encryption, which is at least a nonpartisan goal that the DOJ has consistently pursued across multiple presidencies.

But the point is, whatever these people's motivations, if you really think that Section 230 was a mistake, it's not impossible that you might be able to get a world without it in the future -- and then we'll all find out whether or not it was a good idea. Just expect some hefty resistance from people like me, as well as from organizations like the EFF and ACLU.

So, essentially, 230 was a gift by legislators to businesses running walled gardens at the expense of those being paid to patrol the bazaar.

I've banned Google from my life, and everyone else should too.

Google is not the benevolent dictator of the internet. They are a profit drive soulless corporation. Not saying that’s good or bad, just saying you should expect zero favors from a sociopathic entity.


I'm not a fan of censorship at any level. But at least you can always have Android users install themselves.

Sure you don't get their massive advertising platform Play Store. But that's Google's decision.

You can organically develop users, you don't need Google.

That's an option that requires some tech savviness. The choice architecture of Android heavily favours Play Store, so it's deflecting the issue to say it's not a form of censorship because there's a workaround.

stop using COVID-19 as SEO keyword!

Google (and Facebook and Twitter and Medium....) are turning into absurd comic book level censors. They have too much leverage and influence over society, and moves like this meaningful harm people’s ability to communicate and conduct basic activities. Google is the worst of them, and should be broken up immediately on antitrust grounds. But let’s not ignore that COVID-19 has exposed the hamfisted authoritarian rule of the digital public square by virtually all technology companies.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact