And all this article is "just" about the building of the Java/Kotlin application :)
Native NDK is another can of worms, with updates linked to SDK or sometimes not, unclear documentation about device and API compatibilities, compiler behavior changes and other requirements (like the 16K one) that impact so many 3rd party native libraries.
But, of course, the rules on the uploading and the changes of the Console, that changes so often is what makes it painful.
The absolute nightmare is about giving Google the root signing key of your application, the unfinished business about app bundles (which should reduce the size of the downloaded app, and more often than not, make it bigger), the changes in compliance, letters to sign for different countries, the compatibility for Google form factors (XR, TV, Auto, Automotive), Inline installs and other Teacher Progams, Play for family and so on.
All of this changes non-stop and is very poorly documented :)
At least, the Play Store is still GPLv2 compatible, so for now, we're saved (VLC)
> The absolute nightmare is about giving Google the root signing key of your application
I wish more people talked about this. At Amazon, I helped with the early threat modeling around adoption of "App Signing by Google Play", which requires sending your app's root signing key to Google (and is now required, with no publicly-available opt-out for new apps.) It would have added some nice things for Android devs: app bundles, smaller downloads, instant apps, etc.
That said, we imagined the following scenario, and were unable to find a reasonable mitigation at the time:
It seems plausible the US government could send a NSL (or similar) to Google and force them to distribute modified APKs for apps like Signal (ex: to exfiltrate keys). This would be nearly impossible to detect, especially if the modified APK were distributed to only an individual user, or a small group. A few people raised concerns [1], but I don't recall Google ever giving a reasonable response.
Valid reason for them is they would have to spend money on supporting and maintaining cross signing. I can image it is much much cheaper to just store priv key.
So if they can get away with it they just do it, no one is there to stop them.
> > The absolute nightmare is about giving Google the root signing key of your application
> It seems plausible the US government could send a NSL (or similar) to Google and force them to distribute modified APKs for apps like Signal
Since when do you have to hand over your signing keys to Google? I seem to remember the Signal devs saying that they preferred publishing their app on Google Play as opposed to F-Droid because in the former case they control the signing keys. Has this changed?
Well, this is one of those HN comments that I will never forget. Someone wrote (and then removed after a buyer purchased it and required it's take down) a stylometry analyzer once for HN comments. A supposedly senior-y Google-r lambasted some Snowden slides commenting things were impossibly unimaginable inside Google (this was before it has done become widely accepted that internal services at such companies such of course be using some transport security). I got in some silly fight with someone ... 13+ years ago? These are specific things I remember. And now probably your comment.
I didn't trust stock Android before, and I felt the sinking-gut feeling as soon as I realized where "upload root signing key" was going, but spelling it out here puts a ... fine point on things.
Thanks for sharing this.
I agree with your sentiment as one of my Android apps use vox SDK.
However, my experience is very limited compared to you to write about it.
> The absolute nightmare is about giving Google the root signing key of your application,
I haven't and I don't think it is required.
> the unfinished business about app bundles
Can you elaborate what's unfinished here?
> the compatibility for Google form factors (XR, TV, Auto, Automotive),
My app is disabled for Android Auto in production.
If I re-enable, then it gets rejected during the review.
I have never been able to precise fix the issue they are raising to let me re-enable Android Auto.
For Chromecast (TV), I have to run a web server inside the app to serve the media.
NDK is bad, feels like a 20% project, and I think if it wasn't for game devs, the userspace would be Java/Kotlin only, just like ChromeOS is V8 only, for all practical purposes.
However a good way to minimise headaches with NDK is to stay by the Google rules, it is a complement to Java/Kotlin, with a specific set of APIs, and not a way to pretend Android is GNU/Linux.
Also, things like debugging suddenly stopping to work after upgrading NDK/SDK versions without a peep by adb about what might be the problem. But who needs debugging right? ;)
It's really copied from Apple's anti-consumer measures, which seem to be targeting free software. (Not just free as in speech, but also free as in beer.)
A developer might not care whether or not a fun project earns them anything, but Apple and Google want their cut, so if they make distributing software through their store expensive and time consuming, the free stuff will fall by the wayside, so the only options for a simple tool are either ad-laden or have recurring expenses.
Also, I used to think that getting an FPGA IDE up and running was the most painful, unreliable, and bloated development environment possible, then I met Android Studio.
The most effective way Google uses to keep free software out of the Play store is the search function and description rules.
You can put free, user-friendly software into the Play store. The Play store shows whether software contains ads or in-app purchases. But the Play store doesn't let you search by those criteria, and IIRC developers used to be prohibited from clearly advertising the main distinguishing quality of their software in the title (couldn't find the rule in the policies anymore so this may have changed).
Likewise, users can't search or filter for app size, which not only affects how much space the app eats on your phone but is also a great proxy for how much crap is bundled inside it.
So in effect, the good apps will be impossible to find amid the sea of SEO-optimized and/or paid placements of ads that can afford to do that because they are full of ads.
Oddly enough, I try to search for paid software because if I buy a game, I want to be able to complete it. Not like pay $5/month to access half the game, and another $50 to get to the final 20%, and another $100 to get to the final 5%.
It's not letting me do that either. Google Play Games (the separate app) has such a filter but it's seemingly random.
People don't shop at Amazon for the amazing UI around buying stuff. It's absolutely ludicrously atrocious for a trillion dollar company. But the focus is getting you to buy the items that make them the most money, not the item you want.
> It's really copied from Apple's anti-consumer measures, which seem to be targeting free software
AFAIK, Apple also charges $99 per year to maintain a developer account on the Apple App Store, effectively shutting out any hobbyists who would like to provide their app with no monetization.
> the only options for a simple tool are either ad-laden or have recurring expenses.
> Well, at least I've learned not to bet against the cheaper way of doing something. If the Play Store is too expensive to list in, F-droid will thrive.
F-droid has nowhere near the reach of the Play Store.
You can't tell your non-geeky friends to install F-droid to install apps from F-droid.
The title submitted here is “Maintaining an Android app in Google Play Store is a lot of work”. I expected it to be focusing on Google policies around Play Store that make life hard, but really the only part that even touches that is the incidental “your app will get delisted if the minSdkVersion is too old” at the end.
The actual article title omits “in Google Play Store”, and it would be good for that change to be made here too.
Agreed with the article. Some will say just do iOS/Cordova/React Native/Flutter. But these have all the same problems eventually.
Do web? You're just pushing the problem of accessing lower levels (esp. files and camera) to the browser. Browsers are not consistent. Some devices don't even update their browsers and it would break POST on a very specific version of Android.
There's a high end Samsung gallery that has a very inefficient way of displaying thumbnails. This is the default gallery. If the user has over 10000 photos or so, it freezes. People who buy this phone will often have a lot of photos. And they're rich; usually the investor. This bug doesn't show up in typical tests because QA can't afford this phone. So the fix is to avoid built in galleries, and write a custom gallery for the app that utilizes binary search or something. Major apps like FB and WhatsApp will have implemented their own in built gallery software so these device owners end up blaming the apps that don't.
> Agreed with the article. Some will say just do iOS/Cordova/React Native/Flutter. But these have all the same problems eventually.
I don't have enough experience with iOS.
React Native, Cordova [and Flutter], however, as a different problem and that's that you need someone to deal with underlying platform changes, the libraries that you rely on adds another layer of leaky abstraction between your app and the Android platform. Now, you have to wait for someone to update the underlying libraries as well, for example, https://github.com/react-native-community/discussions-and-pr...
> But these have all the same problems eventually.
I've maintainted a Flutter app and it's 10% of the maintenance of a normal Android or iOS app. The only real breaking change they had in 6 years was the switch to strict typing.
We had a bunch of sdk users who couldn't port over our Android sdk because of "Unsupported class file major version 65" so we ended up making a flutter plugin for them rather than downgrading the native Android versions. I would expect many sdk devs to not care enough to do this, especially the open source ones.
All the changes on these platforms have been done thanklessly by someone. Before this, someone was paid to do it, so they might not need the thanks. But I saw how fast Cordova unraveled after Apache announced they were dropping support.
There's the frameworks like GetX too which have slowed down recently. We've been removing them from the code and replacing them.
So, are the Flutter library maintainers so good that they are able to abstract out all the changes that are happening to Android system libraries, Google's helper libraries, and the restrictions on the underlying platform?
90% of android apps are equally painless to maintain, all they request is the INTERNET permission.
Android went from a free for all to considering that maybe we should ask the user before granting full access to all of their files without warning. In addition, the upgrade paths are well documented, and give you multiple years to migrate.
but the underlying native stuff still creates a problem. we're on an old version of Flutter without any need to upgrade but Apple has an updated Privacy Manifest requirements that forced us to update our dependencies purely only for the manifest. Workarounds are barely mentioned, although they exist.
This is the exact reason why my app is not available on the play store anymore, combined with the fact that google wants to publish my address even though I'm NOT a trader in the EU
It is indeed a lot of work. All of my apps are only available on F-Droid now, after years of playing ball with Google Play. I wrote about my experience here:
This is one area I will give Apple credit for. While their app store is a pain to navigate, their framework support and dev patterns have stayed pretty consistent since the early days of iOS. My companies iOS app today looks very similar to how it looked 9 years ago when we started it, aside from changing from objc to swift, it's still driven by core data, view controllers and storyboard views. Our android app on the other hand is kind of a Frankenstein app that started with Activities, Java, Sqlbrite, Butterknife, manual state management and Dagger, and has mostly transitioned to Fragments, Kotlin, Room, Data Binding, ViewModels and no Dagger. It's still quite a mess that we'll never have the budget to fix up properly.
I am curious, would an app, say a music player written for iOS in 2015, be usable in 2025?
For Android, I can say that it would have to be re-written ~30% or so.
The entire permission model has evolved
- iOS style runtime permissions
- permission to access local files
- permission to display notification
- special "Foreground service" to run the app in the background ...
A lot of the changes are due to dark patterns. This was nowhere near as bad as the one that broke access to files and gallery, which would break saves for old games. There was another new breaking change on notifications, which probably prevented spoofing.
I'm still in full support of these. I keep telling people that social media apps are just massive violations of privacy and can just copy your password from clipboard or trace your location through images – I've been asked to code these at one time. At least these updates keep me from thinking I'm the paranoid one.
Yep, if you look at those changes Android developers are whining about, it's mostly all curbing abusive apps, adding security and fixing privacy issues.
> Really tired of installing an app, forgetting about it,
I don't think that app can send a notification to you anyway.
An app that's never opened by the user cannot be launched programmatically and cannot run background code.
There's a difference between “never opened” and “only opened once”, and apparently the latter is sufficient to get notification spam days later. The mcdonalds app did this to me before I uninstalled it.
And to disable specific categories of notifications. Unfortunately, the divisions are often done in what I can only imagine to be bad faith, so it’s not as useful as it should be. But then, most of the ones you want to disable were added in bad faith too, so it shouldn’t be a surprise.
This fully reflects my own Android experience (https://play.google.com/store/apps/developer?id=Paul+Lutus) -- writing Android apps is by no means a write-and-forget experience. As time goes by more of my apps are dropped from the platform from my unwillingness to drop everything and rewrite code for each new Android version.
My original intent was to put my free, open-source apps on the platform, much as I had done before Android existed. But no -- Android doesn't work that way.
My best-known Android app is SSHelper (https://arachnoid.com/android/SSHelper/), a Secure Shell server meant for file transfers. Still works perfectly, dropped some time ago.
TankCalc (https://arachnoid.com/android/TankCalcAndroid/), same story. It's a well-known multi-platform app tank farm managers use to profile storage tanks. Still works, dropped from the platform.
And not just mine. Many other free, first-rate Android apps -- Termux (https://termux.dev/) comes to mind -- have been driven off the platform by Google's onerous demands and commercial focus.
It's as though a wall is going up between people who like programming and people who like money.
> Material 2 was deprecated for Material 3. No clear migration guide was provided. I tried to upgrade
Why would you do that? This is a self-inflicted wound that exactly matches the title. This isn't like another example of some important system library you need that gets removed, forcing changes
> Crucial third-party libraries have been deprecated
Since you've used them at this state for the whole of app's existence, you can continue to do so without any extra maintenance?
I mean, if you view any non-breaking changes as breaking, especially when it comes to UI, the amount of maintenance is infinite anywhere.
> Why would you do that? This is a self-inflicted wound that exactly matches the title. This isn't like another example of some important system library you need that gets removed, forcing changes
As I mentioned elsewhere in the article, each library supports a certain version of Android; your old library will not support newer versions. E.g. API 33 onwards there is an edge-to-edge display, and older UI libraries won't be able to handle it.
There's not 2 different versioning schemes, there's 3! Those clowns sometime use letters. Now you have to recite your alphabet just to know if one version is before or after.
> There's not 2 different versioning schemes, there's 3! Those clowns sometime use letters. Now you have to recite your alphabet just to know if one version is before or after.
Yeah, thankfully, the alphabet one is mostly used in marketing.
The other two show up in documentation interchangeably.
Native NDK is another can of worms, with updates linked to SDK or sometimes not, unclear documentation about device and API compatibilities, compiler behavior changes and other requirements (like the 16K one) that impact so many 3rd party native libraries.
But, of course, the rules on the uploading and the changes of the Console, that changes so often is what makes it painful.
The absolute nightmare is about giving Google the root signing key of your application, the unfinished business about app bundles (which should reduce the size of the downloaded app, and more often than not, make it bigger), the changes in compliance, letters to sign for different countries, the compatibility for Google form factors (XR, TV, Auto, Automotive), Inline installs and other Teacher Progams, Play for family and so on.
All of this changes non-stop and is very poorly documented :)
At least, the Play Store is still GPLv2 compatible, so for now, we're saved (VLC)
reply