But what about Apple? iOS is designed such that a third party app store is impossible. Why should Google have to allow a third party app store and Apple be able to "walk free" in their walled garden.
Because when Google made Android it was allowed. Device manufacturers supported Android and PlayStore and gave up some control to Google because of the deal. Now Google is trying to back off from the deal after it has a huge network affect because of the exclusive apps, Play Services and Play Store.
Android would not have been so big if it were not an open platform. There were many other closed source OS's available ie. Windows Phone.
If Google backs off, it would be a bait and switch, and this tactic should be illegal.
Imagine if Samsung had its own OS, Apple with its own, Nokia (now with Android) and others with their own. We would not have much choice if Android were not open between phones because many of our apps would not be compatible.
iOS from the beginning was not open. It was known, so everyone knew. Android is expected to remain open because it was initially open.
TL;DR: Android would have been dead it were not an open platform. No device manufacturer should have give up control to Google, which Samsung regrets to date.
That happens all the time. Yes it sucks but it is a legal and common tactic (I hope you don't use chrome...), but also completey irrelevant in this case. What matters in this case is probably that they allow app stores, just aptoide was targeted. That is a huge difference.
And allowing the Google Play Services and Play Store to grow so big that their own store (in case relations go wrong with Google, they have a backup) can not compete.
They also completely underfunded the development of both Tizen and, especially, their app store. They offshored development off it to Eastern Europe as well, and even there it was less than 100 people, and not the best ones in the market (they weren't paying premium wages for Eastern Europe).
So if this is Samsung "pushing", they're truly a very sucky company.
This is lack of will on Samsung's part, not some magical market advantage on Google's part.
Try to read that back again. You are asking why if Apple is allowed to do this on their product, why is google not allowed to do this on everyone else’s product.
If google wants to make a phone that’s locked to an operating system with only their store they can do that, no issue. But that’s not what they are doing. They are distributing their operating system across the market and abusing that to force out any competing stores. That’s not ok.
If Ford decides to sell all their cars with Michelin tires that’s not an issue, however if Michelin decides that every company who uses their tires must also use their new expensive brand of windscreen wipers that’s a problem.
Apple's behavior is Tying, which is worse not better and is traditionally dealt with in anti-trust legislation.
(You can't buy a license for any Apple OS for use on other hardware. You can buy a Android OS phone from any participating vendor. The vendor can refuse to pay Google and install any store.)
Apple produces all of its own devices and it's impossible to install another app store on the phone without jailbreaking (since app's don't have permissions to install other apps).
Now if someone created an app store on MacOS (Homebrew for example) and Apple started prompting users to uninstall Homebrew I'd reason they'd be subject to losing a lawsuit.
AFAIK you can still access third party app repositories such as AppValley or TweakBox on iOS without jailbreaking (you have to install/trust their configuration profiles however).
A corporate internal distribution license is really stretching the definition of "another app store." I think most people on the sidewalk would only call something an app store if it's open to the public.
The only thing stopping you from installing this on everyone's phone however is the Apple secret police and the license agreement you sign with them. Technically it's possible with the right certificate signed by Apple.
Aside from the other (excellent) comments already made, Apple neither has the same market share as Android nor does it have a (near) monopoly in search or advertising.
Well, while the market share is an important side note, the point is that they are a platform provider too.
Microsoft had the problem a few years ago with bundling their Internet Explorer on Windows (and making it hard for the competition to have a chance). For Apple, the situation is a bit easier, as they don't allow any third party app stores at all, so any competition would probably encourage their users to break Apples 'Terms of Use', which in turn would make a lawsuit even more difficult.
In my opinion, platform providers should be obliged to open their platform for all kinds of third-party services & tools but I am sure, Apple/Google/Microsoft/etc. will find other ways to discriminate others on their platform and push their services.
There are countries where Apple has a dominant market share (e.g. Japan).
You might argue Google is dominant in advertising worldwide, but Facebook is a contender in many countries (e.g. in the Philippines, Facebook is "the internet" as an approximation).
If you want to pick and choose subsectors, I am sure we could pick markets where mobile is one of the words and the second word is also something Apple absolutely dominates.
The world is a big place to make sweeping generalisations about.
Edit: parent article is about Portugal, not the world. A friend said to me: working in antitrust, on either side, a key is defining the market.
Note that Apple still has a 35% market share where I live and I'm sure that's mostly factoring in new sales. Apples's devices have big refurbished appeal. The market share is not insignificant.
It isn't a get out of jail for free card. Laws still apply for any company however for a (convicted) monopolist different laws apply than for a random (successful) company. Microsoft and Google are convicted monopolists.
I think Microsoft is in a different boat here. The applications seem to be removed when there isn't compatiblity with a new breaking release. Should they provide messaging about what was removed and why? Sure, that'd definitely help with transparency for savvy users (but could be very worrisome for non-technical users).
It's an entirely different game to remove a competitor's application that's eating market share from your cash cow—regardless of the possibility of it allowing you to install malware—which under the same criteria Google's Play Store should be removed as well since it isn't immune to distributing malware.
> I think Microsoft is in a different boat here. The applications seem to be removed when there isn't compatiblity with a new breaking release. Should they provide messaging about what was removed and why? Sure, that'd definitely help with transparency for savvy users (but could be very worrisome for non-technical users).
I think it would be more worrisome to have applications disappear silently because Microsoft decided so. They should definitely provide messaging.
Every feature that makes computers less of inscrutable black boxes, the better. If you're making a change that a user can see without getting an explicit command from them, tell them about it and explain it!
Note all the high profile apps like Google Photos, Nest, WhatsApp, Instagram? None of these have been uploaded by Google, FB, etc. These could easily have been modified to include additional malicious code to steal your personal data.
None of this is mentioned of course in the press. But it seems like this company mainly survives on copyright infringement and serving malicious apps.
Apks are signed. There's no explicit public way to check ownership of a key, but comparing the public keys to those on the same app retreieved from the play store works.
If there’s no way to check ownership any properly resigned malicious apk would still not be distinguished from a real version.
According to the comments below currently the only way to notice a malicious but signed app would be updating an existing version from the play store. That requires access to the play store and installing an app from there first.
Allowing random 3rd parties to publish high profile apps stolen from the Play store seems a very bad idea. Especially if the OS doesn’t check apk signature against that same play store.
>None of this is mentioned of course in the press. But it seems like this company mainly survives on copyright infringement and serving malicious apps
They aren't serving the apps, and you would expect ads if that were there business model. They developed free software to make app stores, and their business is making app stores for people.
Bear in mind https://www.apkmirror.com/ is a totally legit site run by Android Police, which also gives you all the APKs you need to sideload official apps from Google, Facebook, etc. See https://www.apkmirror.com/apk/google-inc/ to get an idea how much they have and how convenient it is.
Most people accept that "free" apps should be able to be installed any way that people like. The difference is that Google doesn't consider their apps to be "free", they're a licensed component of Google Apps, which manufacturers license for their phones.
It is very easy to verify these apps have not been modified if you also have access to a known good copy of the same app. Install known good copy -> install suspect APK as upgrade -> signature check performed on upgrade verifies that it was signed with the same key as the old version, so if the upgrade succeeds there has been no modification.
Android apps are generally signed by the developer in question. APKMirror verifies the apps they distribute are signed by the original developers.
Legality of distributing "free as in beer" stuff that isn't "free as in speech" is always an interesting topic, in the case of Europe, I suspect we'll see more revision on that front as these cases regarding the Play Store and the license changes develop. It's possible, for instance, that the EU might feel that preventing sideloading of a Google app "ties" it to the Play Store in a way they find distasteful.
It's interesting to me that as of yet, Google has tolerated APKMirror, likely because it's run by Google/Android enthusiasts, and not intended for circumventing Google's business model. I'd be very curious how Google distinguishes Aptoide as something to be stopped, but APKMirror as something to be permitted.
The apps are signed. If you modify them and try to install an updated version on top of the one you already had from the Play Store, it will not match the signature and fail to install.
As Google seems to explicitly allow that, does it actually matter if I download opengapps and flash it myself versus getting it from APK mirror or Aptiode?
Presumably, if you bought a phone that originally had the Play Store and then flash it with Lineage, Google has licensed that phone already to run Google Apps. The preloading agreement with the manufacturer, which is what this license scheme is designed to protect, is still working as intended, so Google has no reason to intervene.
Google's behavior would also generally lead one to believe they are not concerned about what enthusiasts/tech pros do with their phones, as that's a niche quantity of users who don't really negatively impact their bottom line. They're chiefly concerned with ensuring manufacturers are only selling devices with their apps installed and set as default.
I agree they are chiefly concerned with manufacturers. However, if a user bought a phone from a device manufacturer that did not license it, from that article, it seems like they can still license it themselves. However, that opens up the idea that if that becomes more widespread, than they would lock down this "loophole".
I mainly bring it up as if an app is "free" (as in beer), does it really matter where you get it from (assuming it is untampered with)? I know they can forbid redistribution in their ToS, but is that actually enforceable legally?
Yes. Illegal redistribution violates the owner's copyright (in its absolute literal sense). While there may be no actual damages, a country might allow for statutory damages to be sought after. For example, the US allows for such statutory damages:
> Aptoide said the Android antivirus program, Google Play Protect, was nudging users through a notification to uninstall the app store from their devices, warning them the program could download harmful apps. For those that choose to keep Aptoide despite the warning, the app store no longer functions and can’t install apps, the company said.
It's also the primary source of common free apps that only publish on the app store for people that run android phones without google accounts.
It still boggles my mind that organizations like keybase and protonmail refuse to shove an APK on an S3 bucket somewhere, it makes me feel like they don't really understand their audiences that well...
Anyway, for closed source free apps, aptoide has my back.
F-Droid [1] might be another good option for Keybase and Protonmail. F-Droid offers APK download from their website but also an app which reminds you of updates or installs them automatically if you had an extra permission extension and enabled the feature.
F-Droid the client started out as a fork of the aptoide app, yes. This was quite a while ago and I doubt there's any resemblance in code or appearance at this point in time.
F-Droid the ecosystem is far more than that though.
It might be, if they were on there, which they aren't, which is why I specifically mentioned them as things I get best from Aptoide. I use F-Droid where I can, but F-Droid is special purpose: It's for open source software.
They don't have the expertise or the manpower to fix their build system. That means it's not really feasible to use it to distribute your apk, unless it can be months out of date without any problems (such as your users complaining constantly, or things breaking, or a known exploit remaining in the client because it's impossible to push out a fix).
You can host your own repository if you so wish and have users download the app from the standard F-Droid app, similar to the many PPAs available for Ubuntu.
You end up having complete control over your APK distribution and users can receive updates through F-Droid.
F-droid certainly isn't perfect, but it's the best Play Store alternative I've seen.
You can always do everything yourself, and given that you can add repositories and the app handles it transparently that's a great alternative. That's assuming, of course, that you do have the expertise to run one. That certainly isn't true for most app developers I know, and that's logical - it's not their field.
It's definitely the best alternative, but that doesn't make it a good alternative right now.
I used aptoide to download morpheusTV. I'll gladly share my data for a slick netflix style interface that allows me to pirate any media I want. Trade off works for me.
If I read the article & comments correctly, the problem is that Aptoide is/was sometimes/often used to distribute cracked apps from Google's AppStore and/or removing in-app purchase requirements for additional features.
I can understand Google/App-developers not liking that, but why would they use this approach? Is there no way to stop/challenge this though the court system?
It's much easier and cheaper to state that Aptoide is in violation of their ToS, and simply remove the app. As you can see here, the courts don't always rule favorably.
I don't think Aptoide is distributed through the google play store as google doesn't allow app stores in there so if the user installed it manually to their system then google has no right to be messing with that.
I mostly agree. I was simply commenting on why google would opt to remove aptoide rather than take legal action against them.
fwiw tho, I still don't think this matter is settled. Perhaps google shouldnt remove aptoide, but I wouldnt have a problem with google removing pirated apps & patched games at the developers request. There are devs in this thread who are seeing their work being distributed by aptoide without permission and have little recourse. Also people are not simply using these cracked apps for private amusement; they use them to, for example, cheat in multiplayer games. If it becomes a regular occurance to come across accounts playing in god mode, this can harm a dev's entire ecosystems and erode long-term trust. So i think google should at least have the leeway, at the developer's request, to brick a pirated app. Or perhaps less controversially, google could block the pirated app from using any of their web/cloud services.
I understand why google would want to do this and why developers would want to do this but this is MY personal device. It's not googles job to police what I install on my own device. Sure, show a warning that the app I am installing is potentially unsafe but I should have the final say over anything that happens on my device.
Too often I see people using the excuse that tech companies lock us out of our own things for their own protection. I saw a comment saying apple is right to block people from repairing things themself because a bad repair could get sold on ebay and then someone buys it and thinks poorly of apple. This in my opinion is completely ridiculous how we let the idea of personal ownership go out the window so Apple or Google can make a few more $ out of you by having full control over what you can do.
Right to repare is a different issue, which I strongly support.
What I'm talking about is whether google/developer should be able to brick a pirated app on your phone. I've done my fair share of pirating, and I would much rather have that be the outcome than the developer taking legal action against me. I have a friend who was sued for 10k by the music industry for pirating 1000s of songs. If there was a way for them to just render those songs unplayable I think she would take that option in a heartbeat.
What I would have a problem with is google preventing you from doing anything legal on your android phone simply because it hurts their bottom line.
I don't think google should even be able to see what apps I have installed on my phone outside of the google play store. If they can't see that then there is no way they could block ones they don't like. Of course they most certainly will track that which is why I have removed all play services from my phone.
Its like asking if the police can install a camera in your house and if they see you smoking weed they can come in and take it so you don't get a fine.
The large majority of malware is distributed off the app store. Should antivirus software simply ignore these apps under the assumption that users have complete knowledge of what these apps are doing?
Not ignore - I think warning the user and educate them about the dangers is important and the right thing to do. But blocking an install of a legitimate app because it's coming from a different AppStore doesn't seem right to me.
If it was sometimes/often used to distribute cracked apps, then it was also almost certainly used to distribute apps with other added "features" (malware), in which case, the connection with play protect isn't that crazy.
I agree, and I think that's a good reason to deploy a warning about this app(store) and educating the user about the risks. But blocking the installs entirely is a bit much, IMO.
Google's antivirus is optional, so if a user was cognizant of the dangers of using Aptoide but still wanted to risk it couldn't they turn Play Protect off?
Google and Microsoft are often criticized for malware that targets Android and Windows, respectively, but restrictions such as this render Play Protect and Windows Defender increasingly toothless in the battle against malware vectors.
My paid app has gotten between 5k-25k downloads on their store, obviously without me getting a cent.
What are my options to hurt them as much as possible?
- Be a partner and publish your paid app there. It then will be paid.
- Submit a DMCA notice:
"9.3 DMCA Notices. If Aptoide receives a Notice according to the US Digital Millennium Copyright Act (DMCA), Aptoide will immediately remove the Product in question. Such notices shall be directed to Aptoide’s DMCA Agent at abuse.report@aptoide.com."
They will then unlist it.
Both options suck. There are dozens of sites like these to keep up with. Distribution is one thing, but customer support is a nightmare, particularly since you don't know if you're supporting a legitimate download or not.
DMCA is a nuisance. You have to be big enough to dedicate resources to filing and tracking takedowns, as well as be able to take legal action anywhere in the world for sites that don't respond. It's very easy to clone a pirate site. It's much harder to play whack-a-mole to take one down.
Sorry to be dismissive, but this is basically what the internet is for content creators. There's a reason the *AAs of the world resort to sending automated, often stupid, blanket takedowns -- computers make copying easy.
At work, we've used MarkMonitor to try to solve similar things, which is sometimes useful and sometimes results in our secondary apps getting taken off Google Play.
They've been to court, which presumably means they're publicly accountable, as opposed to pirates who tend to operate anonymously.
I suppose you could send them an Electronic Commerce Directive take-down notice. Probably doesn't hurt them as such, but should get your app removed.
EDIT: The store seems to be somewhat decentralized, with stores being similar to APT repositories. So it may be difficult to target Aptoide directly unless there's a centralized list of stores, in which case I imagine you can get the user's store struck from it. Otherwise you may need to contact the store's hosting provider - which indeed could be a bit of a cat and mouse game.
And now where is exactly the difference to F-Droid?
The FOSS store f-droid also allows to add custom apt-like repositories, which for example CopperheadOS used to add a non-sanctioned patched version of the "signal" app. Moxie doesnt want forks of signal that are also using signal's servers. CopperheadOS did it anyway because signal is not compatible without Google Apps installed (removing google cloud messaging because CopperHeadOS doesnt include Google play services).
It was forked in 2010, so the the differences after 8 years of separate development are probably quite significant. (But both clients let you add third-party repositories, so in that regard there is no difference.)
If your app relies on server-side functionality to work, you should look into the SafetyNet Attestation API to see if you can block cracked apps from working by having the server refuse to talk to an app if it can't prove it was installed from google's app store.
The attestation API can be used to detect probable root, but that's not the only thing it does. It can be used to detect if an APK is modified(and thus probably cracked) or not. There are various things you can check for and you can allow rooted phones while disallowing modified APKs.
A link to your app's apk is the fourth search result for your user name. Are you going to target duckduckgo too, as they're doing basically the same thing.
> “If you have reason on your side don’t fear to challenge Google.”
I like this. People forget that just because you agreed to a contract, it doesn't mean you have to put up with everything in it as a court might disagree with the facts and circumstances.
If only the courts showed half as much willingness to regulate Apple as Google. Remember when steam was banned from Apple's app store, and Apple retroactively modified it's ToS to justify the ban?
How is apple able to not getting any EU slack for allowing little to no competition on their devices. I know their market share is a little less, but it is still pretty big in Europe.
Who knows what the original play store apps did to begin with. Most of the top apps are basically malware. Maybe someone added a bitcoin miner to the existing spyware that came from the original app but it just comes back to the same thing that you can't trust proprietary software to be safe.
But at least if the original play store apps have spyware issues, you can generally find a developer/company behind them to blame. If Google updates the Gmail app to include a bitcoin miner, people are going to find out and be pissed at Google.
If someone takes the Gmail app, injects a bitcoin miner and uploads it to a third-party store, who gets the blame?
Will Google pay me damages if they let someone distribute malware on the Play Store, as has happened before? As far as I know, they won't, so how is Aptoide any worse?
My point is that saying it's all the consumers responsibility is a highly one-sided argument in favour of the vendor/service provider.
The amount of work a person would have to do to research every facet of every product they buy is insurmountable. There is no possible way for them to know everything about a product they are thinking of buying or using.
Expecting the average user to know which apps on any given app store are ridden with malware is a mighty tall order.
The customer will always have some level of ignorance about the product, so some measure of consumer protection is required.
Probably the most interesting thing here is that after Google has just reworked it's licensing to suggest Google Apps are "worth something" as opposed to just being "free", now Google is prohibited from banning a top method of sideloading them.
The emperor has been revealed to be wearing no clothes. I wonder if Google will now start implementing DRM into Google Apps to prevent them from running on unlicensed phones.
The other place this gets interesting is that most Google Apps are just clients for online Google services, services offered free, which have (truly) free apps on iOS that aren't tied to a license fee. How long will Google be able to extract license money from Google Apps from Android manufacturers that Apple gets for free? How long will users tolerate being told this is licensed software that is just the best way to access gmail.com or youtube.com on their phones?
Wut? They only started charging EU manufacturers for the apps because the EU courts required them to. They want as many phones as possible using the apps if they can, to get more users into the online services.
EU courts didn't require them to start charging manufacturers. Google chose to start charging for them, since they were upset the EU told them they could no longer make access to them conditional upon preloading Google Search and Google Chrome, which are where Google makes all it's money on ad revenue.
Google could absolutely allow users to install the YouTube app or the Gmail app with no strings attached, but they don't want to do that. They want them tied to Google Search/Chrome, like in the rest of the world, or for a fee, like in the EU.
While Aptoide is probably not the ultimate answer, Google does not have a leg to stand on here given the amount of censorship they have been practicing on the app store by banning apps such as Gab.ai. Irregardless of whether you agree with the content on Gab, they are not perpetuating viruses, harming the system etc..
The fact that Google can majorly affect your business by denying you access to the app store is a real problem. Apple is guilty of this too and these are problems with the entire mobile space.
I've worked in Aptoide, they aren't a virus company. They even spent a lot of resources fighting virus but that's always a cat and mouse game and given the amount of resources they have vs amount of users that can publish an apk (everyone) it gets hard.
If you think they are manipulating the published apps, you are free to fork the Aptoide client on github.com/Aptoide and create your own version.
That's precisely why Google wants the average Android user with uncertain tech knowledge to use the app store. It uses Google's immense machine learning and ops resources to fight malware and malicious apps.
It would be more like if Pirate Bay sued an ISP for blocking end users from accessing their site. Aptoide makes it easy to find and install the apps; it doesn't create or modify them.
