Remote Deletion Of Paid Applications (Google Play Store)

[KleinesSinchen]

How to start this? Maybe: Please stop using Google services? As if anybody would even consider this…

Well. I just stumbled upon this article: Why is Google allowed to remove purchases from our Play Store accounts without telling us?

It is not the first time such a thing happened in the age of

“You didn’t buy […], but just a license that may be revoked due to TOS you agreed on!” (Your fault for even complaining!)​

Amazon did it 2009 with remote deletion of Nineteen Eighty-Four from Kindle devices (which is quite some irony…)

I have my doubt such TOS are valid in all cases and would stand the test when suing the big companies. Still many people seemingly worship those three letters and bring them in as explanation and justification for pretty much every impudence and invasive action imaginable. In what jurisdiction could a bought (not rented!) license be legally revoked by the marketplace that allowed selling the license (not even the rightsholder)?

Just the technical possibility to remove application remotely, no matter for whatever totally-fine-nothing-to-see-here-nothing-fishy-going-on reason (“security, safety, think of the children”) means exactly one thing: Somebody else has control over end users’ computers. Next time anybody comes around and starts defending practices such as locked bootloaders and hence prevention of custom operating systems for sake of security, I know what I will answer (and it is not safe for work)

“We would never do something evil – we promise. It is all for your best.”
If there is an interface for remote access by default… then this can be abused. Government organizations can abuse it. The vendor can abuse it. Unauthorized people (“hackers”) can abuse it. It could malfunction. Such a thing must not exist.
An operating system with unauthorized access possibilities (and yes, for me Google is unauthorized even *after* tapping on [agree] for some 100 pages of TOS) is not secure. Preinstalled unwanted and unauthorized Remote Administration Kit (RAT) or to be blunt: Malware.

When thinking of the increasing number of everyday life things which somehow “require” a smartphone, often *with* the Google rubbish to be active (or even worse Apple) this scares me. I will not give up fighting for a life without permanent surveillance and external control. When having a Google Account becomes mandatory for everyday life something is wrong.

How could it come as far as what feels like 99% of the population happily accepting all that locked down, not free machines that seem to have control over the user? Not the other way round as it should be.

 

[Ryab]

How to start this? Maybe: Please stop using Google services? As if anybody would even consider this…

Well. I just stumbled upon this article: Why is Google allowed to remove purchases from our Play Store accounts without telling us?

It is not the first time such a thing happened in the age of

“You didn’t buy […], but just a license that may be revoked due to TOS you agreed on!” (Your fault for even complaining!)​

Amazon did it 2009 with remote deletion of Nineteen Eighty-Four from Kindle devices (which is quite some irony…)

I have my doubt such TOS are valid in all cases and would stand the test when suing the big companies. Still many people seemingly worship those three letters and bring them in as explanation and justification for pretty much every impudence and invasive action imaginable. In what jurisdiction could a bought (not rented!) license be legally revoked by the marketplace that allowed selling the license (not even the rightsholder)?

Just the technical possibility to remove application remotely, no matter for whatever totally-fine-nothing-to-see-here-nothing-fishy-going-on reason (“security, safety, think of the children”) means exactly one thing: Somebody else has control over end users’ computers. Next time anybody comes around and starts defending practices such as locked bootloaders and hence prevention of custom operating systems for sake of security, I know what I will answer (and it is not safe for work)

“We would never do something evil – we promise. It is all for your best.”
If there is an interface for remote access by default… then this can be abused. Government organizations can abuse it. The vendor can abuse it. Unauthorized people (“hackers”) can abuse it. It could malfunction. Such a thing must not exist.
An operating system with unauthorized access possibilities (and yes, for me Google is unauthorized even *after* tapping on [agree] for some 100 pages of TOS) is not secure. Preinstalled unwanted and unauthorized Remote Administration Kit (RAT) or to be blunt: Malware.

When thinking of the increasing number of everyday life things which somehow “require” a smartphone, often *with* the Google rubbish to be active (or even worse Apple) this scares me. I will not give up fighting for a life without permanent surveillance and external control. When having a Google Account becomes mandatory for everyday life something is wrong.

How could it come as far as what feels like 99% of the population happily accepting all that locked down, not free machines that seem to have control over the user? Not the other way round as it should be.

It is worth noting that an overwhelming majority of digital storefronts have a section in their TOS that states that they are allowed to remove any purchases from people's libraries.

 

[KleinesSinchen]

It is worth noting that an overwhelming majority of digital storefronts have a section in their TOS that states that they are allowed to remove any purchases from people's libraries.

I really don't know what to make of this reply.
Let's say I already covered the "TOS" pseudo-argument multiple times above and even put it in between two animated figures to counter the "tl;dr"-trap one runs into when writing a bit more text.

Further we have to differentiate between removal from the library – "no re-download" – and remote access to a private computer – "deletion of installed software and personal data".

In both cases I would call the practice illegal – same for the the complicated juristic gobbledygook ("TOS") to justify malicious practices und whatever false pretense. My personal opinion – I'm not a lawyer – is that this kind of deletion is a criminal act (computer sabotage) and cannot be "healed" by hiding the trojan horse functionality behind a tap on "agree" years ago.

 

[Kwyjor]

Well. I just stumbled upon this article: Why is Google allowed to remove purchases from our Play Store accounts without telling us?

This is somewhat unclear. Aren't people still entirely capable of downloading the .apk from wherever and installing it on their phones if they want it?

 

[Alexander1970]

Good Day,Ladies and Gentleman.

This is somewhat unclear. Aren't people still entirely capable of downloading the .apk from wherever and installing it on their phones if they want it?

From personal Experience - Not really - Not for all Apps/Games etc.
Apple & Google Play/Store tooked the "Overhand" in the Meantime for many,many,many Apps & Games...
If you want an App from an Softwaredeveloper or an Company,you will usually be redirected/referred to the Apple Store or Google Store.

@KleinesSinchen

Why is Google allowed to remove purchases from our Play Store accounts without telling us?

Honestly,other Companies like UBI Soft make it also this Way....sometimes.
That´s why I no longer support/buy Games from them.

 

[KleinesSinchen]

This is somewhat unclear. Aren't people still entirely capable of downloading the .apk from wherever and installing it on their phones if they want it?

I'm not really knowledgeable regarding the Android ecosystem.
Play Store paid content must be tied to some kind of token or DRM. Somehow an app must know you paid for "Premium" or "Pro" – and usually this is done through the Play Store with the Google tax (?? 30% ??).

Nobody is stopping you as developer from distributing non-DRM apk files and selling them (like gog.com sells DRM free games) or implementing your own DRM+in-app purchases. But if an app is tied to Play Store for payment the only option after such removal is probably Arrrr! downloading some pirated, cracked (not trustworthy) version.

Then there is Play Protect – to scan all apps, also sideloaded ones – "for threats". As I understand it Google technically has the possibility to remove any app from Google infected phones. Might be wrong. It is just how I understand this. "We swear we don't do anything evil. It is just for your own good. We protect you." (I wanted some stupid green shield icon with a check mark inside like stupid security software shows them when "everything is alright")

Honestly,other Companies like UBI Soft make it also this Way....sometimes.
That´s why I no longer support/buy Games from them.

I stopped buying DRM infected stuff long ago. Saves money. Saves nerves. And simply don't click on "agree" for shady TOS. The only language they understand is money. So don't give them any. (And for Google data is money).

 

[InsaneNutter]

I do totally agree with you. LineageOS and GrapheneOS with its Sandboxed Google Play are certainly the way to go. Clearly that does not solve the issue of actually owning anything you buy, however it goes a long with to counter the invasive control cooperation's have over your device, which is one of the points you make.

The problem with either of the above options are Google Play Integrity - aka if your bootloader is unlocked so you can run a custom rom you will fail to pass Play Integrity, meaning you can't use any apps that rely on these services. Such a banking apps, games like Pokemon Go, or even the McDonalds app of all things (not that I care about that one, just to show how random implementations of Play Integrity are).

It is possible to trick this at the moment by spoofing a fingerprint of a different device, are they are many devices that do not support hardware backed assertion in the wild. Eventually this will come to end an, so it will no longer be possible to use certain apps unless you have a totally unmodified, locked down device.

I do think that's sad as my Android device last got an official update 3 and a half years ago and was abandoned on Android 10. However thanks to LineageOS I'm on Android 13 with the January 2024 security patches. Yet according to Google my device is considered "less secure" than it would be if its 3 and a half years behind on updates...

 

[tech3475]

I do totally agree with you. LineageOS and GrapheneOS with its Sandboxed Google Play are certainly the way to go. Clearly that does not solve the issue of actually owning anything you buy, however it goes a long with to counter the invasive control cooperation's have over your device, which is one of the points you make.

The problem with either of the above options are Google Play Integrity - aka if your bootloader is unlocked so you can run a custom rom you will fail to pass Play Integrity, meaning you can't use any apps that rely on these services. Such a banking apps, games like Pokemon Go, or even the McDonalds app of all things (not that I care about that one, just to show how random implementations of Play Integrity are).

It is possible to trick this at the moment by spoofing a fingerprint of a different device, are they are many devices that do not support hardware backed assertion in the wild. Eventually this will come to end an, so it will no longer be possible to use certain apps unless you have a totally unmodified, locked down device.

I do think that's sad as my Android device last got an official update 3 and a half years ago and was abandoned on Android 10. However thanks to LineageOS I'm on Android 13 with the January 2024 security patches. Yet according to Google my device is considered "less secure" than it would be if its 3 and a half years behind on updates...

One thing to note, if you're planning from the get go to rely on custom roms, buy a device/brand which is getting decent/official support from groups like LineageOS.

Back when I was using some Nook tablet with Cyanogenmod dailys it was a PITA, requiring constant reboots (IIRC the stables were fairly old by this point).

Other devices I own where someone independently is porting ROMs also end up hit or miss e.g. features not working, etc.

 

[InsaneNutter]

One thing to note, if you're planning from the get go to rely on custom roms, buy a device/brand which is getting decent/official support from groups like LineageOS.

Back when I was using some Nook tablet with Cyanogenmod dailys it was a PITA, requiring constant reboots (IIRC the stables were fairly old by this point).

Other devices I own where someone independently is porting ROMs also end up hit or miss e.g. features not working, etc.

Good point, I purchased my OnePlus 5T back in the day with support in mind.

Having used roms since the CyanogenMod days back in 2010 that could used to be the case. These days I do feel that if a device is (officially) supported by LineageOS then everything does actually work in my experience. Unofficial roms might not, however with banking apps and such these days i'd generally only trust official LineageOS builds. I wouldn't go flashing random roms anymore.

 

[Ryab]

I really don't know what to make of this reply.
Let's say I already covered the "TOS" pseudo-argument multiple times above and even put it in between two animated figures to counter the "tl;dr"-trap one runs into when writing a bit more text.

Further we have to differentiate between removal from the library – "no re-download" – and remote access to a private computer – "deletion of installed software and personal data".

In both cases I would call the practice illegal – same for the the complicated juristic gobbledygook ("TOS") to justify malicious practices und whatever false pretense. My personal opinion – I'm not a lawyer – is that this kind of deletion is a criminal act (computer sabotage) and cannot be "healed" by hiding the trojan horse functionality behind a tap on "agree" years ago.

I never once said I supported this practice. I simply said that this is something that we end of agreeing to in the TOS meaning we have basically already accepted it.

 

[KleinesSinchen]

The problem with either of the above options are Google Play Integrity - aka if your bootloader is unlocked so you can run a custom rom you will fail to pass Play Integrity, meaning you can't use any apps that rely on these services. Such a banking apps, games like Pokemon Go, or even the McDonalds app of all things (not that I care about that one, just to show how random implementations of Play Integrity are).

Banks relying on Play Integrity is a scandal! Especially looking at Google's behavior.
As a European (EU) citizen I even call this as illegal: Looking at USA laws they conflict with EU laws because of the (non-existent) privacy protection and the power of the various three-letter-organizations. Repeatedly those agreements between EU and USA regarding data processing have been found null and void and irreconcilable with privacy protection level by the European Court of Justice. (Then the same thing gets a new name and the game of suing against this begins again…)

A bank demanding from the customer to agree on the TOS of Google, including Google's right to gather virtually arbitrary data from the phone should not be possible. We are reaching a point here where it is not easy anymore to say "You tapped on agree, so just suck it." At the moment banks offer alternatives (using a PC and dedicated TAN generators) or in some cases offline banking with real human staff. For the case that is not possible at some point in the future, this would essentially mean end users were forced to make a contract either with Apple or with Google to live normally.

I don't care if Nintendo includes 1746 DRM systems in their app and McDonalds can do whatever they want – they also sell food without any app and it is cheaper to cook by yourself anyway. What @Alexander1970 mentioned with Ubisoft is also not the biggest problem. We have a real choice here. Read: If your app refuses to work because of root, your app gets deleted (and I will neither provide a "secure" locked phone nor try to play a cat+mouse game with Play Integrity Fix, Magisk Hide, Zygisk, Deny List…).
Not participating on the financial system, with cash getting more and more removed, is way harder.

do think that's sad as my Android device last got an official update 3 and a half years ago and was abandoned on Android 10. However thanks to LineageOS I'm on Android 13 with the January 2024 security patches. Yet according to Google my device is considered "less secure" than it would be if its 3 and a half years behind on updates...

Somebody has to teach them that a locked phone attests one thing: Unmodified in condition like manufacturer intended. It does not attest this state is good, free of security holes and free of malware (stock ROMs have had malware and sometimes locked bootloaders can be tricked into loading arbitrary code anyway).
Yes, an official LineageOS on latest patchlevel without Google apps is a lot more trustworthy as a locked, outdated garbage OS with a ton of background services monitoring literally every step you make)

 

[Ryab]

Banks relying on Play Integrity is a scandal! Especially looking at Google's behavior.
As a European (EU) citizen I even call this as illegal: Looking at USA laws they conflict with EU laws because of the (non-existent) privacy protection and the power of the various three-letter-organizations. Repeatedly those agreements between EU and USA regarding data processing have been found null and void and irreconcilable with privacy protection level by the European Court of Justice. (Then the same thing gets a new name and the game of suing against this begins again…)

A bank demanding from the customer to agree on the TOS of Google, including Google's right to gather virtually arbitrary data from the phone should not be possible. We are reaching a point here where it is not easy anymore to say "You tapped on agree, so just suck it." At the moment banks offer alternatives (using a PC and dedicated TAN generators) or in some cases offline banking with real human staff. For the case that is not possible at some point in the future, this would essentially mean end users were forced to make a contract either with Apple or with Google to live normally.

I don't care if Nintendo includes 1746 DRM systems in their app and McDonalds can do whatever they want – they also sell food without any app and it is cheaper to cook by yourself anyway. What @Alexander1970 mentioned with Ubisoft is also not the biggest problem. We have a real choice here. Read: If your app refuses to work because of root, your app gets deleted (and I will neither provide a "secure" locked phone nor try to play a cat+mouse game with Play Integrity Fix, Magisk Hide, Zygisk, Deny List…).
Not participating on the financial system, with cash getting more and more removed, is way harder.


Somebody has to teach them that a locked phone attests one thing: Unmodified in condition like manufacturer intended. It does not attest this state is good, free of security holes and free of malware (stock ROMs have had malware and sometimes locked bootloaders can be tricked into loading arbitrary code anyway).
Yes, an official LineageOS on latest patchlevel without Google apps is a lot more trustworthy as a locked, outdated garbage OS with a ton of background services monitoring literally every step you make)

You are definitely talking like a FOSS advocate here. Which I approve but I don't think this will get us anywhere.

 

[KleinesSinchen]

You are definitely talking like a FOSS advocate here. Which I approve but I don't think this will get us anywhere.

My only goal was to share Google's behavior and make people think and maybe change something for themselves. If one single random person on the internet does so this is a full success.

The discussion and the comments here were pretty productive. Saying: "It won't change anyway – moot even trying." is the most stupid approach.

I really don't get what you are trying to tell me. I'm not an "advocate" for anything but a person with a strong opinion. I've also no idea "where it should take us". Note to self: Refrain from posting such threads.

 

[Ryab]

My only goal was to share Google's behavior and make people think and maybe change something for themselves. If one single random person on the internet does so this is a full success.

The discussion and the comments here were pretty productive. Saying: "It won't change anyway – moot even trying." is the most stupid approach.

I really don't get what you are trying to tell me. I'm not an "advocate" for anything but a person with a strong opinion. I've also no idea "where it should take us". Note to self: Refrain from posting such threads.

I mean we know not much will change without straight up required regulation by law. If you want to avoid these kind of practices just avoid any services provided by them.

 

[KleinesSinchen]

If you want to avoid these kind of practices just avoid any services provided by them.

Now I understand. I've been somewhat slow on the uptake.

Done. Never had an account on Google, Apple, Facebook, Twitter…

 

[Flaming_Autist]

big tech has turned into a pseudo fed government. one thing we dont need more of

 

[Alexander1970]

Done. Never had an account on Google, Apple, Facebook, Twitter…

Unfortunately......a very big Part of today´s Society live their Lives in the complete other (wrong ?) Direction and/or Way (Accounts tied together among themselves/with each other/for each other etc.)....and they seem to be happy and very satisfied with that Life...

And if they didn't die, then they are still alive today (or: And they lived happily ever after).
End of today´s Fairy Tale.

 

[XRTerra]

Doesn't every company that's selling digital products have the (unfortunate) right to do this? This isn't a google exclusive thing. Sony recently did last year for playstation videos iirc.

 

[KleinesSinchen]

Doesn't every company that's selling digital products have the (unfortunate) right to do this?

Let me think about this… Does some seller have the right to take away from me what they sold?
Using remote administration to delete things from my computers without asking for permission?

Whatever drugs these lawyers are on when coming up with their juristic nonsense for digital stores, they should share those. Seems to be good stuff to escape reality and turn things upside down.

This isn't a google exclusive thing. Sony recently did last year for playstation videos iirc.

It is not the first, second or third time such a thing happened. Who remembers Microsoft Zune Marketplace? You can't restore music bought with this ill-fated service…
Problem seems to be that people have accepted this as "normal", "justified" or "can't be changed" and just continue to supporting such companies.
=====


One can start feeling like Don Quixote fighting windmills. As if it was wrong to criticize the obvious wrongdoing. "They are all doing this."

Unfortunately......a very big Part of today´s Society live their Lives in the complete other (wrong ?) Direction and/or Way (Accounts tied together among themselves/with each other/for each other etc.)....and they seem to be happy and very satisfied with that Life...

And if they didn't die, then they are still alive today (or: And they lived happily ever after).
End of today´s Fairy Tale.

Happily ever after? When it hits them later, they will rather ask how it was possible to come this far… and why nobody uttered any warning (after ignoring all the warnings by stupid tinfoil hat wearers).

 

[Ryab]

Let me think about this… Does some seller have the right to take away from me what they sold?
Using remote administration to delete things from my computers without asking for permission?

Whatever drugs these lawyers are on when coming up with their juristic nonsense for digital stores, they should share those. Seems to be good stuff to escape reality and turn things upside down.

Oh I think it's a terrible practice but it is something that we the user agreed to when we accept their TOS.