Google Bans Disconnect.me App From Play Store Based On Vague Guidelines
from the not-this-again dept
Having had our own run-ins with Google’s opaque (and often hypocritical) decision-making process at times, it’s not surprising (though unfortunate) to hear of yet another case. The folks over at Disconnect.me have been working on tools to give people more control over their own data and how it’s shared. They’re not looking to stop all data sharing, but rather put it back under the control of the individual users, rather than companies in the middle. While this may make some companies nervous, it shouldn’t. A company that is actually providing value and is properly transparent shouldn’t have to worry about such things.
So it’s quite disappointing that Google has chosen to pull Disconnect.me’s new app from the Android store based only on a very vague and broad “prohibition” in its terms of service, saying that you can’t offer an app that “interferes with” other services. The email Google sent doesn’t provide many details, other than saying that the Disconnect.me app “interferes with or accesses another service or product in an unauthorized manner.”
Now, you can understand the basic rationale for why this term is in Google’s rules — the intent there is to block malicious activities. But what’s “malicious” in this context? Disconnect believes Google mistook its app as an adblocker:
But our mobile product (like our Desktop product) is not an adblocker. Instead Disconnect focuses on protecting people from invisible tracking and sources of malware, and all too often these threats come in the form of advertising. In fact, some of the most privacy invasive data collection online happens through ads, which see you even if you don?t see or interact with them. And worse, ad networks (including Google) are increasingly being used by ?advertisers? to spread malware. This increasingly popular tactic, called malvertising, is currently being investigated by the US Senate, and Disconnect Mobile is the first app to directly address it.
The fact is, we are not opposed to advertising and think advertising plays a critical role in the Internet economy. But we are 100% opposed to advertising that invisibly tracks people and compromises their security.
In short, Disconnect.me is working to block evil activities. You’d think that the company with the whole “don’t be evil” slogan would appreciate an app that tries to protect users from evil. But, as was the case when we got threatened with being cut off from ad revenue, it appears this is yet another case where you have a very large company that has put in place “by the book processes” that lead to a lack of common sense being employed. Instead you get checkmarks and bad end results. This all goes back to one of my biggest complaints about Google, going back years, that it continues to be the big white monolith when dealing with all sorts of users, customers and partners. Programs like AdSense and the Android Play Store are massive, and there are, certainly, those who look to abuse those systems. And so it’s no surprise that the company has put in place policies to help try to weed out those abuses — even leading to some false positives. The problem is that the company all too frequently doesn’t have any real second level of review where common sense comes back into play.
Disconnect.me is appealing the decision and seeing if it can get Google to reverse its position — and hopefully that happens. It still seems to me that this is one of Google’s most glaring problems as it has grown, and it’s shown little sign of improving on this front to date. I know that Google is especially sensitive to antitrust concerns being leveled against it, and I’m honestly confused why the company doesn’t view this as a potential concern on that front. When it has the ability to cut people off from areas where it has massive control (including the Android market and the advertising market), it’s only asking for trouble from those where it makes the wrong call.
Filed Under: apps, disconnect, play store, privacy, protection
Companies: disconnect.me, google
Comments on “Google Bans Disconnect.me App From Play Store Based On Vague Guidelines”
Slogan is inoperative
That slogan stopped being operative quite a while ago.
This sort of thing highlights one of the main advantages of Android, though: you don’t have to use the app store. Developers can develop and distribute apps, and users can find and install them, without ever touching Google Play. Not only are there several alternative app stores, but nobody needs to use an app store at all.
Re: Slogan is inoperative
No I think it was quietly modified…
Don’t be evil, unless you are making bank off of the evil or taking a stand will get you lots of good PR.
In short, Disconnect.me is working to block evil activities
I can only think of a recurring theme on Techdirt, which is the concept of collateral damage or the punishing of the innocent. Disconnect.me may make a great claim, but reality says that they will harm many of the legal and legit things that happen online every day.
Yes, the user gets to choose. But much like an ad blocker or being selective about cookies, it quickly becomes a pain to create exceptions and instead, the user ends up surfing around with the thing turned on to maximum all the time.
Re: Re:
In that case, wouldn’t it be the user at fault, rather than the tool?
Re: Re:
Blocking ads these days is not so much ‘convenience’, as basic computer safety.
‘And worse, ad networks (including Google) are increasingly being used by “advertisers” to spread malware. This increasingly popular tactic, called malvertising, is currently being investigated…‘
Annoying ads are one thing, but when allowing ads through can compromise your computer, then you’d be a fool not to have an ad-blocker running at max all the time.
Now, to be sure that sucks for the ad networks and those that depend on ad revenue, but if they want to blame someone, blame the ad networks for not being active enough in keeping infected ads off their services, and forcing people to take the precaution of blocking all ads to protect their computers/devices.
Re: Re: Re:
Don’t fall for the scare tactic. General malware protection (such as an anti-virus) generally will protect you against malware arriving as advertising. For the most part, that vector uses flash (an unsafe product much of the time) which isn’t always supported on a mobile.
The blocker here can also cause users to be in violation of the agreements that they made when they accepted other software to be installed on their systems. As such, it gets in the way of agreements made between the user and third parties.
It does bring up the interesting specter of future apps which check and re-check their ability to fully operate on your phone, and failing so, could possibly uninstall themselves.
Re: Re: Re: Re:
BS Whatever. You’re talking through your nose with no actual idea of reality. I’ve had enough times that noscript and an adblocker prevented me from getting the malware that everyone else that wasn’t running it got.
As long as it is a security issue, I care not one iota whether some idiot makes money off advertising while malvertising is a practice. I notice when I get crap (which isn’t very often now-a-days) no one offers to come fix my computer. I have to spend my time and effort to find it or reload windows if it isn’t possible. I refuse and will continue to refuse to open my computer to this sort of wild west where the user is the targeted victim.
It is not up to the computer user to fix bad advertising. It is not up to the computer user to police that advertising to determine what is or is not good ads. They are the ones looking to benefit and as long as there is a chance this crap will once again infect, there is no way in the world they are going to get into this computer as long as I have the power to say no.
It has now reached a trust issue that I doubt advertisers can clean up and restore the trust of the surfing public.
Re: Re: Re: Re:
Certainly seems to be a lot of vague words in that response.
‘Generally’, ‘for the most part’, when talking about safety precautions, and such easy ones as installing an ad-blocker, there’s really no excuse not to. The right time to put in basic security is not after you get hit, it’s before.
Re: Re: Re:2 Re:
The point here is that the software isn’t about protecting you from malware (that is a low end thing) it’s about denying other apps / programs that you have installed the data that you have agreed to provide them – and that they are needed to make them work properly for you.
The whole malware thing is a red herring – and there are plenty of better ways to deal with it. Moreover, this might give you a false sense of security as a “trusted” website itself gets hacked and dumps a nice piece of malware on you – which disconnect.me won’t do anything about.
If you want an ad blocked, run an ad blocker. If you want anti-virus, run one. If you want to stop allowing apps to have access to the data you agreed to provide when you downloaded them, then remove them.
Re: Re: Re:3 Re:
“it’s about denying other apps / programs that you have installed the data that you have agreed to provide them”
Just because I clicked I agree on a EULA doesn’t mean I agree to anything. It’s my computer and I don’t make agreements with inanimate objects and I don’t recognize the software as belonging to anyone. I consider it software that I am free to use and modify at will how I see fit because all it is are bits and bytes that are configured a certain way and I can change those configurations as I see fit without violating any contracts. No software on my computer can rightfully put restrictions or conditions on what keystrokes and mouse clicks I press demanding that I do what the software says if I click I agree on a screen.
Just because I put a comment here that says you agree to give me a million dollars if you use Google search doesn’t mean doing so is an agreement to give me money. I don’t recognize your authority to make me pay you a million dollars for using Google search just because you proclaim that my use of Google search is an agreement to pay. Likewise a EULA saying that I agree to something if I use my computer a certain way by hitting agree is not an agreement to do so. I do not recognize your authority to tell me how I may use my computer just because I hit agree on a piece of software. I can modify the software and strip it of its EULA, its my computer and the bits and bytes on it belong to me and I don’t recognize your copy protection privileges.
Re: Re: Re:4 Re:
It’s my computer *
Re: Re: Re:3 Re:
I said it before, I’ll say it again. You know nothing about Android or how apps and app permissions work.
“The point here is that the software isn’t about protecting you from malware (that is a low end thing) it’s about denying other apps / programs that you have installed the data that you have agreed to provide them – and that they are needed to make them work properly for you.”
This app, like AppOps and numerous others, does nothing in regards to what you said. At least not in the way you describe it.
Those apps being denied permissions and data? They don’t actually need any of it to work properly for you. In point of fact, AppOps and numerous other similar apps to this one, give them either zeroed out data (or an equivalent thereof) or just flat out deny the permission entirely and the apps function properly anyway.
“If you want to stop allowing apps to have access to the data you agreed to provide when you downloaded them, then remove them.”
A total misnomer. You don’t have to remove them. You can use apps like this to deny them said data. There is no court of law anywhere in the world that would hold someone legally accountable for deciding to not give an app permission to access their data as it saw fit. None whatsoever.
And your bullshit attempt to paint it as an agreement between you and the app/app developers really says it all. Much like your “if you can’t do the time, don’t do the crime” bullshit.
If you like being told what to do and submitting to any and all authority (even in the form of apps) then so be it. But don’t make it seem like people have to accept what you so willingly do or like they can’t do something about it. They can. The use of this app isn’t illegal or anything of the sort and its use does in no way constitute a breach of agreement between the user and any given app they want to use.
Re: Re: Re:3 Re:
And what if I want to block those apps out of my own free will? The cell phone is mine. End of the story. You can prevent the app from working if you are trying some sort of freemium model but other than that you can’t prevent me from using any app. Case point: install cyanogen (absurdly easy) and manually revoke permissions and voila, you did the same thing and they can’t do shit.
I’m all for an app that asks for sane permissions and deploys reasonable advertising but that’s hardly the norm today.
Re: Re: Re:4 Re:
If I do something on my own computer that doesn’t affect anyone else or impact their computer (and by affect them I don’t mean refusing to give them money or information they ask for) I haven’t agreed to anything. Saying I have done so is similar to saying that because I have used Google’s search engine I have agreed to give a third party money simply because they said so. Me using Google’s search engine is between me and Google. It doesn’t concern a third party and doesn’t constitute an agreement with a third party just because some third party said so. Likewise me doing something on my personal computer is between me and my computer. It doesn’t concern a third party and constitutes no agreements between me and some third party.
Re: Re: Re:3 Re:
“If you want to stop allowing apps to have access to the data you agreed to provide when you downloaded them, then remove them.”
Or use any of a number of utilities available to block access to the services you don’t want the app to access (or, better, replace the OS with a variant that allows you to selectively allow/deny specific permissions). Those permissions are not a contractual agreement, after all, they are asking you for… well… permission.
Re: Re: Re: Re:
Okay, I’m going to hopefully have to say this one time and one time only.
If you’re going to say things in regards to Android, either cite sources for your information or don’t say them at all. Nothing you’ve said in this article or the one before where I specifically called you out and asked you to cite your sources for what you said is even remotely true.
“Don’t fall for the scare tactic.”
That’s funny coming from you. Since you seem to have said nothing that isn’t basically fear mongering in anything that followed that.
“General malware protection (such as an anti-virus) generally will protect you against malware arriving as advertising.”
This is largely false, at least on Android. By false I mean malware protection via anti-virus software is mostly theater security. The threats out there are so few and far between that at best you’re just installing an app (anti-virus) you don’t need and at worst you’re installing an app you don’t need that could lead you to doing things you shouldn’t with it. Numerous anti-virus apps tend to come bundled with other key features and things like task killers, which by and large are HORRIBLE to use on any Android device. Anyone with a clue knows this.
“For the most part, that vector uses flash (an unsafe product much of the time) which isn’t always supported on a mobile.”
On Android it isn’t supported period. It was deprecated ages ago and short of a few workarounds in custom ROMs and certain browsers, it’s basically dead. There’s a reason for that.
“The blocker here can also cause users to be in violation of the agreements that they made when they accepted other software to be installed on their systems. As such, it gets in the way of agreements made between the user and third parties.”
False. Yes, there are ‘agreements’ made, but they’re by and large also subject to change at the whim of third party app developers and that’s an issue that has by and large become more scrutinized by numerous websites and publications online and offline. As such it isn’t a real violation in the sense that you mean.
Like I said, if you’re gonna talk about things like this cite your sources or don’t bother at all. You seem to act and try to come off as knowing what you’re talking about. But anyone who knows how the Android OS works or anything at all even remotely related to it knows bullshit when they see it and you’re doling that out in spades.
Re: Re: Re:
Whatever supporting malware and monitoring.
Surprised?
Re: Re: Re: Re:
Nice troll. But you fail. I don’t support either, liar!
Re: Re: Re:2 Re:
Look who’s talking.
Re: Re: Re:2 Re:
A bunch of DMCA votes seem to disagree.
I believe the appropriate vernacular here is “get rekt”.
Re: Re:
Ooooh, defending Google? Am I witnessing the prelude of the apocalypse?
Disconnect.me may make a great claim, but reality says that they will harm many of the legal and legit things that happen online every day.
How? It doesn’t block ads at all which is what generates money, it just prevents intrusive tracking and malicious content.
it quickly becomes a pain to create exceptions and instead, the user ends up surfing around with the thing turned on to maximum all the time.
So? That’s for me to decide, not Google. I have NoScript and Request Policy working here (along with Adblock just in case I allow everything) and sometimes it is indeed a hassle to manage what I’m allowing and what not but for me this is ok since I care about my security and about people tracking me. Google should not be meddling in my preferences. Of course since Android is gloriously open I can install it anyway.
He said, she said
According to them, sure. But when it comes to the Google Play store, the question of “who decides what’s evil?” has a clear answer: Google. It’s their store, they decide. You might not like their actions here (and I don’t blame you), but it shouldn’t be surprising.
Re: He said, she said
” when it comes to the Google Play store, the question of “who decides what’s evil?” has a clear answer: Google.”
Wrong. Google decides what apps get to be in their store. They are not deciding what apps are “evil”. Only the end user can make that determination.
4.4 Prohibited Actions. You agree that you will not engage in any activity with the Market, including the development or distribution of Products, that interferes with, disrupts, damages, or accesses in an unauthorized manner the devices, servers, networks, or other properties or services of any third party including, but not limited to, Android users, Google or any mobile network operator. You may not use customer information obtained from the Market to sell or distribute Products outside of the Market.
unauthorized by who? i want to install it on purpose and as such it would be authorized.
Google your privacy is important us that why we must sell your data and make massive profits , while blocking tools that provide more security for users .
Sigh! We’re talking about Androids. Just edit/make a Hostfile for it, and use one of the good ones for blocking trackers, malware, adbots e.t.c at a system level.
Update it as needed.
I haven’t been on Google’s AppStore in quite a long while.
Re: Re:
Or, if you root your device, use a firewall. That’s what I do. No app on my phone transmits or receives data without me specifically allowing it (and I allow very few apps to do so, and even then only to/from specific places.)
Create a F-Droid repo. Problem solved.
Re: Re:
Strangely, Disconnect’s app doesn’t appear to be published under a freedom-respecting license like its browser add-on.
Google doesn’t ban adblockers. If it did … there would be several other apps unavailable. It’s not about adblocking.
Since the developer of the app is an ex-Googler, there may be something in that … like any chance of the disconnect app violating the terms of use that every user of a google service agrees to?
The very vague reference in the email they sent doesn’t say very much, but it probably isn’t about ad blocking in total, if it includes that at all.
And from this story:
http://blogs.wsj.com/digits/2014/08/28/why-some-privacy-apps-get-blocked-from-the-android-play-store/
“Google has banned similar ad-blocking apps before because they, too, could interfere with other apps. “When we were kicked out, virtually every other ad blocker was kicked out as well,” said Ben Williams a spokesman for Eyeo, maker of Adblock Plus, which was removed from the Play store in March 2013.”
Except AdBlock is still available in the google play store. And so is AdBlock+ … meaning it isn’t about adblocker, and an ex-googler ought to know that.
Re: Re:
Re: Re:
ADP is not available in the app store, It was removed
Google’s own fault. They’re so desperate for that extra cash from letting fancy ads through, they’ve never put 2 and 2 together and realized they’re being paid in blood money; stolen credit cards and the like.
Now ad blocking is right up there with antivirus/firewalls as basic computer security. If that means Google’s bleeding money, then maybe they shouldn’t have shot themselves in the foot.
Here we go, another Google shill. Apple invented that first.
Still online?
Are we talking about this: http://goo.gl/pMAEFf ? It’s still up (or up again, depending).
Re: Still online?
Yes this is still online
It's Google's fault this exists in the first place
Apps like this wouldn’t be needed if Android had a proper facility for denying permissions.
Being forced to accept all requested permissions is a disgrace, and has led me to categorically reject a massive number of apps simply because I don’t trust them with that much access into my device.
Re: It's Google's fault this exists in the first place
Being forced to accept all requested permissions is a disgrace, and has led me to categorically reject a massive number of apps simply because I don’t trust them with that much access into my device.
It’s a balancing act. I would also rather be able to check which ones to allow, but I would understand why an app crashes with a message about permissions. Even among the small subset of users who even pay any attention to permissions, I’m guessing most would not have a clue what was going on and would only know that the app crashes a lot.
And on the other hand, Google didn’t want to make app development more difficult by forcing developers to handle failure every time they do something that requires a permission. That’s why it’s all or nothing.
the alternative would be the potential for silent failures and undefined behavior, which is even worse.
Re: Re: It's Google's fault this exists in the first place
“I would understand why an app crashes with a message about permissions”
I would understand, but if the lack of permissions causes an app to actually crash, then it’s a sign of a very poorly written app that should probably be uninstalled for safety reasons.
Re: Re: Re: It's Google's fault this exists in the first place
I would understand, but if the lack of permissions causes an app to actually crash, then it’s a sign of a very poorly written app that should probably be uninstalled for safety reasons.
If I were designing the security system, I would force the app to crash as though there were an uncaught exception if it tried to perform an operation it didn’t have permission for. That would be better than trusting a million random developers to correctly guard against having permissions denied. IMO anyway.
Re: Re: Re:2 It's Google's fault this exists in the first place
Why would that be better? If the app developer is not correctly handling the case of needed permissions that aren’t granted, the app will likely crash in any case. Regardless, there’s nothing an app can do to about the lack of permissions (short of exploiting a security hole of some sort — and making the app crash won’t really do much to deter that). If it doesn’t have the permissions to access something, then it can’t access it even if it tries really hard.
There are two best practices that come into play here: first, all applications should check for and handle error returns from all OS services (and anything else, for that matter), always. You never assume that any given call succeeds — even if it appears that there’s no way it could fail. Never.
Second, all applications should fail as gracefully as possible. For example, if an app tries to access my addressbook and can’t, the app shouldn’t quit — it should just inform the user that it can’t do what it’s trying to do, and why.
Re: Re: Re:3 It's Google's fault this exists in the first place
Why would that be better?
I prefer immediate and obvious failure to potentially subtle and/or delayed failure.
There are two best practices that come into play here:
That is certainly true, but I’m looking at a situation where there is no realistic expectation that all or nearly all developers will follow best practices. Therefore the system needs to be set up with the assumption that any particular app might not.
Re: Re: Re:4 It's Google's fault this exists in the first place
“Therefore the system needs to be set up with the assumption that any particular app might not.”
I’m confused by this. The system is already set up this way. If the app doesn’t handle the lack of permissions sufficiently well, the result is likely to be a application crash.
Artificially forcing a crash just because an app tried to use a permission not granted doesn’t give any benefit that I can see. Yes, you’ll immediately see that something went wrong (which you’ll likely to see anyway), but you’re still not told what it is that went wrong so you’re none the wiser.
On the other hand, force-crashing such apps makes it impossible to write apps that do handle the situation well — in effect turning all apps into bad ones whether they want to be or not.
So I don’t see a real benefit, but I do see a real drawback.
Re: Re: Re:5 It's Google's fault this exists in the first place
I’m confused by this. The system is already set up this way. If the app doesn’t handle the lack of permissions sufficiently well, the result is likely to be a application crash.
Currently installing an app gives it all the permissions it wants (unless you’re messing around with root privileges, which I’m not considering). I’m describing a hypothetical system where you could pick and choose which permissions to grant, and considering the best way to deal with the scenario of an app attempting to do something it doesn’t have permission to do.
you’re still not told what it is that went wrong so you’re none the wiser.
I think I explicitly said that the user would be told what went wrong but perhaps I didn’t make it clear enough. I’m imagining a message that describes what permission the app attempted to use, and didn’t have access to.
On the other hand, force-crashing such apps makes it impossible to write apps that do handle the situation well
Not if there’s a way to check if the app has a permission before attempting something.
Re: Re: Re:6 It's Google's fault this exists in the first place
“I’m describing a hypothetical system where you could pick and choose which permissions to grant”
It’s actually not hypothetical. For people who don’t mind replacing their OS, there are versions of Android that do this right now. Also, this ability will be included in mainstream Android releases in a future release.
“I think I explicitly said that the user would be told what went wrong but perhaps I didn’t make it clear enough.”
Ahh, then why make the app crash? Tell the user what happened, and let the app deal with it as it desires.
“Not if there’s a way to check if the app has a permission before attempting something.”
This would be well out of the scope of what an operating system can do — the OS can’t tell what an app intends to do in the future, only what an app actually tries to do.
But this cycles back around to my point about good software engineering: the app tries to perform an operation, and the operation fails (due to not having permission or any other reason). The app notices this and responds in a reasonable way — perhaps by informing the user that it can’t do what the user expects and why — instead of crashing.
Re: Re: Re:7 It's Google's fault this exists in the first place
For people who don’t mind replacing their OS,
Please note: “unless you’re messing around with root privileges, which I’m not considering”
Also, this ability will be included in mainstream Android releases in a future release.
Good, I hope it goes well!
This would be well out of the scope of what an operating system can do
Not at all. The app just queries the OS – do I have permission X? The answer is yes or no. The OS is going to check for that permission if the app tries to do it anyway, so there’s no reason it can’t check at other times.
But this cycles back around to my point about good software engineering
Which then leads right back to my point: Google would not be well served by setting up their systems on the assumption that all Play Store apps are well engineered. They are not.
Re: It's Google's fault this exists in the first place
Specially when the app only needs storage and at most permission to display ads but it requests permission to get every single data including unlimited access to your camera and mic….
Update: Available on Google Play
I just installed this app from the Play Store, so this story may need an update on Google’s stance on this.
i’ve use this tool http://googlebanchecker.com/ to check is it right results ?