Google Bans Disconnect.me App From Play Store Based On Vague Guidelines
from the not-this-again dept
Having had our own run-ins with Google's opaque (and often hypocritical) decision-making process at times, it's not surprising (though unfortunate) to hear of yet another case. The folks over at Disconnect.me have been working on tools to give people more control over their own data and how it's shared. They're not looking to stop all data sharing, but rather put it back under the control of the individual users, rather than companies in the middle. While this may make some companies nervous, it shouldn't. A company that is actually providing value and is properly transparent shouldn't have to worry about such things.So it's quite disappointing that Google has chosen to pull Disconnect.me's new app from the Android store based only on a very vague and broad "prohibition" in its terms of service, saying that you can't offer an app that "interferes with" other services. The email Google sent doesn't provide many details, other than saying that the Disconnect.me app "interferes with or accesses another service or product in an unauthorized manner."
Now, you can understand the basic rationale for why this term is in Google's rules -- the intent there is to block malicious activities. But what's "malicious" in this context? Disconnect believes Google mistook its app as an adblocker:
But our mobile product (like our Desktop product) is not an adblocker. Instead Disconnect focuses on protecting people from invisible tracking and sources of malware, and all too often these threats come in the form of advertising. In fact, some of the most privacy invasive data collection online happens through ads, which see you even if you don’t see or interact with them. And worse, ad networks (including Google) are increasingly being used by “advertisers” to spread malware. This increasingly popular tactic, called malvertising, is currently being investigated by the US Senate, and Disconnect Mobile is the first app to directly address it.In short, Disconnect.me is working to block evil activities. You'd think that the company with the whole "don't be evil" slogan would appreciate an app that tries to protect users from evil. But, as was the case when we got threatened with being cut off from ad revenue, it appears this is yet another case where you have a very large company that has put in place "by the book processes" that lead to a lack of common sense being employed. Instead you get checkmarks and bad end results. This all goes back to one of my biggest complaints about Google, going back years, that it continues to be the big white monolith when dealing with all sorts of users, customers and partners. Programs like AdSense and the Android Play Store are massive, and there are, certainly, those who look to abuse those systems. And so it's no surprise that the company has put in place policies to help try to weed out those abuses -- even leading to some false positives. The problem is that the company all too frequently doesn't have any real second level of review where common sense comes back into play.
The fact is, we are not opposed to advertising and think advertising plays a critical role in the Internet economy. But we are 100% opposed to advertising that invisibly tracks people and compromises their security.
Disconnect.me is appealing the decision and seeing if it can get Google to reverse its position -- and hopefully that happens. It still seems to me that this is one of Google's most glaring problems as it has grown, and it's shown little sign of improving on this front to date. I know that Google is especially sensitive to antitrust concerns being leveled against it, and I'm honestly confused why the company doesn't view this as a potential concern on that front. When it has the ability to cut people off from areas where it has massive control (including the Android market and the advertising market), it's only asking for trouble from those where it makes the wrong call.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: apps, disconnect, play store, privacy, protection
Companies: disconnect.me, google
Reader Comments
Subscribe: RSS
View by: Time | Thread
Slogan is inoperative
That slogan stopped being operative quite a while ago.
This sort of thing highlights one of the main advantages of Android, though: you don't have to use the app store. Developers can develop and distribute apps, and users can find and install them, without ever touching Google Play. Not only are there several alternative app stores, but nobody needs to use an app store at all.
[ link to this | view in chronology ]
Re: Slogan is inoperative
Don't be evil, unless you are making bank off of the evil or taking a stand will get you lots of good PR.
[ link to this | view in chronology ]
I can only think of a recurring theme on Techdirt, which is the concept of collateral damage or the punishing of the innocent. Disconnect.me may make a great claim, but reality says that they will harm many of the legal and legit things that happen online every day.
Yes, the user gets to choose. But much like an ad blocker or being selective about cookies, it quickly becomes a pain to create exceptions and instead, the user ends up surfing around with the thing turned on to maximum all the time.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
'And worse, ad networks (including Google) are increasingly being used by “advertisers” to spread malware. This increasingly popular tactic, called malvertising, is currently being investigated...'
Annoying ads are one thing, but when allowing ads through can compromise your computer, then you'd be a fool not to have an ad-blocker running at max all the time.
Now, to be sure that sucks for the ad networks and those that depend on ad revenue, but if they want to blame someone, blame the ad networks for not being active enough in keeping infected ads off their services, and forcing people to take the precaution of blocking all ads to protect their computers/devices.
[ link to this | view in chronology ]
Re: Re:
The blocker here can also cause users to be in violation of the agreements that they made when they accepted other software to be installed on their systems. As such, it gets in the way of agreements made between the user and third parties.
It does bring up the interesting specter of future apps which check and re-check their ability to fully operate on your phone, and failing so, could possibly uninstall themselves.
[ link to this | view in chronology ]
Re: Re: Re:
As long as it is a security issue, I care not one iota whether some idiot makes money off advertising while malvertising is a practice. I notice when I get crap (which isn't very often now-a-days) no one offers to come fix my computer. I have to spend my time and effort to find it or reload windows if it isn't possible. I refuse and will continue to refuse to open my computer to this sort of wild west where the user is the targeted victim.
It is not up to the computer user to fix bad advertising. It is not up to the computer user to police that advertising to determine what is or is not good ads. They are the ones looking to benefit and as long as there is a chance this crap will once again infect, there is no way in the world they are going to get into this computer as long as I have the power to say no.
It has now reached a trust issue that I doubt advertisers can clean up and restore the trust of the surfing public.
[ link to this | view in chronology ]
Re: Re: Re:
'Generally', 'for the most part', when talking about safety precautions, and such easy ones as installing an ad-blocker, there's really no excuse not to. The right time to put in basic security is not after you get hit, it's before.
[ link to this | view in chronology ]
Re: Re: Re: Re:
The whole malware thing is a red herring - and there are plenty of better ways to deal with it. Moreover, this might give you a false sense of security as a "trusted" website itself gets hacked and dumps a nice piece of malware on you - which disconnect.me won't do anything about.
If you want an ad blocked, run an ad blocker. If you want anti-virus, run one. If you want to stop allowing apps to have access to the data you agreed to provide when you downloaded them, then remove them.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Just because I clicked I agree on a EULA doesn't mean I agree to anything. It's my computer and I don't make agreements with inanimate objects and I don't recognize the software as belonging to anyone. I consider it software that I am free to use and modify at will how I see fit because all it is are bits and bytes that are configured a certain way and I can change those configurations as I see fit without violating any contracts. No software on my computer can rightfully put restrictions or conditions on what keystrokes and mouse clicks I press demanding that I do what the software says if I click I agree on a screen.
Just because I put a comment here that says you agree to give me a million dollars if you use Google search doesn't mean doing so is an agreement to give me money. I don't recognize your authority to make me pay you a million dollars for using Google search just because you proclaim that my use of Google search is an agreement to pay. Likewise a EULA saying that I agree to something if I use my computer a certain way by hitting agree is not an agreement to do so. I do not recognize your authority to tell me how I may use my computer just because I hit agree on a piece of software. I can modify the software and strip it of its EULA, its my computer and the bits and bytes on it belong to me and I don't recognize your copy protection privileges.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
"The point here is that the software isn't about protecting you from malware (that is a low end thing) it's about denying other apps / programs that you have installed the data that you have agreed to provide them - and that they are needed to make them work properly for you."
This app, like AppOps and numerous others, does nothing in regards to what you said. At least not in the way you describe it.
Those apps being denied permissions and data? They don't actually need any of it to work properly for you. In point of fact, AppOps and numerous other similar apps to this one, give them either zeroed out data (or an equivalent thereof) or just flat out deny the permission entirely and the apps function properly anyway.
"If you want to stop allowing apps to have access to the data you agreed to provide when you downloaded them, then remove them."
A total misnomer. You don't have to remove them. You can use apps like this to deny them said data. There is no court of law anywhere in the world that would hold someone legally accountable for deciding to not give an app permission to access their data as it saw fit. None whatsoever.
And your bullshit attempt to paint it as an agreement between you and the app/app developers really says it all. Much like your "if you can't do the time, don't do the crime" bullshit.
If you like being told what to do and submitting to any and all authority (even in the form of apps) then so be it. But don't make it seem like people have to accept what you so willingly do or like they can't do something about it. They can. The use of this app isn't illegal or anything of the sort and its use does in no way constitute a breach of agreement between the user and any given app they want to use.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
I'm all for an app that asks for sane permissions and deploys reasonable advertising but that's hardly the norm today.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Or use any of a number of utilities available to block access to the services you don't want the app to access (or, better, replace the OS with a variant that allows you to selectively allow/deny specific permissions). Those permissions are not a contractual agreement, after all, they are asking you for... well... permission.
[ link to this | view in chronology ]
Re: Re: Re:
If you're going to say things in regards to Android, either cite sources for your information or don't say them at all. Nothing you've said in this article or the one before where I specifically called you out and asked you to cite your sources for what you said is even remotely true.
"Don't fall for the scare tactic."
That's funny coming from you. Since you seem to have said nothing that isn't basically fear mongering in anything that followed that.
"General malware protection (such as an anti-virus) generally will protect you against malware arriving as advertising."
This is largely false, at least on Android. By false I mean malware protection via anti-virus software is mostly theater security. The threats out there are so few and far between that at best you're just installing an app (anti-virus) you don't need and at worst you're installing an app you don't need that could lead you to doing things you shouldn't with it. Numerous anti-virus apps tend to come bundled with other key features and things like task killers, which by and large are HORRIBLE to use on any Android device. Anyone with a clue knows this.
"For the most part, that vector uses flash (an unsafe product much of the time) which isn't always supported on a mobile."
On Android it isn't supported period. It was deprecated ages ago and short of a few workarounds in custom ROMs and certain browsers, it's basically dead. There's a reason for that.
"The blocker here can also cause users to be in violation of the agreements that they made when they accepted other software to be installed on their systems. As such, it gets in the way of agreements made between the user and third parties."
False. Yes, there are 'agreements' made, but they're by and large also subject to change at the whim of third party app developers and that's an issue that has by and large become more scrutinized by numerous websites and publications online and offline. As such it isn't a real violation in the sense that you mean.
Like I said, if you're gonna talk about things like this cite your sources or don't bother at all. You seem to act and try to come off as knowing what you're talking about. But anyone who knows how the Android OS works or anything at all even remotely related to it knows bullshit when they see it and you're doling that out in spades.
[ link to this | view in chronology ]
Re: Re:
Surprised?
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
I believe the appropriate vernacular here is "get rekt".
[ link to this | view in chronology ]
Re:
Disconnect.me may make a great claim, but reality says that they will harm many of the legal and legit things that happen online every day.
How? It doesn't block ads at all which is what generates money, it just prevents intrusive tracking and malicious content.
it quickly becomes a pain to create exceptions and instead, the user ends up surfing around with the thing turned on to maximum all the time.
So? That's for me to decide, not Google. I have NoScript and Request Policy working here (along with Adblock just in case I allow everything) and sometimes it is indeed a hassle to manage what I'm allowing and what not but for me this is ok since I care about my security and about people tracking me. Google should not be meddling in my preferences. Of course since Android is gloriously open I can install it anyway.
[ link to this | view in chronology ]
He said, she said
According to them, sure. But when it comes to the Google Play store, the question of "who decides what's evil?" has a clear answer: Google. It's their store, they decide. You might not like their actions here (and I don't blame you), but it shouldn't be surprising.
[ link to this | view in chronology ]
Re: He said, she said
Wrong. Google decides what apps get to be in their store. They are not deciding what apps are "evil". Only the end user can make that determination.
[ link to this | view in chronology ]
unauthorized by who? i want to install it on purpose and as such it would be authorized.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Update it as needed.
I haven't been on Google's AppStore in quite a long while.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Since the developer of the app is an ex-Googler, there may be something in that ... like any chance of the disconnect app violating the terms of use that every user of a google service agrees to?
The very vague reference in the email they sent doesn't say very much, but it probably isn't about ad blocking in total, if it includes that at all.
And from this story:
http://blogs.wsj.com/digits/2014/08/28/why-some-privacy-apps-get-blocked-from-the-android-play -store/
"Google has banned similar ad-blocking apps before because they, too, could interfere with other apps. “When we were kicked out, virtually every other ad blocker was kicked out as well,” said Ben Williams a spokesman for Eyeo, maker of Adblock Plus, which was removed from the Play store in March 2013."
Except AdBlock is still available in the google play store. And so is AdBlock+ ... meaning it isn't about adblocker, and an ex-googler ought to know that.
[ link to this | view in chronology ]
Re:
[citation needed]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Now ad blocking is right up there with antivirus/firewalls as basic computer security. If that means Google's bleeding money, then maybe they shouldn't have shot themselves in the foot.
[ link to this | view in chronology ]
Here we go, another Google shill. Apple invented that first.
[ link to this | view in chronology ]
Still online?
[ link to this | view in chronology ]
Re: Still online?
[ link to this | view in chronology ]
It's Google's fault this exists in the first place
Being forced to accept all requested permissions is a disgrace, and has led me to categorically reject a massive number of apps simply because I don't trust them with that much access into my device.
[ link to this | view in chronology ]
Re: It's Google's fault this exists in the first place
It's a balancing act. I would also rather be able to check which ones to allow, but I would understand why an app crashes with a message about permissions. Even among the small subset of users who even pay any attention to permissions, I'm guessing most would not have a clue what was going on and would only know that the app crashes a lot*.
And on the other hand, Google didn't want to make app development more difficult by forcing developers to handle failure every time they do something that requires a permission. That's why it's all or nothing.
* the alternative would be the potential for silent failures and undefined behavior, which is even worse.
[ link to this | view in chronology ]
Re: Re: It's Google's fault this exists in the first place
I would understand, but if the lack of permissions causes an app to actually crash, then it's a sign of a very poorly written app that should probably be uninstalled for safety reasons.
[ link to this | view in chronology ]
Re: Re: Re: It's Google's fault this exists in the first place
If I were designing the security system, I would force the app to crash as though there were an uncaught exception if it tried to perform an operation it didn't have permission for. That would be better than trusting a million random developers to correctly guard against having permissions denied. IMO anyway.
[ link to this | view in chronology ]
Re: Re: Re: Re: It's Google's fault this exists in the first place
There are two best practices that come into play here: first, all applications should check for and handle error returns from all OS services (and anything else, for that matter), always. You never assume that any given call succeeds -- even if it appears that there's no way it could fail. Never.
Second, all applications should fail as gracefully as possible. For example, if an app tries to access my addressbook and can't, the app shouldn't quit -- it should just inform the user that it can't do what it's trying to do, and why.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: It's Google's fault this exists in the first place
I prefer immediate and obvious failure to potentially subtle and/or delayed failure.
There are two best practices that come into play here:
That is certainly true, but I'm looking at a situation where there is no realistic expectation that all or nearly all developers will follow best practices. Therefore the system needs to be set up with the assumption that any particular app might not.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: It's Google's fault this exists in the first place
I'm confused by this. The system is already set up this way. If the app doesn't handle the lack of permissions sufficiently well, the result is likely to be a application crash.
Artificially forcing a crash just because an app tried to use a permission not granted doesn't give any benefit that I can see. Yes, you'll immediately see that something went wrong (which you'll likely to see anyway), but you're still not told what it is that went wrong so you're none the wiser.
On the other hand, force-crashing such apps makes it impossible to write apps that do handle the situation well -- in effect turning all apps into bad ones whether they want to be or not.
So I don't see a real benefit, but I do see a real drawback.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: It's Google's fault this exists in the first place
Currently installing an app gives it all the permissions it wants (unless you're messing around with root privileges, which I'm not considering). I'm describing a hypothetical system where you could pick and choose which permissions to grant, and considering the best way to deal with the scenario of an app attempting to do something it doesn't have permission to do.
you're still not told what it is that went wrong so you're none the wiser.
I think I explicitly said that the user would be told what went wrong but perhaps I didn't make it clear enough. I'm imagining a message that describes what permission the app attempted to use, and didn't have access to.
On the other hand, force-crashing such apps makes it impossible to write apps that do handle the situation well
Not if there's a way to check if the app has a permission before attempting something.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: It's Google's fault this exists in the first place
It's actually not hypothetical. For people who don't mind replacing their OS, there are versions of Android that do this right now. Also, this ability will be included in mainstream Android releases in a future release.
"I think I explicitly said that the user would be told what went wrong but perhaps I didn't make it clear enough."
Ahh, then why make the app crash? Tell the user what happened, and let the app deal with it as it desires.
"Not if there's a way to check if the app has a permission before attempting something."
This would be well out of the scope of what an operating system can do -- the OS can't tell what an app intends to do in the future, only what an app actually tries to do.
But this cycles back around to my point about good software engineering: the app tries to perform an operation, and the operation fails (due to not having permission or any other reason). The app notices this and responds in a reasonable way -- perhaps by informing the user that it can't do what the user expects and why -- instead of crashing.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: It's Google's fault this exists in the first place
Please note: "unless you're messing around with root privileges, which I'm not considering"
Also, this ability will be included in mainstream Android releases in a future release.
Good, I hope it goes well!
This would be well out of the scope of what an operating system can do
Not at all. The app just queries the OS - do I have permission X? The answer is yes or no. The OS is going to check for that permission if the app tries to do it anyway, so there's no reason it can't check at other times.
But this cycles back around to my point about good software engineering
Which then leads right back to my point: Google would not be well served by setting up their systems on the assumption that all Play Store apps are well engineered. They are not.
[ link to this | view in chronology ]
Re: It's Google's fault this exists in the first place
[ link to this | view in chronology ]
Update: Available on Google Play
[ link to this | view in chronology ]
[ link to this | view in chronology ]