With a lot of focus lately on how smartphone app developers are treated on Apple’s and Google’s app stores, Google has decided right now is a great time to announce more stringent app store billing rules. A new post from the official Android Developer Blog promises a crackdown on in-app billing that sounds like it’s targeted at big streaming services like Netflix and Spotify.
Google’s post really beats around the bush trying to sugar-coat this announcement, but it starts off by saying, “We’ve always required developers who distribute their apps on Play to use Google Play’s billing system if they offer in-app purchases of digital goods, and pay a service fee from a percentage of the purchase.” This rule has not been enforced, though, and a lot of big developers have just ignored Google’s billing requirements. Today, Netflix and Spotify don’t use Google’s in-app billing and instead kick new accounts out to a Web browser, where the companies can use PayPal or direct credit card processing to dodge Google’s 30-percent fees.
“We have clarified the language in our Payments Policy to be more explicit that all developers selling digital goods in their apps are required to use Google Play’s billing system,” Google continues. “For those who already have an app on Google Play that requires technical work to integrate our billing system, we do not want to unduly disrupt their roadmaps and are giving a year (until September 30, 2021) to complete any needed updates.”
That’s basically the meat of the blog post: everybody needs to use Google billing by this time next year. A look at the “Payments Policy” shows examples like “subscription services” that offer things like “music” and “video.” It also warns readers at the top that “changes are coming to this policy!” and that “any existing app that is currently using an alternative billing system will need to remove it to comply with this update.”
Google draws a clear distinction between Android and iOS by pointing out that on Android, developers have a “choice of stores” and that most Android devices ship with multiple app stores. Google mentions twice that “each store is able to decide its own business model and consumer features” with the implication being that if developers want to be on Google Play, which has 2 billion active users, they’re going to have to start following the rules or look elsewhere.
Better third-party app store support in Android 12?
One other tidbit in this post is news of an Android 12 feature: “We will be making changes in Android 12 (next year’s Android release) to make it even easier for people to use other app stores on their devices while being careful not to compromise the safety measures Android has in place. We are designing all this now and look forward to sharing more in the future!”
Currently, installing a second app store requires a few extra checkboxes, but given that stepping outside of Google’s walled garden really does expose users to more threats, the two warning messages don’t seem excessive. Google regularly publishes stats comparing the malware rate of Google Play-only devices versus devices that have installed apps from outside the Play Store. While Google Play is by no means perfect, Google is one of the few app store operators big enough to put every app through some kind of vetting process, and as a result, users have been anywhere from 5 to 10 times more likely to get malware outside the Play Store than inside it for the past two years.
The current app store install process is not that arduous. If you’re downloading something like F-Droid (an open source app store), first Chrome will give you a warning that this type of file (an APK) can harm your device, which you can click through. If you’ve never installed an app from the browser before, you’ll be forwarded to the device settings so you can flip the “allow installs from source” checkbox for Chrome. Then you can install the app store. Android requires any app that installs apps to be given the “install unknown apps” checkbox, so you’ll also need to flip this setting to allow the new app store to install apps.
This move to make third-party app stores easier to use makes a bit more sense as a response to Fortnite‘s developer, Epic, which is currently suing Google over its alternative app store policies. “Directly downloading Fortnite on an Android device can involve a dozen steps, requiring the user to change default settings and bravely click through multiple dire warnings,” Epic’s antitrust lawsuit reads. “And even if a persistent user manages to install a competing app store, Google prevents such stores from competing on equal footing with the Google Play Store by blocking them from offering basic functions, such as automatic updating of apps in the background.”
Like any lawsuit, Epic’s filing is a bit blustery. By my count, installing a third-party app store takes five taps, not “a dozen steps.” While any pre-installed app store (in the locked-down system partition) can install app updates, Epic is right that user-downloaded app stores can’t automatically update apps. Letting downloaded apps install new code in the background without user consent sounds just a little scary, but maybe Google could add a highly privileged “app store” permission for downloaded apps to make companies like Epic happy. Epic also says it doesn’t like “dire warnings” attached to these permissions either, though, and correctly informing users of how powerful an app store permission would be would require a pretty scary-sounding warning. Epic was already caught irresponsibly using these powers once, when the Fortnight Installer opened up Samsung devices to a security vulnerability.