This move feels inevitable. I expect we'll come to see an all-time high in "vibe-coded" apps and services/products built with surface-level understanding by creators and used by people with even less technical awareness.
Most developers in this new wave don't fully grasp the systems they're building, and end-users operate in total opacity. I have personally used AI to generate code scaffolds, and spend hours debugging edge cases, printing GitHub issues, and feeding API docs back into the system to stair it right enough times that I end up understanding a lot more what it is I plan on implementing as I reach a solid implementation. The average user wouldn't even know where to start with that.
Google's policy isn't an overreach; more like a reaction to the coming tsunami of superficially functional but fundamentally fragile tools. This is just the first domino. Expect more platform-level interventions as poorly understood tech stacks meet real-world consequences.
The era of "move fast and break things" is colliding with domains where broken things ruin lives. I wouldn't want any family members/close friends getting to swallow the latter pill.
The Tea app was a perfect example of this. Vibe coded and released to the public, it shot up to the #1 spot that week in the app store.
All without the slightest bit of data security. If you had the right URL you could download the entire user database, since the LLM they used to create it didn't think data security was important.
>The era of "move fast and break things" is colliding with domains where broken things ruin lives
I sure wish we could tell that to the AI industry that pushed such changes to begin with. This is a good control factor, but the true perpertrators are at large.
As a general point, there's a lot more banking entities than we as customer come into contact with.
The bar isn't as high people image, and even for a middle-sized company getting a banking license is mostly a matter of investment and how serious they are about maintaining that activity in the long term. Any of the GAFAM already have or could have a operating internal banking arm if they wish it into existence.
This is yet more corporate/government overreach on devices that you're supposed to own.
Trying to prevent software from being available/installed that isn't even in the "legitimate harm" list. That's insane.
I could rant a lot about where we're in a really horrible you don't own your phone and other people believe they own it world, but that would be going off topic here. (I.e. business you go to the store is trying to force and pressure you to install apps.. i.e. sams club, or tours/businesses pushing you excessively to use whatsapp, etc )
As far as I can tell, this is purely a Google thing, not a government thing. The cited laws apply to money services, so something like a custodial wallet would count, but a vendor that just makes a local crypto wallet and never touches your money doesn't fall into that. Google has simply decided to ban more than necessary "just in case".
The status quo most software devs believe about software is: I can do whatever I want
In reality, software isn't like this anymore. You, as a dev, gotta comply with various regulations and local laws if you intend to distribute software. Sure, most software in the app stores is still unregulated, but think of medical software (HIPAA or FDA in the US, MDR in the EU) or all software dealing with personal data (GDPR in EU), gambling (most countries), AI stuff (AI Act in EU), copyright (most countries) etc.
This is simply Alphabet (the company) having to comply with new regulation. In some way, this sucks for users and for devs, in other ways, it helps to protect users of (shitty) software.
And if you think about it, software seems to be the only thing you can sell without thinking for one second about regulations most of the time. It's kinda odd.
What's the possible harm? Malicious wallet app stealing users crypto coins for example.
Merely writing software doesn't make you a HIPAA covered entity. If you sell software to a covered entity then they're responsible for their own compliance. But if you sell SaaS that handles protected data then you'll have to sign a Business Associate Agreement and take the required compliance steps yourself.
Often the most expedient way to comply with regulation is with a heavy hand. It is easier to accurately group apps by cryptocurrency/non-cryptocurrency than by custodial/non-custodial. And pissing off a couple of crypto enthusiasts is better for their business than pissing off regulators. So this is the best side of the line for them to err on.
Maybe it's time to start a phone that people can own, which inside will have a phone they they do not own but it's compliant with banking, govt, and other regulations
I could use a bunch of nice metal and plastic cards to pay things in stores if I owned a Librem 5. A small price to pay for freedom that seem each day a bit more enticing.
You can use alternate stores to get your desired Android apps. There is F-Droid, Amazon Appstore for Android, Huawei AppGallery, Samsung Galaxy Store, Aptoide, Uptodown, APKMirror, APKPure, Xiaomi GetApps, OPPO App Market, AppBrain App Market, 9Apps, and probably others I forgot.
This looks like a bill releasing providers from any liability if they fuck up and lose all my money via engineering incompetence. Which they probably will, because history has repeatedly shown that crypto is total amateur hour.
No thanks. I'll be calling my rep to urge them to vote against this.
The point of non-custodial wallets is that the developer does not have your private keys, so they don't control your funds. While it's possible for the software to have bugs, remember that almost all software is already provided AS IS WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, and that in no event with the authors be liable for any damages arising out of or related to its use.
While that's true, even non-custodial wallet providers get a commission from swap providers, some of which steal money altogether. As per Reddit, an example of such a scamming swapper is Exolix. This makes it a responsibility of the wallet to not collude with scammers.
You're eliding the difference between software and a provider of financial services. My bank is absolutely liable if they fuck up and lose my money, and crypto entities should be as well.
Yes, but a non-custodial wallet isn't anything resembling a bank. What you're arguing is basically that a (traditional) wallet manufacturer should be liable if you misplace your wallet and have all your cash stolen.
> a (traditional) wallet manufacturer should be liable if
- the wallet spontaneously burns and the money ends in ashes
- the wallet cannot be ever opened again and the cash within it sealed out of reach
- the bills are tainted by poisonous substance sipping from the internal lining making them hazardeous to use
That's kind of an interesting exercice, I think we can all come up with a few dozens of cases where a traditional wallet manufacturer would be liable because of technical or regulation issues.
That's only because you losing a physical wallet is your own negligence and not the negligence of the manufacturer. Not because there is no possible way that a digital wallet manufacturer couldn't lose your money due to their own negligence (or even malice).
>releasing providers from any liability if they fuck up and lose all my money via engineering incompetence
If someone fucks up and downloads some shady wallet app that steals their coins, they're the one at fault. How about trying to take some personal responsibility, instead of trying to get the full force of government to stop other people keeping custody of their own coins, just to protect yourself from potentially making a bad decision and installing a dodgy app? Edited to remove a personal attack
This sounds a bit like arguing that doctors shouldn't be liable for harming a patient. If you make a shady app you should be held responsible for losing your customers' money.
Edit:
I use grapheneos and I don't agree with google gate-keeping what people put on their phone. I just thinks crypto companies, like any company, should be held accountable for their actions.
>This sounds a bit like arguing that doctors shouldn't be liable for harming a patient. If you make a shady app you should be held responsible for losing your customers' money.
That's not what the issue is; the issue is that Play Store would ban _any_ app allowing coin self-custody, even if the app isn't any way shady.
I'm not responding to the article I'm responding to this in the parent comment
> If someone fucks up and downloads some shady wallet app that steals their coins, they're the one at fault.
I don't agree with what google is doing. I think we should be able to download whatever we want on our phones. I think it's not a good take that the customer instead of the company, is the one that should be held responsible if a company fucks up.
Fraud and theft is illegal basically everywhere, and the people who commit those crimes are at fault for them. Stealing money is the fault of the person who steals the money.
Please don’t make such personal attacks, it doesn’t add to the conversation.
If you want to have a wallet app that is not backed by a company with a banking license, then could you not side load it?
We have basic minimum standards in our food safety, why not have them in our financial services?
You, as an expert in the field still can download any application you wish, but others that may not be an expert, are given some protection from potentially AI Slop apps that they wouldn’t understand are dangerous.
>If you want to have a wallet app that is not backed by a company with a banking license, then could you not side load it?
If you haven't noticed, there's a concerted push to make side-loading harder and harder. Sure it's an option for now, but it's quite possible we're only a few years away from Google going the Apple route and the vast majority of mobile devices not supporting installing unapproved software.
It's kind of like when you fuck up and hire the wrong plumber and he tells his burglar friend about your huge TV and they break in to steal it a week later. That's your own fault, stop trying to get the government involved! Sheesh, I just don't understand why simple libertarian principles like this get people confused.
>It's kind of like when you fuck up and hire the wrong plumber and he tells his burglar friend about your huge TV and they break in to steal it a week later. That's your own fault, stop trying to get the government involved! Sheesh, I just don't understand why simple libertarian principles like this get people confused.
That's a great example because the venue where the plumber posted his advertisement would not be liable for the plumber's actions.
Are you implying that any app that allows personal custody of cryptocurrency is a scam? Because that's not a reasonable assumption to make; the possibility of self-custody is one of the main arguments made for cryptocurrency.
Just because the keys reside on someone else's device, that doesn't mean you aren't responsible for their money when you control the code that is running.
I would say the same that the developers of Signal as they own and update the code so they have a lot of responsibility to not to leak or steal everyone's private messages. It's in Google's interest to have a healthy platform that people trust. They don't want people to associate Android with having your private messages leaked.
I still don't see why it would be Google's fault if there was a vulnerability in an app. Would you also say it is their fault if I enter my personal information into a vulnerable site on Google Chrome?
It doesn't have to be their fault to be their problem. Google does take steps to protect Google Chrome users from being phished, because this causes problems for them.
This move feels inevitable. I expect we'll come to see an all-time high in "vibe-coded" apps and services/products built with surface-level understanding by creators and used by people with even less technical awareness.
Most developers in this new wave don't fully grasp the systems they're building, and end-users operate in total opacity. I have personally used AI to generate code scaffolds, and spend hours debugging edge cases, printing GitHub issues, and feeding API docs back into the system to stair it right enough times that I end up understanding a lot more what it is I plan on implementing as I reach a solid implementation. The average user wouldn't even know where to start with that.
Google's policy isn't an overreach; more like a reaction to the coming tsunami of superficially functional but fundamentally fragile tools. This is just the first domino. Expect more platform-level interventions as poorly understood tech stacks meet real-world consequences.
The era of "move fast and break things" is colliding with domains where broken things ruin lives. I wouldn't want any family members/close friends getting to swallow the latter pill.
│
└── Dey well; Be well
The Tea app was a perfect example of this. Vibe coded and released to the public, it shot up to the #1 spot that week in the app store.
All without the slightest bit of data security. If you had the right URL you could download the entire user database, since the LLM they used to create it didn't think data security was important.
>The era of "move fast and break things" is colliding with domains where broken things ruin lives
I sure wish we could tell that to the AI industry that pushed such changes to begin with. This is a good control factor, but the true perpertrators are at large.
What exactly would you tell them? That they can't make hammers because someone could use them to commit a crime?
The tools are there. It's up to us to deal with them.
> This move feels inevitable
Does Google has a banking licence ? I've never heard of "Google bank". What is so special about Google Pay ?
> I've never heard of "Google bank"
As a general point, there's a lot more banking entities than we as customer come into contact with.
The bar isn't as high people image, and even for a middle-sized company getting a banking license is mostly a matter of investment and how serious they are about maintaining that activity in the long term. Any of the GAFAM already have or could have a operating internal banking arm if they wish it into existence.
Yes, here’s the list of per-state licenses of Google Payments, in the United States: https://support.google.com/googlepay/answer/7160765?hl=en
Adults must be protected from themselves at all costs!
This is yet more corporate/government overreach on devices that you're supposed to own.
Trying to prevent software from being available/installed that isn't even in the "legitimate harm" list. That's insane.
I could rant a lot about where we're in a really horrible you don't own your phone and other people believe they own it world, but that would be going off topic here. (I.e. business you go to the store is trying to force and pressure you to install apps.. i.e. sams club, or tours/businesses pushing you excessively to use whatsapp, etc )
No, this is Google choosing what to carry inside of the store that they own. Google Play is and always has always been curated.
And you can still install these apps through alternative methods. I'd trust a wallet I downloaded from f-droid more than from google play anyway.
OK, so this shows that Google's curation sucks and is anti-user, and nobody should be using Google's store. Happy?
It sucks for hundreds or maybe thousands of users and is great for millions or maybe billions of users.
FDroid users have been saying this for years, so they are probably estatic now.
Hasn't hit much of their market share, though.
As far as I can tell, this is purely a Google thing, not a government thing. The cited laws apply to money services, so something like a custodial wallet would count, but a vendor that just makes a local crypto wallet and never touches your money doesn't fall into that. Google has simply decided to ban more than necessary "just in case".
The status quo most software devs believe about software is: I can do whatever I want
In reality, software isn't like this anymore. You, as a dev, gotta comply with various regulations and local laws if you intend to distribute software. Sure, most software in the app stores is still unregulated, but think of medical software (HIPAA or FDA in the US, MDR in the EU) or all software dealing with personal data (GDPR in EU), gambling (most countries), AI stuff (AI Act in EU), copyright (most countries) etc.
This is simply Alphabet (the company) having to comply with new regulation. In some way, this sucks for users and for devs, in other ways, it helps to protect users of (shitty) software.
And if you think about it, software seems to be the only thing you can sell without thinking for one second about regulations most of the time. It's kinda odd.
What's the possible harm? Malicious wallet app stealing users crypto coins for example.
Merely writing software doesn't make you a HIPAA covered entity. If you sell software to a covered entity then they're responsible for their own compliance. But if you sell SaaS that handles protected data then you'll have to sign a Business Associate Agreement and take the required compliance steps yourself.
[flagged]
Often the most expedient way to comply with regulation is with a heavy hand. It is easier to accurately group apps by cryptocurrency/non-cryptocurrency than by custodial/non-custodial. And pissing off a couple of crypto enthusiasts is better for their business than pissing off regulators. So this is the best side of the line for them to err on.
So did you have any more irrelevant things to say?
That was uncalled for, and your point could have been made without it.
Maybe it's time to start a phone that people can own, which inside will have a phone they they do not own but it's compliant with banking, govt, and other regulations
It exists. Sent from my Librem 5.
You can use the Librem 5 to pay for things in stores? Since when?
I could use a bunch of nice metal and plastic cards to pay things in stores if I owned a Librem 5. A small price to pay for freedom that seem each day a bit more enticing.
You can use alternate stores to get your desired Android apps. There is F-Droid, Amazon Appstore for Android, Huawei AppGallery, Samsung Galaxy Store, Aptoide, Uptodown, APKMirror, APKPure, Xiaomi GetApps, OPPO App Market, AppBrain App Market, 9Apps, and probably others I forgot.
You can't. Some apps are explicitly linked to the play services. This is an issue with 3rd party roms and you see this issue on graphine os installs.
>Some apps are explicitly linked to the play services.
But that's the developers problem. Literally what even is the point of a non-custodial crypto wallet that depends on Google's services?
The point is to get ad revenue, of course.
You'll be much happier if you just pretend smartphones don't exist and don't own one.
Issue there is with e.g. 3DS for banking, tesco clubcard (read: extortion), TOTP
Ticketmaster with "ticketless entry" being forced. (No printouts/paper tickets)
Stop going to events. Full stop.
They’re willing to lose the tiny number of customers who choose this.
Why would you do that if GNU/Linux smartphones exist? Sent from my Librem 5.
Because I hate it when my phone auto-appends the name of my device onto the ends of my messages
Not all devices do that. -Sent from my wevibe
Related proposed legislation that would explicitly shield app stores (and wallet developers) from any liability related to such wallets: https://saveourwallets.org/ https://www.congress.gov/bill/119th-congress/house-bill/3633...
This looks like a bill releasing providers from any liability if they fuck up and lose all my money via engineering incompetence. Which they probably will, because history has repeatedly shown that crypto is total amateur hour.
No thanks. I'll be calling my rep to urge them to vote against this.
The point of non-custodial wallets is that the developer does not have your private keys, so they don't control your funds. While it's possible for the software to have bugs, remember that almost all software is already provided AS IS WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, and that in no event with the authors be liable for any damages arising out of or related to its use.
Warranty disclaimers can only disclaim warranty as far as the law otherwise allows.
While that's true, even non-custodial wallet providers get a commission from swap providers, some of which steal money altogether. As per Reddit, an example of such a scamming swapper is Exolix. This makes it a responsibility of the wallet to not collude with scammers.
You're eliding the difference between software and a provider of financial services. My bank is absolutely liable if they fuck up and lose my money, and crypto entities should be as well.
Yes, but a non-custodial wallet isn't anything resembling a bank. What you're arguing is basically that a (traditional) wallet manufacturer should be liable if you misplace your wallet and have all your cash stolen.
> a (traditional) wallet manufacturer should be liable if
- the wallet spontaneously burns and the money ends in ashes
- the wallet cannot be ever opened again and the cash within it sealed out of reach
- the bills are tainted by poisonous substance sipping from the internal lining making them hazardeous to use
That's kind of an interesting exercice, I think we can all come up with a few dozens of cases where a traditional wallet manufacturer would be liable because of technical or regulation issues.
That's only because you losing a physical wallet is your own negligence and not the negligence of the manufacturer. Not because there is no possible way that a digital wallet manufacturer couldn't lose your money due to their own negligence (or even malice).
>releasing providers from any liability if they fuck up and lose all my money via engineering incompetence
If someone fucks up and downloads some shady wallet app that steals their coins, they're the one at fault. How about trying to take some personal responsibility, instead of trying to get the full force of government to stop other people keeping custody of their own coins, just to protect yourself from potentially making a bad decision and installing a dodgy app? Edited to remove a personal attack
This sounds a bit like arguing that doctors shouldn't be liable for harming a patient. If you make a shady app you should be held responsible for losing your customers' money.
Edit: I use grapheneos and I don't agree with google gate-keeping what people put on their phone. I just thinks crypto companies, like any company, should be held accountable for their actions.
>This sounds a bit like arguing that doctors shouldn't be liable for harming a patient. If you make a shady app you should be held responsible for losing your customers' money.
That's not what the issue is; the issue is that Play Store would ban _any_ app allowing coin self-custody, even if the app isn't any way shady.
I'm not responding to the article I'm responding to this in the parent comment
> If someone fucks up and downloads some shady wallet app that steals their coins, they're the one at fault.
I don't agree with what google is doing. I think we should be able to download whatever we want on our phones. I think it's not a good take that the customer instead of the company, is the one that should be held responsible if a company fucks up.
How do you reconcile these two choices?
* we should be able to download whatever we want on our phones
* not a good take that the customer [...] is one that should be held responsible
Fraud and theft is illegal basically everywhere, and the people who commit those crimes are at fault for them. Stealing money is the fault of the person who steals the money.
Please don’t make such personal attacks, it doesn’t add to the conversation.
If you want to have a wallet app that is not backed by a company with a banking license, then could you not side load it?
We have basic minimum standards in our food safety, why not have them in our financial services?
You, as an expert in the field still can download any application you wish, but others that may not be an expert, are given some protection from potentially AI Slop apps that they wouldn’t understand are dangerous.
>If you want to have a wallet app that is not backed by a company with a banking license, then could you not side load it?
If you haven't noticed, there's a concerted push to make side-loading harder and harder. Sure it's an option for now, but it's quite possible we're only a few years away from Google going the Apple route and the vast majority of mobile devices not supporting installing unapproved software.
It's kind of like when you fuck up and hire the wrong plumber and he tells his burglar friend about your huge TV and they break in to steal it a week later. That's your own fault, stop trying to get the government involved! Sheesh, I just don't understand why simple libertarian principles like this get people confused.
>It's kind of like when you fuck up and hire the wrong plumber and he tells his burglar friend about your huge TV and they break in to steal it a week later. That's your own fault, stop trying to get the government involved! Sheesh, I just don't understand why simple libertarian principles like this get people confused.
That's a great example because the venue where the plumber posted his advertisement would not be liable for the plumber's actions.
Not even if they knew, or should reasonably have known, that the plumber was doing this?
Are you implying that any app that allows personal custody of cryptocurrency is a scam? Because that's not a reasonable assumption to make; the possibility of self-custody is one of the main arguments made for cryptocurrency.
[dead]
Google backs off after the noise
https://x.com/newsfromgoogle/status/1955741506440192463?s=52...
Whatd be nice is to have litrally any other option besides google pay, as they refuse to run on Graphene
NFC works, so until EC processes GOS complaint you can try payment apps, eg Curve, PayPal in Germany, Santander allegedly works too.
My workaround is Garmin Pay on my wrist. Works fully offline and I have it always handy.
There's Curve Pay.
https://www.curve.com/
[Edit: Sorry, I misread Google Pay as Google Play.]
Non sequitur, why would you even post that comment?
Google Pay doesn't hold/process crypto, crypto wallets don't allow paying with payment terminals (nfc pay, tap to pay, etc).
In Europe and US
Will there be some Orewellian tipping point when people begin to revert to barter in order to enjoy a bit of, you know, liberty?
Just because the keys reside on someone else's device, that doesn't mean you aren't responsible for their money when you control the code that is running.
Would you say the same for the encryption keys held within the Signal app? Why would Google be responsible for what people do on their own phones?
I would say the same that the developers of Signal as they own and update the code so they have a lot of responsibility to not to leak or steal everyone's private messages. It's in Google's interest to have a healthy platform that people trust. They don't want people to associate Android with having your private messages leaked.
I still don't see why it would be Google's fault if there was a vulnerability in an app. Would you also say it is their fault if I enter my personal information into a vulnerable site on Google Chrome?
It doesn't have to be their fault to be their problem. Google does take steps to protect Google Chrome users from being phished, because this causes problems for them.
Venmo doesn’t have a banking license afaik. Do they ban that? Do we start using the Starbucks app as a wallet?
Venmo uses PayPal's MSB/MTLs, per https://venmo.com/
> Venmo is a service of PayPal, Inc., a licensed provider of money transfer services (NMLS ID: 910457). All money transmission is provided by PayPal, Inc. pursuant to PayPal, Inc.’s licenses. © 2021 PayPal, Inc.
See also:
https://venmo.com/legal/us-licenses/
What a silly thing to say.