| ▲ | mrtksn 2 days ago |
| The Android verification is such a broken experience. Recently I decided to purchase a dev account for my company, so far: 1) Provided my company DUNS number etc. once to create the payment profile. I did this some times ago, don’t remember the details but it was an involved verification process and it is marked as verified business payment profile. 2) Later on the payment step verified myself with a passport and bank statement to be able to actually pay with a proper HSBC bank card. Not shady pre-paid card or something, those are not accepted anyway. 3) After I paid I was told that now I need to verify my identity once more but this time with the passport and the incorporation certificate or some other company document. fingers crossed that in few days it will be verified. While waiting, it tells me that there are still website and email verification to do once the previous step is done. I already verified my e-mail a few times before paying. It’s painful, slow and annoying because if you fail at a step(i.e. needs verification that takes days and you are told about it at the payment step) you have to start again with the forms. I just remembered why I never use Android. It seems like no one owns the process and as a result you get unpolished shitty experience that fulfills the requirements of god knows how many people who work in the same company but don’t talk to each other. |
|
| ▲ | hbn 2 days ago | parent | next [-] |
| I released an Android app to the Play Store ~10 years ago and the most important advice people were always sounding alarms about online in Android dev communities was to not publish under your real Google account you care about, because it's not unlikely a bot will ban your entire account because of some vague infraction that's near impossible to appeal. Google seems to actively hate people who develop for their platforms. Which I don't believe is a good move with their current hand, where young people in wealthy countries (i.e. the future of people who will spend money on apps) are something like 90% iPhone users these days. |
|
| ▲ | lm411 2 days ago | parent | prev | next [-] |
| The whole Google Play experience is awful. Recent things I've had to do: 1) Re-submit an app after it was rejected and labelled a gambling app (it wasn't even close - a 15 second look by a real human would have seen that. This one was even appealed and the support was utterly useless. I ended up changing one word and re-submitting the app, approved no problem. 2) An existing app, in the Play store for years but a nice app - only about 500 installs. I had to submit a new version for no reason whatsoever... Except to keep the customers developer account active. Those are just issues I've dealt with in the last month or two. Every single time, Google Support is completely useless - including the appeals process, which is an absolute joke. |
| |
| ▲ | umvi 2 days ago | parent | next [-] | | Not to mention if you made one app in college and then didn't keep up with the SDK updates, Google perma-closes the entire Play account such that the only way to publish a new app is by creating a brand new gmail account | | |
| ▲ | Dwedit 2 days ago | parent | next [-] | | Forcing people to keep up with SDK updates is a bad thing in itself. Let people target the earliest possible feature set and make the app run on as many phones as possible rather than showing scary messages to people due to targeting an older API. | | |
| ▲ | AussieWog93 2 days ago | parent [-] | | I think the problem is that older SDK versions allowed you to do things like scan local WiFi names to get location data, without requiring the location permission. So bad actors would just target lower SDK versions and ignore the privacy improvements | | |
| ▲ | john01dav 2 days ago | parent [-] | | The newer Android version could simply give empty data (for example, location is 0,0 latitude longitude, there are no visible WiFi networks), when the permission is missing and an app on the old SDK version requests it. Of course, they don't like this because then apps can't easily refuse to work if not allowed to spy. | | |
| ▲ | jpollock 2 days ago | parent [-] | | That can have some very extreme legal ramifications. Consider - it's a voip dialing client which has a requirement to provide location for E911 support. If the OS vendor starts providing invalid data, it's the OS vendor which ends up being liable for the person's death. e.g. https://www.cnet.com/home/internet/texas-sues-vonage-over-91... which is from 2005, but gives you an idea of the liability involved. | | |
| ▲ | pocksuppet 2 days ago | parent | next [-] | | Phone companies are required to make sure 911 works on their phones. Random people on the internet aren't required to make sure 911 works on random apps, even if they look like phones. | | |
| ▲ | squeaky-clean 2 days ago | parent [-] | | The comment you're replying to literally has an example of an internet calling service being fined $20,000 for not properly directing 911 calls. I guess Vonage should try to appeal the case and say pocksuppet said they're not required to do that. | | |
| ▲ | pocksuppet 2 hours ago | parent [-] | | Vonage sells phone services that happen to use the internet. This is not the same as being WhatsApp. |
|
| |
| ▲ | eviks 2 days ago | parent | prev [-] | | It can't have "extreme ramifications", Google's own phone couldn't call 911 for a while. And you can manually force only the voip dialing apps instead of everyone |
|
|
|
| |
| ▲ | lm411 2 days ago | parent | prev [-] | | Yeah the SDK updates... For sure. Another pain in the ass. |
| |
| ▲ | thayne 2 days ago | parent | prev | next [-] | | Maybe it's better now, though I doubt it, but my experience publishing on the Apple app store years ago wasn't any better. | |
| ▲ | fakwandi_priv 2 days ago | parent | prev [-] | | So what was the word you changed? |
|
|
| ▲ | hansvm 2 days ago | parent | prev | next [-] |
| That sounds a lot like my experience as an Apple Developer too, with the added bonus (unclear from your description if you experienced this too) that they took my money before the verification process was finished and wouldn't refund it once their AI couldn't connect my face to my ID and wouldn't let me connect with a real person (the first dozen times were on them, but after that it was maybe my fault for including a middle finger in the photographs). Is there a way around this shitocracy? |
| |
| ▲ | _66o 2 days ago | parent | next [-] | | Going through hell with Apple Developer too. I didn't have to do much in terms of verification (probably because I created an account as an individual) but app submission is another story:
- first time I got rejected for mentioning a name of a third party in my app description. The app description said: DISCLAIMER: not affiliated with xxx - after fixing the app description I got rejected for using my app name(?!), multiple back and forths with the reviewer got me nowhere, they just copy pasted the same response not addressing my messages at all - filled the app store review board appeal, it's been 5 days and I've got no response. At this point I'm seriously considering rewriting the app for MacOS and distributing myself. I can't imagine going through all of this with every app update, it's beyond ridiculous. | | |
| ▲ | GCUMstlyHarmls 2 days ago | parent | next [-] | | Lieutenant Appleby rejected my submission almost immediately. The notice informed me that I had committed the grave offense of impersonating a third party in the description. "I didn't impersonate a third party," I explained in my message to Lieutenant Appleby. "I only wrote a disclaimer stating: Not affiliated with ACME." "Exactly," lieutenant appleby replied. "By stating you have nothing to do with ACME, you have involved ACME. Therefore, you are unlawfully impersonating an unaffiliated party." "But I only mentioned them to prove I wasn't affiliated with them!" "Which is a violation," Lieutenant Appleby pointed out. It was a Catch-22. The Guidelines stated that to prove you were not affiliated with a third party, you had to write a disclaimer. But to write the disclaimer, you had to type the third party’s name, which was a strict violation of the rule against mentioning third parties you were not affiliated with. I deleted the disclaimer, thereby making myself safely affiliated with nobody by refusing to acknowledge anyone. I resubmitted the app. Lieutenant Appleby rejected it again. "What is it this time?" I asked. "You are using your app's name," Lieutenant Appleby replied. "Of course I am using my app's name," I replied back. "It is the name of my app." "You cannot use that name. It is trademark infringement." "Infringing on whose trademark?" "The app's." "But I am the app! It is my app!" "Which is exactly why you cannot use it," Lieutenant Appleby wrote patiently. "If you use the app's name, you are impersonating the app. And impersonation is strictly forbidden by the Guidelines. An app cannot go around pretending to be itself!" | |
| ▲ | skydhash 2 days ago | parent | prev [-] | | At this point, my phone is PDA level, mostly useful for quick checks. I use a laptop for computing. I know as a tech nerd, I’m far out of the bell curve, but I can’t really bother with those shenanigans unless they’re paying me for it. |
| |
| ▲ | pjmlp 2 days ago | parent | prev | next [-] | | Develop only Web applications, that are mobile friendly, notice I said mobile friendly, not PWA. However, thanks to many of us that only favour Chrome like IE of yore, and ship it alongside their "native" applications, the Web is nowadays ChromeOS Application Platform, so we are only a couple of years away of Google owning that as well. | |
| ▲ | edarchis 2 days ago | parent | prev | next [-] | | Play the GDPR card, even if you're not from Europe. Find their DPO and state that you want to appeal the automated decision to a human. Companies operating in Europe must provide a clear way to appeal automated decisions:
https://www.edps.europa.eu/data-protection/our-work/publicat... You might not have a way to actually file a complaint against them but quite often, their legal department will just have a quick look at your case and just give you what you want without bothering to tell you anything. Worth a shot. | |
| ▲ | cuu508 2 days ago | parent | prev | next [-] | | > Is there a way around this shitocracy? Refuse to play. Switch to technologoy that the shitocracy has not gotten around to yet, or, eventually, pick up woodworking. | | |
| ▲ | Freak_NL 2 days ago | parent | next [-] | | I am doing leatherworking as well as woodworking. No idea if it is possible to actually make money with this¹, but damned if I'm not giving it a go just to have skills in an area where AI is not a threat for the coming decade. At the very least these crafts allow me to make things which do not exist and cannot be purchased off the shelf. 1: I mean, it is, certainly. I'm just not sure if I can make money by making leather gear. | |
| ▲ | kaizenb 2 days ago | parent | prev | next [-] | | Exactly. This is why I love building web apps, shipping features easily without needing any one's approval. | |
| ▲ | ozim 2 days ago | parent | prev [-] | | Do what everyone is doing a web app. |
| |
| ▲ | buzer 2 days ago | parent | prev [-] | | > Is there a way around this shitocracy? If you are in EU you could try complaining to your local DPA. That certainly sounds like "automated decision which produces legal effects concerning him or her or similarly significantly affects him or her" which is against article 22 of GDPR. Or you could consider suing them directly at least for the refund. Outside of EU maybe try passing law like GDPR to actually get some rights back. |
|
|
| ▲ | fc417fc802 2 days ago | parent | prev | next [-] |
| If this is a business account why do they want your passport? And why are you paying with a personal bank card rather than a business one? Or do I misunderstand? |
| |
| ▲ | __float 2 days ago | parent | next [-] | | They may want proof that you, the human filling out this form, are authorized to publish apps, communications, etc. as the company you say you represent. | | |
| ▲ | fc417fc802 2 days ago | parent [-] | | How does a passport solve that? Most small private companies are entirely opaque. A government ID doesn't help you determine authorization. It won't even help you determine ownership since anyone doing things sensibly will be using a registered agent to hold the company on his behalf. The correct approach here (AFAIK) is to punt the trust decision to the bank by requiring payment with a method that you can confidently trace to the company. | | |
| ▲ | kube-system 2 days ago | parent | next [-] | | Yeah I would imagine that the value the get out of a passport is not anything to do with validating a company (they’re cheap and easy to make anyway) but validating the person (which is not a throwaway entity) | | |
| ▲ | fc417fc802 2 days ago | parent [-] | | Fair point. However that invites those bad scenarios where someone gets blacklisted by BigTech in some manner, later gets hired by a small business, the new employer adds an association to the blacklisted account, and suddenly the company app is banned from the app store seemingly without reason. At least a few such stories have appeared on HN over the years. I feel like pay to play ought to be sufficient because in addition to being a barrier to entry it also provides funds for moderation efforts. | | |
| ▲ | Muromec 2 days ago | parent | next [-] | | >suddenly the company app is banned from the app store seemingly without reason. At least a few such stories have appeared on HN over the years. Which is not that unreasonable even. If a person is flagged for making scam apps, them having publishing rights in a reputable place makes taints the reputation of such place. You should be able to appeal of course and the oauth should not be towards google in the first place, but being associated with known fraudsters and scammers is not what you want. | | |
| ▲ | fc417fc802 2 days ago | parent [-] | | That seems at odds with how our society is structured. We treat employees as interchangeable cogs. If someone commits a crime they are tried but their family, friends, and coworkers are not. Guilt by association without any act having been committed seems wholly incompatible with both our principles and common practices. It's even more nefarious when it comes to BigTech because you can be blacklisted without having committed any actual crime and without anything resembling a trial. Individual accounts and employee accounts are conceptually distinct. Permitting anything less gives large companies free reign to run roughshod over the individual by unilaterally depriving him of his livelihood. | | |
| ▲ | iamnothere 2 days ago | parent [-] | | > If someone commits a crime they are tried but their family, friends, and coworkers are not. Guilt by association without any act having been committed seems wholly incompatible with both our principles and common practices. This is no longer the case, see the example of Hüseyin Dogru, a journalist who faces political EU sanctions (no trial) and now cannot transact with EU citizens or travel. Authorities have now siezed the bank account of his wife and are treating her as if she is sanctioned, even though she is not, so their family is now broke and cannot even pay for food. Because they are not allowed to travel they cannot return to Switzerland. This kind of blacklisting also comes up in non-sanctioned contexts with de-banking and political de-platforming based on government pressure. The world is headed to a very dark place. |
|
| |
| ▲ | kube-system 2 days ago | parent | prev [-] | | There are better ways to do it but Google has long demonstrated they’re not primarily concerned with accuracy or user experience, but instead, whichever solution can be automated and effective. |
|
| |
| ▲ | mrtksn 2 days ago | parent | prev [-] | | My government ID card expired and I was too lazy to renew it but I had my passport at hand so why not? BTW both the id card and the passport have cryptographic authentication and you are able to open a bank account or use govt services completely online by scanning it with the phone Rfid . They could have make me scan that, scan my face and be done with the identity verification. My identity is already verified and tied to my company the same way and also
listed in the companies registry which means they could have had skipped all the other company verification stuff too. | | |
| ▲ | fc417fc802 2 days ago | parent [-] | | That all makes perfect sense but consider that if they simply punted to the bank as I described they would still get the same benefits only with even less complexity. The bank fundamentally has to do robust identity verification. Any party that needs to handle payments while also lacking a reason to be good at performing in house identify verification really ought to make use of the bank because you are highly unlikely to be better at it than they are. The entire cumbersome process you describe can be viewed as Google doing a significantly worse job of verifying your identity than the bank would have. As an aside, I suspect that leaving it to the bank would also provide additional legal protection. Specifically anyone attempting deception will most likely be forced to commit fraud against the bank which will probably be taken much more seriously than otherwise. | | |
| ▲ | mrtksn 2 days ago | parent | next [-] | | I agree, in Europe(EU, UK, Turkey and other countries) banks are considered perfect for proof of ID. In UK a bank statement is as good as an ID, in Turkey for example, you can sign in into the government portal through your online banking and it is considered higher level secure authentication and you can take high risk actions(like signing legally binding contracts) that you can't do by signing in just with password and 2FA. | |
| ▲ | Muromec 2 days ago | parent | prev [-] | | The bank has to perform the authorization and identity checks, but the bank will not make them for you, they do them for themselves based on their own risk analysis. The scope of authorization could also be different based on who it's presented to. The authorization is not transitive so to say. >As an aside, I suspect that leaving it to the bank would also provide additional legal protection If it would, they will have to pay the bank for it and the bank should also be willing to accept the liability (spoiler alert -- the will not be willing to accept the liability) | | |
| ▲ | afferi300rina 2 days ago | parent | next [-] | | Google wants the authority of a gatekeeper without the overhead of human accountability. They automate the "no" but offer no path to a human "yes." | | |
| ▲ | Muromec 2 days ago | parent [-] | | That's all fine, they can want their wants, but then, once the bad cop writes them strongly worded letter and they start throwing tantrums over "regulation". |
| |
| ▲ | fc417fc802 2 days ago | parent | prev [-] | | > The bank has to perform the authorization and identity checks, but the bank will not make them for you We aren't talking about authorization, only about identity verification. I'm no domain expert but it is my understanding that banks provide these sorts of services. They certainly already have all the necessary information on hand both for practical reasons (security) as well as legal (KYC and AML laws). > If it would, they will have to pay the bank for it ... For the identity verification? Probably, depending on how you went about it. What's the issue? This is already a paid process we're talking about here. For the additional legal assurance that I described? No, that doesn't cost extra. Please read what I wrote more carefully. It's a transitive property due to the penalties involved in addition to the degree to which the legal system and the bank care (at least assuming my understanding of that legal environment is correct). |
|
|
|
|
| |
| ▲ | nandomrumber 2 days ago | parent | prev [-] | | It’s entirely ordinary to carry on a business as a sole trader. That is you, for tax and legal purposes in the jurisdictions within which you reside, an individual, operating a business by yourself as yourself. |
|
|
| ▲ | heyethan 2 days ago | parent | prev | next [-] |
| Feels like too many owners.
Each step makes sense, but the whole thing doesn’t. |
| |
|
| ▲ | hnburnsy 2 days ago | parent | prev | next [-] |
| Can you pay with Google Play GC or Google Play points, and if not, why not? |
| |
| ▲ | mrtksn 2 days ago | parent [-] | | I believe you can’t. BTW Apple allows you to pay for a developer account with in app purchase from the developer app on your iPhone. Still has limitations and you may be rejected depending on your payment method and some other factors but even the fact that it’s possible makes it 1000 better than Google’s way of handling it. |
|
|
| ▲ | mcsniff 2 days ago | parent | prev [-] |
| What you're describing is not "broken", it's the process and it appears it hasn't even failed for you. My experience with getting a verified "business" developer account from Google mirrors the experience as getting one from Apple, except it's a one-time fee and much less than Apple. Yes there are hoops to jump through, identification usually requires some hoops, but pretty it's straightforward. I am not commenting on the requirements of these hoops, yes, it's BS that they exist but it's their platform so it's their rules. What type of "experience" are you expecting to have anyway? |
| |
| ▲ | mrtksn 2 days ago | parent | next [-] | | With Apple I filled the forms, accepted the agreements, entered the DUNS and paid with a card on my name and that was it. How does that mirror uploading my passport many times, entering company details many times, typing my e-mail and phone numbers many times both because I had to start over and because I was asked many times even if I provided these some steps back? Now I paid and waiting, hopefully I will later be verifying my e-mail address or something that I verified a few times prior. > What type of "experience" are you expecting to have anyway? The Apple experience. An experience that is well thought and streamlined, that doesn’t keep me entering the same information over and over again. I don’t mind paying a little more for well designed products. The $75 difference is nothing to justify this charade, I don’t think that that Google was short of $75 and designed this low quality experience, I think it’s engraver in their DNA. | | | |
| ▲ | debazel 2 days ago | parent | prev | next [-] | | > What type of "experience" are you expecting to have anyway? Being told upfront what is required to complete the process so you don't have to start over again multiple times? | |
| ▲ | 63stack 2 days ago | parent | prev [-] | | It's not broken, it's the process ??? What would you consider broken? |
|
