Michael Buckley (Mastodon, Hacker News):
At some unknown point in the future, Google will revoke Transmit’s access to Google Drive. Sometime after that, we’ll be releasing updates to Transmit and Nova that remove the ability to create Google Drive connections.
[…]
In March, Transmit was re-approved for Google Drive access — but we were told we would now need to pass this check annually. At this point, we began to question whether this yearly process was worth it.
Between the weeks of waiting, submitting the required documentation and the process of scanning the code, it took a significant amount of time from our engineers. For example, Google provided a Docker image for running the scanner, but it didn’t work. We had to spend more than a week debugging and fixing it. And because the scanner found no problems, it didn’t result in any improvements to Transmit. No one benefitted from this process. Not Google, not Panic, and not our users.
[…]
Google completely removed the option for us to scan our own code. Instead, to keep access to Google Drive, we would now have to pay one of Google’s business partners to conduct the review. […] These ever-shifting requirements and expenses are finally catching up to third parties.
Damien Petrilli:
I have the feeling that Google Drive is going to be useless very soon. Most indie apps are going to stop supporting it.
Previously:
Google Drive Mac Mac App macOS 15 Sequoia Nova Panic Transmit Web API
Ashley Belanger:
Musi, a free music-streaming app only available on iPhone, sued Apple last week, arguing that Apple breached Musi’s developer agreement by abruptly removing the app from its App Store for no good reason.
According to Musi, Apple decided to remove Musi from the App Store based on allegedly “unsubstantiated” claims from YouTube that Musi was infringing on YouTube’s intellectual property. The removal came, Musi alleged, based on a five-word complaint from YouTube that simply said Musi was “violating YouTube terms of service”—without ever explaining how. And YouTube also lied to Apple, Musi’s complaint said, by claiming that Musi neglected to respond to YouTube’s efforts to settle the dispute outside the App Store when Musi allegedly showed evidence that the opposite was true.
[…]
In its complaint, Musi fully admits that its app’s streams come from “publicly available content on YouTube’s website.” But rather than relying on YouTube’s Application Programming Interface (API) to make the content available to Musi users—which potentially could violate YouTube’s terms of service—Musi claims that it designed its own “augmentative interface.” That interface, Musi said, does not “store, process, or transmit YouTube videos” and instead “plays or displays content based on the user’s own interactions with YouTube and enhances the user experience via Musi’s proprietary technology.”
Ben Lovejoy:
Musi launched back in 2016, and proved a big hint with teens in particular, as it provided completely free music streams without the audio ad interruptions you get on Spotify’s free tier.
By the beginning of this year, Musi was actually bigger than many of its rivals.
[…]
The Google-owned company said that Musi violated its terms of service by doing this, while the service claimed it was effectively just acting as a web browser and therefore was doing nothing wrong.
Previously:
App Store App Store Takedown Copyright iOS iOS 18 iOS App Lawsuit Musi Music YouTube
Bruce Schneier:
The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994.
Zack Whittaker:
The wiretap systems, as mandated under a 30-year-old U.S. federal law, are some of the most sensitive in a telecom or internet provider’s network, typically granting a select few employees nearly unfettered access to information about their customers, including their internet traffic and browsing histories.
But for the technologists who have for years sounded the alarm about the security risks of legally required backdoors, news of the compromises are the “told you so” moment they hoped would never come but knew one day would.
Jon Brodkin:
The Washington Post reported on the hacking campaign yesterday, describing it as “an audacious espionage operation likely aimed in part at discovering the Chinese targets of American surveillance.” The Post report attributed the information to US government officials and said an investigation by the FBI, other intelligence agencies, and the Department of Homeland Security “is in its early stages.”
The Post report said there are indications that China’s Ministry of State Security is involved in the attacks.
John Gruber:
This incident should henceforth be the canonical example when arguing against “back doors for the good guys” in any networks or protocols. It’s not fair to say that all back doors will, with certainty, eventually be compromised, but the more sensitive and valuable the communications, the more likely it is that they will. And this one was incredibly sensitive and valuable. There are downsides to the inability of law enforcement to easily intercept end-to-end encrypted communication, but the potential downsides of back doors are far worse.
Nick Heer:
According to a 2016 paper from Public Safety Canada, “Australia, the U.S., the UK and many other European nations require CSPs [Communications Service Providers] to have an interception capability”; it also notes Canada does not. Such a requirement is understandable from an investigative perspective. But, as Pfefferkorn says, capabilities like these have been exploited before, and it will happen again. These are big targets and there are no safe backdoors.
Previously:
AT&T China Exploit Federal Bureau of Investigation (FBI) Internet Service Provider (ISP) Legal Security Verizon Web
Sean Hollister (PDF, Hacker News, MacRumors):
Today, Judge James Donato issued his final ruling in Epic v. Google, ordering Google to effectively open up the Google Play app store to competition for three whole years. Google will have to distribute rival third-party app stores within Google Play, and it must give rival third-party app stores access to the full catalog of Google Play apps, unless developers opt out individually.
These were Epic’s biggest asks, and they might change the Android app marketplace forever — if they aren’t immediately paused or blocked on appeal.
[…]
In Epic v. Google, Epic successfully argued that Google had created such a substantial array of deals with developers, carriers, and device makers that it was nigh-impossible for rival stores to spring up. By blocking those sorts of deals, and proactively helping rival app stores, it’s possible some real competition to Google’s monopoly could now arrive.
Google will still have some control over safety and security as it opens up the Google Play Store to rival stores. The injunction says that Google can “take reasonable measures” that are “strictly necessary and narrowly tailored” and are “comparable” to how it currently polices the Google Play Store. Google will be able to charge a fee for that policing, too. Epic has repeatedly argued that Google should not be able to deter third-party app stores through policing, so it’s likely Epic and Google will keep butting heads over this.
Thomas Claburn:
Google, in a blog post, unsurprisingly disagreed – it is appealing the verdict and will ask the courts to pause the injunction until its appeal is heard.
John Gruber:
What Judge Donato is demanding is effectively pass-through to the actual Play Store listing for any apps and games that aren’t available in a third-party app store. So if you search in the Brand X app store for “FooApp” but FooApp isn’t available in the Brand X store, Brand X’s store app can let you install and download FooApp from the Play Store. But that counts as a regular Play Store installation. It’s just a way to encourage users of third-party stores to search those stores first, even though the vast majority of apps will likely remain exclusively in the Play Store.
Michael Love:
This is fantastic news, going way beyond what Apple v Epic required. And will solve a big practical problem for me, namely that people get unofficial mirrored Play versions of Pleco from Chinese app stores, can’t use Play IAP + I can’t link to another method.
It’s also going to help a lot with getting iOS users to buy from my website, because their Android friends will see a link to save money buying on my website and will tell their iOS using friends about it. (In fact I can even mention in the app that it works on iOS too)
M.G. Siegler:
The DoJ is basically putting every option on the table, including the big one: a breakup of Google itself into smaller parts.
Previously:
Update (2024-10-10): See also: Hacker News.
Android Antitrust Department of Justice (DOJ) Epic Games Google Google Play Store Lawsuit Legal