You must explain why you are requesting ‘android.permission.BIND_DEVICE_ADMIN’ - General Questions and Answers

recently received many mails from google for many of my apps.
The email content is:
Code:
Hi Developers ,
We reviewed your app, XXXXXXX, with package name XXXXXX, and noticed that it violates our developer terms.
REASON FOR WARNING: Violation of the Deceptive behavior policy
You must explain to users why you are requesting the ‘android.permission.BIND_DEVICE_ADMIN’ in your app. Apps must provide accurate disclosure of their functionality and should perform as reasonably expected by the user. Any changes to device settings must be made with the user's knowledge and consent and be easily reversible by the user.
Please complete the following actions within 7 days, or your app will be removed from Google Play: Read through the Deceptive Device Settings Changes policy for more details, and make sure your app complies with all policies listed in the Developer Program Policies. If you don't need the BIND_DEVICE_ADMIN permission in your app: Remove your request for this permission from your app's manifest. Sign in to your Play Console and upload your modified, policy compliant APK. Or, if you need the BIND_DEVICE_ADMIN permission in your app: Include the following snippet in your app’s store listing description: “This app uses the Device Administrator permission.” Provide prominent user facing disclosure of this usage before asking the user to enable this permission within your app. Your disclosure must meet each of the following requirements: Disclosure must be displayed in normal course of usage of your app. Your users should not be required to navigate into a menu or settings to view disclosure. Disclosure must describe the functionality Device Admin permission is enabling for your app. Each security policy used with the Device Admin request must be declared in your disclosure, and each policy must be accompanied with justification for the request. Disclosure cannot only be placed in your privacy policy, TOS or EULA. Alternatively, you can choose to unpublish the app.
All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts.
Regards,
The Google Play Team
its is enough to update the store listing and the privacy policy ?

I do not think so. You were clearly told that `` Disclosure must be displayed in normal course of usage of your app. Your users should not be required to navigate into a menu or settings to view disclosure.'' and ``Disclosure cannot only be placed in your privacy policy, TOS or EULA. ''

I received the same email regarding my app.
The instructions are quite clear at the first glance. On a closer look, however, it's not so clear, at least in my case:
in my app, the device administrator function is not strictly needed. It depends on what the user wants. The default is that it is not needed. If I would now push a notice and the handling to the main activity, I would hopelessly scare and annoy users who may never even get close to giving the app device admin permissions.
The process to request device admin rights includes a textual description by the app explaining why the permission is needed, and what sub-parts of the device admin rights. In my eyes this already fulfills the requirements in the email. Or does it not?
I'm in a very awkward position right now. The time they allow me to react is very short (7 days) and they don't even provide a reply address. I have now contacted the support team, but if I don't a reasonable response within a few days I might have to butcher this out over night and sure as hell will get bad reviews because of this.

For me it makes sense to remove this functionality for a while. And try to find out from Google what they mean by ``normal course of usage''. I'm afraid that you must show this disclosure in main activity every time regardless.

grfgames said:
For me it makes sense to remove this functionality for a while. And try to find out from Google what they mean by ``normal course of usage''. I'm afraid that you must show this disclosure in main activity every time regardless.
Click to expand...
Click to collapse
Yeah. Thing is that removing an integral part of an app on such short notice is likely to cause regression, let alone angry users that ask where the hell this has gone.
Google Play answered me now, twice, but only with the same lame text blocks. No real human interaction. I've now also posted to G+, let's see if anything happens there.
If I advertise this on the main page, I'm totally over-advertising an optional feature and even invite people to use it, which would be contrary to what Play want to archive. This sucks big time.

xrad said:
Yeah. Thing is that removing an integral part of an app on such short notice is likely to cause regression, let alone angry users that ask where the hell this has gone.
Google Play answered me now, twice, but only with the same lame text blocks. No real human interaction. I've now also posted to G+, let's see if anything happens there.
If I advertise this on the main page, I'm totally over-advertising an optional feature and even invite people to use it, which would be contrary to what Play want to archive. This sucks big time.
Click to expand...
Click to collapse
If you want your app to be available on PlayStore then what is so terrible about doing what they expect of developers that put their apps on PlayStore.
Everybody else must follow that rule, why shouldn't you?
It doesn't even matter what the circumstances are as to why you think it's unnecessary or unfair, all that matters is that is how it is to be done. Otherwise, no app on PlayStore, right?
grfgames said:
For me it makes sense to remove this functionality for a while. And try to find out from Google what they mean by ``normal course of usage''. I'm afraid that you must show this disclosure in main activity every time regardless.
Click to expand...
Click to collapse
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE

@Droidriven: had you actually read my post, then you would understand that I'm in favor of the rule, but that I am criticizing the way they handle explain and enforce it. Essentially, their premise is that a the apps they are addressing with this current campaign always want to be devadmin. Mine only wants to be so if the users asks for it. But Google doesn't tell anything about such a scenario and only talks to me using bots and people using predefined text blocks. All on very short notice.

xrad said:
@Droidriven: had you actually read my post, then you would understand that I'm in favor of the rule, but that I am criticizing the way they handle explain and enforce it. Essentially, their premise is that a the apps they are addressing with this current campaign always want to be devadmin. Mine only wants to be so if the users asks for it. But Google doesn't tell anything about such a scenario and only talks to me using bots and people using predefined text blocks. All on very short notice.
Click to expand...
Click to collapse
I know. I was just saying that you're gonna have to do it their way in the end anyway. It's unfair but it is what it is.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE

my main issue is i lost my keystore during a hard drive problem so i cant update the application how ever if i updated my description and my privacy policy and say that i clearly use this permission it will solve this problem ??

any help will be appreciated

Related

[SUGGESTION] How to tackle software thieves

I think everybody is well aware of the pain that software thieves like DavinciDevelopers and Chris Burchett is putting us through. Until Google cleans up their market policy and starts implementing some basic regulation, these robbers are going to continue stomping upon the intellectual property of the developers here.
As we all know, software thieves almost always exploit a very simple loophole: they delete signatures off the apks and then publish them to the Android market as a paid app under a different name, and everyone will be none the wiser. They make a quick buck from unsuspecting users who chance across the app and purchase it, and thus they profit off the labours of hardworking developers here. It matters little to them whether a thousand or a million users pass by their application page without choosing to install it, because every single user conned into paying for the app is a profit to them.
I strongly recommend that developers who publish their APKs here insert a pop-up into their application that appears on the first boot, stating very clearly that this app is freely published here (insert thread URL) and instructing the user to immediately seek a refund if he has paid for it, and to report the issue to Google.
In other words, probably something along the lines of:
PLEASE TAKE NOTE
This app has been freely published on XDA-Developers, and can be found at .
If you have paid for this app, PLEASE SEEK A REFUND IMMEDIATELY AND REPORT THE SELLER TO GOOGLE.
Click to expand...
Click to collapse
Additionally, you might also want to insert this in the "About" section of the app, if applicable.
Software thieves may be capable of deleting signatures, but they can't remove app elements. With users alerted to these dishonest actions, they will not only distrust them but send a flood of complaints pouring into Google, and sooner or later they'll have to pack up shop and think of actually doing something productive for society.
I'm sorry if this has already been suggested, but given the severity of this issue, I thought that it would be important to highlight this to all developers in here and out there. Not everyone may be aware of the dangers making the dive into application development, and fewer still might actually think of doing something about software pirates and intellectual property thieves.
Remember, this is only a short-term measure to help starve these software thieves of their ill-gotten gains (and perhaps also to create awareness for you and your thread). It does not preclude the usage of other anti-piracy measures, and it could be circumvented by the more tech-savvy of the thieves. In the long haul, we will still need to get Google to overhaul its Android Market policy to respect the intellectual property rights of developers.
Mods, please feel free to delete this or lock this thread if I am repeating what others have already proposed.
Madrenergic said:
Software thieves may be capable of deleting signatures, but they can't remove app elements. With users alerted to these dishonest actions, they will not only distrust them but send a flood of complaints pouring into Google, and sooner or later they'll have to pack up shop and think of actually doing something productive for society.
Click to expand...
Click to collapse
Just wanted to point out that this is not true. I've also seen people say that the package name cannot be changed. That's not true either.
A skilled developer could often easily delete app elements (Using obfuscation like proguard is a good deterrent). A crappy one might still manage, pirates do (Sure they'll add bugs in the process, but they don't care because they don't have to deal with the bug reports, you do).
A non-malicious example of hacking the internals of an app is how I enable long-press of Search on the Droid X/2 in my HomeSmack app (https://market.android.com/details?id=com.teslacoilsw.homesmack). Motorola hard-coded long-press of search to launch com.google.android.voicesearch/com.google.android.voicesearch.RecognitionActivity. So my solution replaces Google's VoiceSearch.apk with a modified one where I renamed Google's RecognitionActivity to RecognitionActivityReal and created my own RecognitionActivity. I kept RecognitionActivityReal functional so VoiceSearch can still be used.
It'd also be possible for the theifs to upload using your app signature. The disadvantage of course is that they can't modify it at all, even in the future.

[Q] App banned on Google Play. How to get an explanation if Google refuses to answer?

Our app has been banned on Google Play and we don't understand the reason.
We are a small company that developed a rather simple application that shows the users a list of tasks and tracks completion of these tasks. Similar to JunoWallet but a different one.
The app had been released in May and everything was fine until a few days ago the app has been suspended in Google Play Market. The reason was described in the e-mail:
"This is a notification that your application, XXXXX , with package ID YYYYYY, has been removed from the Google Play Store.
REASON FOR REMOVAL: Violation of section 4.4 of the Developer Distribution Agreement.
After a regular review we have determined that your app interferes with or accesses another service or product in an unauthorised manner. This violates the provision of your agreement with Google referred to above."
We had no idea of could be possibly wrong, so we asked the Google if it might be a mistake, or result of miscommunication. In response I received this e-mail:
"We have reviewed your appeal and will not be reinstating your app. This decision is final and we will not be responding to any additional emails regarding this removal.
If your account is still in good standing and the nature of your app allows for republishing you may consider releasing a new, policy compliant version of your app to Google Play under a new package name. We are unable to comment further on the specific policy basis for this removal or provide guidance on bringing future versions of your app into policy compliance. Instead, please reference the REASON FOR REMOVAL in the initial notification email from Google Play."
Great but not really helpful. I'm not even sure where to ask or if I'm ever allowed to ask anything how to fix the app.
The list of tasks is provided by a famous global vendor that's integrated into thousands of apps, so it might not be the problem. The only idea we have regarding possible "unauthorised access" is that the app scans the list of installed packages to detect fraud with BlueStacks emulators. But this action doesn't require special authorization, and there are lots of application in the Play market that scan installed apps, even specialised ones, like "App List Backup".
We even could delete this functionality, if we were sure that it's a problem.
I'm pretty sure that we are not the only one who fell in such situation. Does anyone have any experience on how to work this out? Is it possible to approach Google and get practically useful feedback?
My was recently suspended too, for a different reason. Can you please tell me how long they took to reply to your appeal?
shararti said:
My was recently suspended too, for a different reason. Can you please tell me how long they took to reply to your appeal?
Click to expand...
Click to collapse
Not sure about the exact number of hours but it was certainly less than a day
I remember there is a on-line feedback in google play, you could ask questions by online phones calls, although it may be not related to the apps, but i think it`s better to be solved by voice communication rather than pale messages,
PS. we`ve met this kind of problem with Apple, as they claim we`re violating the "unauthorized" kind of problem. And we`ve done the resummit that app(revised) back and forth, it`s a quite tough experience.:crying:
Iankicksass said:
I remember there is a on-line feedback in google play, you could ask questions by online phones calls, although it may be not related to the apps, but i think it`s better to be solved by voice communication rather than pale messages,
PS. we`ve met this kind of problem with Apple, as they claim we`re violating the "unauthorized" kind of problem. And we`ve done the resummit that app(revised) back and forth, it`s a quite tough experience.:crying:
Click to expand...
Click to collapse
Yeah. But I was never able to get any number or anything from them. Officially I meant. The most informative thing I get from them was this text: "Thank you for your email. At the moment we're only able to respond to the emails submitted through our contact form in the Developer Help Center." And they simply do not have the form for direct questions. They suggest to use forum and never answer there.
My app was suspended 2 times
My experience:
1. I developed my next app. I Called it "Gmail Reader", and used a gmail-like icon with additional graphics around it. Not very wise probably - but as I saw hundred another apps having gmail logo in their icon, I thought it was OK. Aaand.. Suspended.
2. I wrote a reply to the suspension notification, and I got a machine reply. Then I replied second time, and finaly a man answered:
"While we are unable to provide specifics as to how to bring your app into compliance, please understand that usage of certain app titles and images may cause confusion among users who are searching for the legitimate app from the original creator. Please visit our Policy Help Center for more information and examples on our policy regarding Intellectual Property.
If we can assist you further, please let us know."
So That was it - the icon and the title, I thought.
3. So I repackaged, renamed, changed icon (drawn it myself). Instead of Gmail in the frist place I put "XYZ for Gmail". However, I noticed later, that I forgot in my screenshots on 2 places the previous icon - so not even in the main place, just somewhere in the screenshot.
Suspended again. This time, no answer, I filed an appeal, answered in half day - no dispute, app terminated. But i RECOMMEND to file an appeal - there is a form for that - as you might get closer to the reason why. I got this:
If your account is still in good standing and the nature of your app allows for republishing you may consider releasing a new, policy compliant version of your app to Google Play under a new package name. You can learn more about why your app was suspended by reviewing our policy on impersonation. We are unable to comment further on the specific policy
I have NO idea WHO the hell I impersonated. I would really like to know.. And even more I'd like to receive a warning before suspension.
Up in the corner of developers console there is a questionmark and in certain hours if you click it, instead of EMAIL you will see LIVE CHAT. From that chat I learned, they will not and cannot give you ANY support regarding the policies.
I also learned, that a "account in good standing" means that you can still publish apps.
4. Previous app had thousand unique installs in 3 days. So of course I repackaged....etc.. everything again, now extremely carefully, no Gmail word used in title. But I'm aware now, that I cannot know everything and they can suspend for any reason I'm not aware of - I maybe used some words mattel copyrighted DD SO it is really "fun". Let's see.
That's my story until now, will post again - hopefully will get wiser without further suspensions - it is time consuming sh** !!!
BTW, I wrote a letter to Google Dev Support, so they think of creating support for policies - as there are many developers with good intentions contributing a lot, not knowing WHY they are stopped.
Best of luck to all...
Hello, we are facing same problem for one of our app which is as of now available in India only.
We are curating videos from youtube. We have not taken written permission from youtube or content owner.
We are not monetising anyhow as of now.
However, there are various app who are indexing videos from youtube similarly like us.
Please help us with this sorting it out. As this is very important to us. Also how do we contact youtube for written approval?

Freeware Apps - Redefining a Lost Genre

Freeware isnt something you really find much in the Android community.
You hear the term thrown around quite a bit, but even alot of what is termed as freeware, actually isnt.
The Lion's Share of Android apps are not Freeware at all, and the Vast majority of the so-called 'freeware' apps that are available for us to download & use daily are not truly freeware at all
I would like to draft a set of guidelines for what would ideally become a certification standard for the ethical creation & development of free apps
Apps adhering to this standard could be classified under this genre of apps, and even bear a symbol within the app, overlaid on its logo, showing users it belongs and mentioned in the app's description, showing users how it was developed, and stating that it adheres to the guidelines and fulfills the requirements of the new standard.
I would also like to compile a list of any existing apps which already meet these criteria
and all Apps filling these requirements will fall under the realm of this Guild.
Please feel free to offer your own ideas & input as to what you feel would be best for the end user, and any rules or criteria you feel are relevant to forming a framework of guidelines & prerequisites needed for apps to be called under this name, and be brought under the umbrella of this guild.
Please feel free to offer suggestions for the certification & class name and/or Guild name as well
this is all preliminary work, and I'm looking for anyone interested in helping to build this community and standard & promote its use.
There could be 2 classes of apps, Freeware & Benefit-Ware
Or there could just be one set of rules for each, stating "IF.. such and such, THEN... such and such"
If you are an App User, please mention anything you find annoying, bothersome, or troublesome.
If you are an App Developer who knows about or is displeased with the ethics and developments of certain apps which gives other apps and developers bad names, please mention anything you can that might assist us in reigning in the cowboys of the App Wild West.
Also, if somethings are simply & 100% "Not Possible" because of the Android OS, these would be issues the Guild will work to make Individual Device Manufacturers as well as the Android team at Google aware of
So, it could start something like this:
- An app should not contain ads nor promotions which cannot be closed or disabled
- An app should not contain any full-screen ads nor any ads which limit or effect user interaction with the app
- An app should not give reminders which pop up and ask the user for money, ratings, or to download additional apps
- All requests for financial support, ratings, and downloading of additional apps should be contained in the 'About' Section of the Apps Settings
- All apps which produce sound of any sort must include its Volume Controls, including in-app Mute
- All apps with services which wish to run at start up must include their own settings option to enable or disable "Start when Android Starts"
- An app must not Auto-start unless the User has specifically selected it to, nor shall it be kept running if it has not been manually Launched by a User since the last Boot time.
- An app must allow users to manually select the installation directory upon installation
- An app must have its own internal Uninstall button in the "About" Menu Settings
- An app must install 'portably', that is, without adding data to the internal phone storage
- All apps which save data must have a User-Selectable Save Location which can be used to replace the App Default Save Location
- All Apps must Uninstall completely and leave no folder behind, asking users whether or not to uninstall specific items which might contain important user data
I hope other people can add to this list
thanks
I would like to stress that this isnt a knock on any existing programs, nor do I expect anyone to change what they are doing who isn't willing to.
If you hate the idea of this, please continue doing what you are doing.
This is for people who want to join or participate because these are the apps they would prefer to use, or make.
thanks
Others may include:
- An app must ask users whether or not the user wants to add a shortcut to the users default Home screen, regardless of the user's own phone settings. Perhaps an "Allow Shortcut" selection for Shortcuts which are going to be added
- An app must ONLY install shortcuts to the program currently being installed, and can in no way add shortcuts to the Home screen, the apps drawer, or the installation directory, to any other program nor any website at all.
- An app may include a single, small, unobtrusive "Donate/Beer" button on a menu bar with other menu buttons, but to be at the far right or farthest/last menu item available on the menu
- An app must not include permissions for anything other than the express intent & use of the app for its specified purpose.
- No app may, at any time, access a users personal information unless the app has direct interaction with such information as directly related to a service it is providing as a primary function of the app - And even then, the apps access to information must not be sent online nor over the internet unless specified as such due to it being a primary function of the app - and if & when personal information is sent online, the owner of the server must have a secure server which is not accessed by himself or his employees, but in which information is automatically transferred by software to and from the end users needed locations, and to no other place shall the information be passed - Nor shall it be kept on the server while not being sent or received to/from the users locations, without the users express consent, as an additional option.
- A "Primary Function" is defined as a Function which is the main or only reason a user installs or interacts with the site, and will be the main focus of the apps description
- Secondary Functions are not allowed to gain internet access, nor have any interaction with any online server or service, nor be granted any access to personal information nor any stored data outside the apps own install directory, etc.
- Apps must, in a written disclaimer provided in the "About" section of the apps own settings, give specific details as to the apps permissions and justify with specific reasons and technical details why each function requires each form of permission, and exactly how the app will use each permission, including server specifications & information-handling specifics, where applicable.
- Apps qualifying for inclusion in the Guild will clearly label themselves in one of 3 categories exclusively - Freeware, Benefitware, or Trialware.
- Apps labelled as Free, or containing the word "Free" must 1.) be 100% ad-free, 2.) not be a Trial, 3.) be fully functional, & 4.) not bother users for payments, ratings, etc.
- Apps labelled as "Benefitware" may include 1.) ads adhering to the guidelines for the inclusion of ads, 2.) requests for financial assistance in accordance with the guidelines for requests of Financial Assistance, 3.) Added Functionality which is above and beyond the scope of the original, feature-rich, fully-functional program, & 4.) Other items which are primarily of benefit to the developer, but which adhere to the guidelines of Enjoyable, Unfettered User Interaction
- Apps labeled clearly as "Trialware" may 1.) Limit the functionality of the apps Primary Functions, 2.) Must have a fully-functioning trial period of no less than 30 days, 3.) Must not be limited in any way during the Evaluation Period (e.g. no "20-character", "2-page", "3-time" limitations, or the such), & 4.) after the Trial Period, the app will be completely 100% uninstallable, and a re-install of the app on a specific device will begin a new 30-day evaluation (Users will not be treated like criminals nor presumed Guilty of Fraudulent use before proven otherwise).
- Other apps will not gain classification, certification, or inclusion in the Guild, and may refer to themselves in anyway they care to, but may broadly be referred to as "junkware" if they are found to not conform to the Principles, Guidelines & Statutes set forth and adhered to by the Guild & its Members & Affiliates
-
Also:
- An app must have an option to turn off Automatic updates, and may not self-check for updates otherwise.
- All Settings a User sets must be permanent and may not be reset nor shall those permission requests for updates, etc, be altered or changed nor be made to reappear, nor require the user to specify the same setting more than once.
- No app shall ever contact its servers for anything other than a user-launched request for the specific function required by the user at the time of the request.
- No app nor server nor company shall in any way interact with its apps or servers in anyway other than to execute the exact function called for by the user according to the UI meaning and implicit intent of the action
-
I have checked almost all the setting of it..But couldn't find the prior results..What are the other alternatives of it?
MarkanthonyDonald said:
I have checked almost all the setting of it..But couldn't find the prior results..What are the other alternatives of it?
Click to expand...
Click to collapse
Hi, markanthonydonald. welcome to the forum, I see this is your first day registered, and your first post no less.
That's right, all the prior results are belong to the settings of it t almost at all from the prior r results, but dont stop trying your point o of that the alternatives are to us, and thats the most bases of it. ll
-
I like the idea of this, and from what youre saying and a few apps I use would fall into this category just fine IF certain things were moved into the 'about' option. How or why a dev would change their current, 100% working fine app, to modify this I dont know.
robneymcplum said:
I like the idea of this, and from what youre saying and a few apps I use would fall into this category just fine IF certain things were moved into the 'about' option. How or why a dev would change their current, 100% working fine app, to modify this I dont know.
Click to expand...
Click to collapse
Great Idea!
- An App must have a complete Version History contained in the About Menu Settings, or a Menu Item Devoted to Version History, with Detailed explanations as to why the changes were added, and if they are only to fix a bug with device x, why is it recommended to install it if you arent using that device
- Each App Update should be available as a complete App Stand-Alone APK installer, or installable from the Play Store Directly. No App should require Updates, nor provide updates for which there is no Standalone APK or an updated Google Play Installation.
alot of devs set up their apps just good enough to get on Google play, without getting kicked off, and then after you install it, they update the app with functions & behaviors that would get it kicked from the Play Store.
great work catching that one, thanks
-
robneymcplum said:
I like the idea of this, and from what youre saying and a few apps I use would fall into this category just fine
Click to expand...
Click to collapse
If you know of any solid apps that you believe fall into this category, or easily could, please post them here
We need a list of example apps that we feel embody the spirit of honesty, transparency, user-centric programming & packaging, and which are either made in the spirit of true freeware, or made in the spirit of goodwill, and have either Benefitware or Trialware which adheres to consumer-oriented needs & interests
The following behaviors DO NOT qualify for inclusion in the Guild:
- Any app which appears desperate to flash things in front of your face, particularly things which flash or change scenes or color rapidly, change in a single frame, or less than a 1 second cross-dissolve, and which are overly animated, bothersome, annoying, or which may lead to epileptic reactions, which cannot be permanently closed or disabled for the duration of the session.
- Any app which appears to desperately or urgently present users with matters of no immediate significance or importance to the user. This includes the pestering need for ratings, requests for financial assistance, downloading of the developers other apps or partner apps, offers to visit the Play store or any other external website, etc..
- Any Benefit-ware app with any full-screen advertisement at all, from Internal or external sources used to promote the sales, use, or downloading of its own other products & services or those of an external company
- Any Benefitware which does not allow you to close a bar-style advertisement with a clear, easily-accessed, and adequately-sized close button
- Any Benefitware which re-opens an ad which has been closed within the same 24-hour period, or since reboot.
- Any Trialware which limits functionality of its products to a state inconsistent with the primary function of the app
- Any Trialware which does not allow a minimum 30-day trial period
- Any Trialware which limits the functions within its trial period in any way
- Any Trialware which doesnt openly allow a re-installation of a Trial package on fresh uninstall/reinstall
A user is to be given as much time as is required for him/her to fully evaluate the product. Often times a user may begin a 30-day trial period, only to never have the time to use it, including having no time to even look through it the day it was installed
Furthermore, All apps containing promotions of their own products are to be classified as Benefitware, and not Freeware, even if there are no ads from external advertising companies.
Feel free to add to this list, or to add an app you believe warrants inclusion for its programming efforts, ethics, & merits
-
A similar Evaluation Period problem arises when users are given a 30-time evaluation. As one "Evaluation" day is simply a 24-hour period since the app was launched.
Launching the app by accident, or launching the app and immediately closing it, removes evaluation days from your trial, days in which no evaluating took place.
Even if we give each launch a time-specific interval where an app which is running for 10 or 15 minutes is considered "Evaluated" for one day, it doesnt take into account that launching the app then closing it where it sits opened in the background still takes away your evaluation days, or opening it, then answering the door or going to grab a sandwich also takes from your evaluation period
We could find other solutions to this problem, but one of the primary characteristics for an app or developer to be included in the Guild is to treat the user as if they were a guest in an actual store, and not a criminal pirate on a baby-killing spree, meaning:
- No app or developer should treat a user like a criminal, nor assume he is engaging or will engage in criminal activity, nor accuse him of such activities, nor behave in a manner which displays mistrust or accusations of users
- An app & developer must leave it to fate, heaven, and the common goodwill of mankind to have its requests & guidelines (such as for trials, etc) met, and can in no way behave in a manner which is inconsistent with good will
- All agreements made will be made in Good Faith with the community at large
you wont walk into a department store and be tackled by the security guards and forced to pay for something you didnt even try on, simply because you touched in on the rack, or be banned from the store for life until you do pay for it.. simply because the paranoid psychotic lunatic in charge of the store thinks everybody who walks into his store is a dirt-poor crack-head criminal out to steal his supremely precious goods
-
Also:
- An app is not to be created for the sole intention of Data Collection or Information Gathering, and apps which appear to do so will be blacklisted
- An app is not to be developed or created for the primary purpose of spreading advertising spam, shady promotions, other sites & services, etc, and any app found to be out of balance with respect to this criteria will be blacklisted
- Any app found to be in breech of any of the guidelines shall be blacklisted. Concerned Members could write a letter to the developer instructing them on the things they could change for inclusion in the Guild, if they so choose
- No app shall include advertisements or links of/to any shady or malicious programs or websites, including phishing sites, spoof sites, porn sites, or any site which executes malicious code or scripts, or which is deemed as an unhealthy website, program, or service by the world-wide community of web experts as a whole
- Any app or developer found in severe breech of the spirit of the Guild will be banned for life. Severe offenses include things such as falsifying information, deception, betrayal, lying, perpetuating viruses/malware or web-based attacks, hacks or intrusions, or stealing private information & personal data; the gathering of personal data for uses unspecific to the service or which willfully compromise the security & privacy of users; or if an app or developer is found to be using the information & data of users in a way which destroys the Integrity & Trustworthiness of the app & developer, and undermines, corrupts, corrodes, or destroys the Trust & Faith the community has put in the app & developer
-
chinarabbit said:
If you know of any solid apps that you believe fall into this category, or easily could, please post them here
Click to expand...
Click to collapse
I use zeam launcher, that definetely qualifies.
robneymcplum said:
I use zeam launcher, that definetely qualifies.
Click to expand...
Click to collapse
Cool, thanks
It seems its not under development anymore.
Perhaps a goal of the Organization can be to encourage, promote, or reward excellence in Programming as well..
It may help to motivate devs who've grown disassociated or whos apps may not be getting the attention they deserve.
I currently use Lightning Launcher, and I would definitely say it qualifies as well. It has the most features of any launcher I've tested, and one of the smallest foot prints as well.. its fast and minimalistic, and completely free, and never bothers you about anything.. it has more features than you'd expect from any high-priced app.. if it has additional paid options I dont even know, as the app is extremely feature rich and has all the functions you could ever want, and many more you havent even thought up yet
These kinds of apps make using Android Phones worthwhile
-
Other important requirements -
- Any App wherein the user enters personal, private, or sensitive information, which has the ability to sync Across Devices & Computers through Web-based Servers, shall:
- Provide a switch to turn off all syncing options & functions
- Provide an adequately useful method for SD Card Storage export which is not dependent on the software which was used to create it
- Be fully functional, practical & useful, as per the intent for use of the primary function of the app, in an offline state.
- No app shall automatically start Services such as GPS, Wi-Fi, etc, without offering a user Prompt for acceptance of such actions
- All apps which turn on services like GPS, Wi-Fi, Bluetooth, etc, shall contain a settings option to permanently disable turning on of any such external services
- All information Sent or Received through online servers or web services shall be secure & inaccessible by the host, in the following ways:
- The information & data sent by users shall enter the server and leave the server, and not be kept on the server except for the brief moment during transfer, without being subject to any sort of copy mechanism, nor filter, nor scan, nor shall accessing the content in any way while the information is passing through the server be allowed
- Information & Data uploaded to storage servers for later access by users shall be encrypted by the server administrators with 128-bit encryption, and be stored thus encrypted until it is Retrieved from the server by the user or users granted password access by the owner of the information.
- Server administrators & owners are forbidden from accessing any user information on their servers, and must encrypt the files & user data in such a way that its available only to the user, and otherwise remains in a software-encrypted state upon the server, inaccessible by server admins & owners
- Servers shall be vigilantly maintained and frequently tested for security
- If a server is used for "cloud" storage by the user, the User Data shall be backed-up in an Encrypted state, and frequently tested for data integrity
- Servers which are not secure and which do not encrypt user files & data files, or which do not design themselves to be secure from admin access of data and other third-party viewers, shall be known as "Public Servers", and a Warning Prompt shall appear on the device or computer each time the Server is accessed and data is sent or received (there shall be no method for disabling this prompt). The Warning Message shall clearly state the user is accessing a "Public Server" (capitalized) and that any data sent or received is freely viewable to third-parties, and server owners & administrators shall include themselves as third-party viewers
- First Party users & viewers (hereafter referred to as the "Owner") are designated as both the Device & User which uploaded the data to the server for storage
- Second Party users & viewers are defined specifically as both the Device & User which downloads or accesses the data which was previously stored, and who has been given password-protected permission by the Owner (First Party)
-Third Party is broadly inclusive of any organization, company, or individual who has access or potential access to the Owner's Data. Third Party also includes Devices, Computers, Servers, & Software which handles, accesses or views (or has the potential to do so), in an unencrypted state (not 128-bit or higher), any data or information belonging to or uploaded by the First Party / Owner, with the exception of Software or an Algorithm accessing the data for the sole purpose of automated Encryption to 128-bit level, or decryption from 128-bit, which does not copy, record, send or store any user-sent/received data at all, and which no other software or entity views, has access to, or monitors, records, sends, or retrieves in any way whatsoever
- "Encrypt" (also Encryption, Encrypted, Encrypting, etc) is defined as 128-bit automated, unmonitored software / algorithm encryption processed by a program without oversight or monitoring by any other software, algorithm, or entity,and which has no other function other than Encryption
- To Qualify for Inclusion in the Guild, Server owners must open up their server modules, processes and other relevant information to review by the Guild or one of its member affiliates for inspection, review, & certification. Server Owners must also provide sworn affidavits stating the integrity and security of the data, and how the data is used, who has access, how information is processed, transferred, encrypted, etc. and submit said Affidavits to the Guild before being removed from the Guild Security Blacklist.
-
I think we've already narrowed the list of qualifying software to less than what's available for Windows Phone
-
A qualifying app must also have the ability to retain full functionality after an Android OS reinstall.. meaning a portable install or an install which can use existing files found in File System Root/data/data without errors when reinstalling the app
No developer shall make any requests for donations or monetary compensation of any kind, who has included in his app any form of advertising or which has been given any permissions pertaining to user data & usage information
No App shall require specific permissions for advertisements or promotions.
No in-app advertisement shall require any special permissions or access whatsoever.
No advertisement or information gathering function shall piggyback on other functions requiring access or permissions, nor shall any advertisement or information gathering function utilize access or permissions granted to the app for its core, non-advertising, non-data collecting, non-marketing functions

Google Play support is evil

Dear fellow developers,
I wonder how log will it take before we will unite and take some serious action against Google Play practices. Maybe you heard about banned apps and blocked accounts. I got my app blocked today and believe me that it is VERY frustrating experience.
I can write what is wrong with Google Play developer support, but others already done that better: androidofvirtue. com/dear-google-play-we-need-to-talk-about-a-few-things/
Long story short, I feel that Google is abusing its dominant position on the market by providing little to no service to developers. Developers has no other option for app publishing as manufacturers are pre-installing its market to almost every device. Users have no option as they do not have any good alternative available.
Google must listen to us, we are helping them to get money and they are treating us like criminals without any explanations, without possibility to defend ourselves and without possibility to use other and maybe more reasonable app market.
As I am from the EU I wrote an appeal to European Commission to investigate the Google market position regarding the competition advantage abuse. I really hate do do it but currently I feel that I ran out of options and I hate more to feel so powerless against Google ignorance and stupidity of its app removal policies.
If you would like to help then write an appeal too. Contact is [email protected]
They must hear us!
what app did you make and whats the reason they removed it
The app was intended for automatic connection to open hotspots and wifi password sharing. It was possible to enter password for some wifi when you connected to it and it was then shared with other users. This function was explicitly named in the name of the app, description and under the password box directly in application, therefore every user was sharing the password by his will and he was well informed what he's doing. It was intended for sharing of passwords for various public places, cafés etc.
The funny thing is, that the app got approved on Amazon which is also very strict, but obviously employs sane people.
The reason for banning is here:
REASON FOR REMOVAL: Violation of section 4.4 of the Developer Distribution Agreement.
After a regular review we have determined that your app interferes with or accesses another service or product in an unauthorized manner. This violates the provision of your agreement with Google referred to above.
Click to expand...
Click to collapse
I think that they think that I was phishing the passwords or something like that. Or maybe it is not ok to connect to open wifi automatically. Or maybe they think that if somebody share password for some hotspot then other people are not authorized to use it, however I feel that if I share password then I am giving implicit authorization to other users.
Thats the worst part -I simply don't know what is wrong. Can I fix it by adding some policy agreement? Should I ask user for some explicit permission to share the password and authorization for other users to use it? Isn't it a bit crazy?
The whole thing is not about me or my app. I just spend like month of evenings to build it and catch all the bugs, I made worse investments. What I really don't like is the Google attitude. They are keeping their developers in uncertainty, they are threatening them and they are behaving like the worst essence of corporations. We just need alternative store to become strong enough otherwise Google will not listen to us.

Serious, unpatched vulnerabilities

Before I begin, I'm not here to flame tbe devs as I would love this app if these issues weren't present and do hope this problem is resolved as a result of bringing it to the attention of the community and hopefully this app's devs.
This application has serious vulnerabilities, some of which should be quite easily patched yet have not been for months to a year or so of them having been made public by a reputable security researcher working for Zimperium.
Login information via the browser is not utilizing a secure form of encryption for both web.airdroid.com or when accessing via local IP despite their SSL cert being valid for *.airdroid.com. The key for the DES encryption being used to hash the password and e-mail being hardcoded into the application despite having a POC for an attack on their users is inexcusable and shows a blatant disregard for their application's level of access as well as their user's safety and security.
My finding (as a security noob) has also deeply disturbed me following no response to bug reports or email contact. While attempting to check out their Windows desktop client, my antivirus discovered the installer attempting to download a variant of adware which monitored the user's activities and provides monetary incentives to developers which include it within their programs and applications. I do understand that if something is free, the product is you. However, I am a paying customer of this service as I'm sure many who use xda would be in an effort to support development of software and applications we enjoy. This adware was ran through and confirmed with VirusTotal and certainly is not a false positive. This desktop client also does not use SSL for communication.
Due to discovering these problems, I immediately discontinued use (the same day I renewed my yearly subscription). However, I was unable to remove the application from my phone without a full factory reset even after both application updates and upgrading android versions. With it set as a device administrator, it's access must first be revoked before uninstalling. However, across multiple devices and versions of android, attempting to remove it from device administrators causes a crash of the android settings app.
I had planned to do a POC for what I feel is an extremely likely scenario based off both public vulnerabilities as well as what I had discovered myself, but I have been far too busy with a few other projects as well as work to complete it yet. I had just stumbled across this section of the xda forums while looking for something else and hoped to get a response from the devs of this app.
I would love to be able to utilize an app with this functionality. However, there needs to be far more focus on security in its design before I would ever feel comfortable utilizing it again.
In theory, it would be entirely possible for an unstable, technically inclined person at a local coffee shop (or other public location with unsecured an wireless network) to hijack a user's login information with minimal skill level required then giving them full, unadulterated access to the application's functions such as forcing gps or camera on to track or watch someone without their consent as all connections aren't even requiring the user to accept the incoming connection on their phone to perform these actions. That is not a farfetched scenario and presents a possible threat to someone's physical safety.
Link to said researcher's findings can be found on his blog by searching Zimperium airdroid multiple vulnerabilities as I just created this account for this post and can not yet post outside links.
Thanks a lot for all this information. I really appreciate it.
Why hasn't this been addressed yet?
I remember reading this a while ago, realizing that it is a serious issue, and just how little the devs care about security on their app.
This is mainly because most end-users don't dive this deep into an app, and don't fully comprehend the severity of such vulnerabilities until it is too late.
We should make a bigger fuss about these things!
I've always been very careful with RAT-type apps and so I was when checking out AirDroid. I've uninstalled it after 30 minutes of using, just because I didn't like the fact, there's a chance some undesirable person could start spying on me. As I read this thread, I'm realising how right I was that time.

Categories

Resources