The Illusion of Thinking: Understanding the Limitations of Reasoning LLMs [pdf] (ml-site.cdn-apple.com)

Native NDK is another can of worms, with updates linked to SDK or sometimes not, unclear documentation about device and API compatibilities, compiler behavior changes and other requirements (like the 16K one) that impact so many 3rd party native libraries.

But, of course, the rules on the uploading and the changes of the Console, that changes so often is what makes it painful.

The absolute nightmare is about giving Google the root signing key of your application, the unfinished business about app bundles (which should reduce the size of the downloaded app, and more often than not, make it bigger), the changes in compliance, letters to sign for different countries, the compatibility for Google form factors (XR, TV, Auto, Automotive), Inline installs and other Teacher Progams, Play for family and so on.

All of this changes non-stop and is very poorly documented :)

At least, the Play Store is still GPLv2 compatible, so for now, we're saved (VLC)

petedoyle · 50m ago

> The absolute nightmare is about giving Google the root signing key of your application

I wish more people talked about this. At Amazon, I helped with the early threat modeling around adoption of "App Signing by Google Play", which requires sending your app's root signing key to Google (and is now required, with no publicly-available opt-out for new apps.) It would have added some nice things for Android devs: app bundles, smaller downloads, instant apps, etc.

That said, we imagined the following scenario, and were unable to find a reasonable mitigation at the time:

It seems plausible the US government could send a NSL (or similar) to Google and force them to distribute modified APKs for apps like Signal (ex: to exfiltrate keys). This would be nearly impossible to detect, especially if the modified APK were distributed to only an individual user, or a small group. A few people raised concerns [1], but I don't recall Google ever giving a reasonable response.

[1] https://commonsware.com/blog/2020/09/23/uncomfortable-questi...

Edit: clarify no opt out for _new_ apps

codethief · 28m ago

> > The absolute nightmare is about giving Google the root signing key of your application

> It seems plausible the US government could send a NSL (or similar) to Google and force them to distribute modified APKs for apps like Signal

Since when do you have to hand over your signing keys to Google? I seem to remember the Signal devs saying that they preferred publishing their app on Google Play as opposed to F-Droid because in the former case they control the signing keys. Has this changed?

baobun · 19m ago

The require to get the private key? When they could ask for the cert and just cross-sign? Can't imagine any valid reason for that...

Would be nice to get a confirmation of this as it sounds wild.

nixosbestos · 32m ago

Well, this is one of those HN comments that I will never forget. Someone wrote (and then removed after a buyer purchased it and required it's take down) a stylometry analyzer once for HN comments. A supposedly senior-y Google-r lambasted some Snowden slides commenting things were impossibly unimaginable inside Google (this was before it has done become widely accepted that internal services at such companies such of course be using some transport security). I got in some silly fight with someone ... 13+ years ago? These are specific things I remember. And now probably your comment.

I didn't trust stock Android before, and I felt the sinking-gut feeling as soon as I realized where "upload root signing key" was going, but spelling it out here puts a ... fine point on things.

Thanks for the comment.

petedoyle · 16m ago

This, maybe :) https://en.wikipedia.org/wiki/MUSCULAR

pjmlp · 9m ago

NDK is bad, feels like a 20% project, and I think if it wasn't for game devs, the userspace would be Java/Kotlin only, just like ChromeOS is V8 only, for all practical purposes.

However a good way to minimise headaches with NDK is to stay by the Google rules, it is a complement to Java/Kotlin, with a specific set of APIs, and not a way to pretend Android is GNU/Linux.

ashishb · 2h ago

> Native NDK is another can of worms

Thanks for sharing this. I agree with your sentiment as one of my Android apps use vox SDK. However, my experience is very limited compared to you to write about it.

> The absolute nightmare is about giving Google the root signing key of your application,

I haven't and I don't think it is required.

> the unfinished business about app bundles

Can you elaborate what's unfinished here?

> the compatibility for Google form factors (XR, TV, Auto, Automotive),

My app is disabled for Android Auto in production. If I re-enable, then it gets rejected during the review. I have never been able to precise fix the issue they are raising to let me re-enable Android Auto.

For Chromecast (TV), I have to run a web server inside the app to serve the media.

flohofwoe · 39m ago

Also, things like debugging suddenly stopping to work after upgrading NDK/SDK versions without a peep by adb about what might be the problem. But who needs debugging right? ;)

dlcarrier · 2h ago

It's really copied from Apple's anti-consumer measures, which seem to be targeting free software. (Not just free as in speech, but also free as in beer.)

A developer might not care whether or not a fun project earns them anything, but Apple and Google want their cut, so if they make distributing software through their store expensive and time consuming, the free stuff will fall by the wayside, so the only options for a simple tool are either ad-laden or have recurring expenses.

Also, I used to think that getting an FPGA IDE up and running was the most painful, unreliable, and bloated development environment possible, then I met Android Studio.

tgsovlerkhgsel · 2h ago

The most effective way Google uses to keep free software out of the Play store is the search function and description rules.

You can put free, user-friendly software into the Play store. The Play store shows whether software contains ads or in-app purchases. But the Play store doesn't let you search by those criteria, and IIRC developers used to be prohibited from clearly advertising the main distinguishing quality of their software in the title (couldn't find the rule in the policies anymore so this may have changed).

Likewise, users can't search or filter for app size, which not only affects how much space the app eats on your phone but is also a great proxy for how much crap is bundled inside it.

So in effect, the good apps will be impossible to find amid the sea of SEO-optimized and/or paid placements of ads that can afford to do that because they are full of ads.

muzani · 1h ago

Oddly enough, I try to search for paid software because if I buy a game, I want to be able to complete it. Not like pay $5/month to access half the game, and another $50 to get to the final 20%, and another $100 to get to the final 5%.

It's not letting me do that either. Google Play Games (the separate app) has such a filter but it's seemingly random.

stavros · 1h ago

Well, at least I've learned not to bet against the cheaper way of doing something. If the Play Store is too expensive to list in, F-droid will thrive.

ashishb · 2h ago

> It's really copied from Apple's anti-consumer measures, which seem to be targeting free software

AFAIK, Apple also charges $99 per year to maintain a developer account on the Apple App Store, effectively shutting out any hobbyists who would like to provide their app with no monetization.

> the only options for a simple tool are either ad-laden or have recurring expenses.

Unfortunately, that indeed seems to be happening.

muzani · 1h ago

Agreed with the article. Some will say just do iOS/Cordova/React Native/Flutter. But these have all the same problems eventually.

Do web? You're just pushing the problem of accessing lower levels (esp. files and camera) to the browser. Browsers are not consistent. Some devices don't even update their browsers and it would break POST on a very specific version of Android.

There's a high end Samsung gallery that has a very inefficient way of displaying thumbnails. This is the default gallery. If the user has over 10000 photos or so, it freezes. People who buy this phone will often have a lot of photos. And they're rich; usually the investor. This bug doesn't show up in typical tests because QA can't afford this phone. So the fix is to avoid built in galleries, and write a custom gallery for the app that utilizes binary search or something. Major apps like FB and WhatsApp will have implemented their own in built gallery software so these device owners end up blaming the apps that don't.

realusername · 6m ago

> But these have all the same problems eventually.

I've maintainted a Flutter app and it's 10% of the maintenance of a normal Android or iOS app. The only real breaking change they had in 6 years was the switch to strict typing.

seanalltogether · 1h ago

This is one area I will give Apple credit for. While their app store is a pain to navigate, their framework support and dev patterns have stayed pretty consistent since the early days of iOS. My companies iOS app today looks very similar to how it looked 9 years ago when we started it, aside from changing from objc to swift, it's still driven by core data, view controllers and storyboard views. Our android app on the other hand is kind of a Frankenstein app that started with Activities, Java, Sqlbrite, Butterknife, manual state management and Dagger, and has mostly transitioned to Fragments, Kotlin, Room, Data Binding, ViewModels and no Dagger. It's still quite a mess that we'll never have the budget to fix up properly.

fuomag9 · 50m ago

This is the exact reason why my app is not available on the play store anymore, combined with the fact that google wants to publish my address even though I'm NOT a trader in the EU

askvictor · 1h ago

I've given up on my hobby apps. The coding side is easy; the bureaucracy of the app store makes in completely not worth it unless you're a company.

dedicate · 43m ago

We treat our apps like they're finished paintings to be hung on a wall, but Google and Apple treat them like tamagotchis we have to keep alive.

Jyaif · 6m ago

There's not 2 different versioning schemes, there's 3! Those clowns sometime use letters. Now you have to recite your alphabet just to know if one version is before or after.

lutusp · 1h ago

This fully reflects my own Android experience (https://play.google.com/store/apps/developer?id=Paul+Lutus) -- writing Android apps is by no means a write-and-forget experience. As time goes by more of my apps are dropped from the platform from my unwillingness to drop everything and rewrite code for each new Android version.

My original intent was to put my free, open-source apps on the platform, much as I had done before Android existed. But no -- Android doesn't work that way.

My best-known Android app is SSHelper (https://arachnoid.com/android/SSHelper/), a Secure Shell server meant for file transfers. Still works perfectly, dropped some time ago.

TankCalc (https://arachnoid.com/android/TankCalcAndroid/), same story. It's a well-known multi-platform app tank farm managers use to profile storage tanks. Still works, dropped from the platform.

And not just mine. Many other free, first-rate Android apps -- Termux (https://termux.dev/) comes to mind -- have been driven off the platform by Google's onerous demands and commercial focus.

It's as though a wall is going up between people who like programming and people who like money.

postsantum · 1h ago

That's nothing compared to the random lifetime bans if you step on some "high risk behaviour" triggers while publishing apps. With no recourse

And then that absolutely retarted 12-testers rule

jaoane · 2h ago

> Displaying notifications didn’t require permissions, now after API 33, it requires POST_NOTIFICATIONS

Good. Really tired of installing an app, forgetting about it, and then getting a bs notification a couple of days later to get me to open it again.

muzani · 1h ago

A lot of the changes are due to dark patterns. This was nowhere near as bad as the one that broke access to files and gallery, which would break saves for old games. There was another new breaking change on notifications, which probably prevented spoofing.

I'm still in full support of these. I keep telling people that social media apps are just massive violations of privacy and can just copy your password from clipboard or trace your location through images – I've been asked to code these at one time. At least these updates keep me from thinking I'm the paranoid one.

ashishb · 2h ago

> Really tired of installing an app, forgetting about it,

I don't think that app can send a notification to you anyway. An app that's never opened by the user cannot be launched programmatically and cannot run background code.

sumanthvepa · 2h ago

They probably mean that they installed the app, used it for a little while, and then, forgot about it.

Gortal278 · 2h ago

Yes it can, many app do it.

anothernewdude · 2h ago

I believe you can long touch the notification to see an option to uninstall the app directly from the notification.

ashishb · 2h ago

Exactly. I use it all the time to disable over-aggressive notifications.

eviks · 1h ago

> Upgrades for the sake of it

> Material 2 was deprecated for Material 3. No clear migration guide was provided. I tried to upgrade

Why would you do that? This is a self-inflicted wound that exactly matches the title. This isn't like another example of some important system library you need that gets removed, forcing changes

> Crucial third-party libraries have been deprecated

Since you've used them at this state for the whole of app's existence, you can continue to do so without any extra maintenance?

I mean, if you view any non-breaking changes as breaking, especially when it comes to UI, the amount of maintenance is infinite anywhere.

ashishb · 3m ago

> Why would you do that? This is a self-inflicted wound that exactly matches the title. This isn't like another example of some important system library you need that gets removed, forcing changes

As I mentioned elsewhere in the article, each library supports a certain version of Android; your old library will not support newer versions. E.g. API 33 onwards there is an edge-to-edge display, and older UI libraries won't be able to handle it.

ashishb · 5m ago

> Since you've used them at this state for the whole of app's existence, you can continue to do so without any extra maintenance?

Well, not, for example, "OkHttp 4.12.0 does not support Happy Eyeballs which is a major issue with IPv6 networks".

J_cst · 55m ago

bookmark

Joining Apple Computer (2018) (folklore.org)

Reverse engineering Claude Code (April 2025) (kirshatrov.com)

<Blink> and <Marquee> (2020) (danq.me)

YouTuber claims to have received an offer to buy the Commodore brand (amiga-news.de)

Convert photos to Atkinson dithering (gazs.github.io)

Bill Atkinson has died (daringfireball.net)

Fray: A Controlled Concurrency Testing Framework for the JVM (github.com)

Self-Host and Tech Independence: The Joy of Building Your Own (ssp.sh)

My experiment living in a tent in Hong Kong's jungle (corentin.trebaol.com)

Maintaining an Android app in Google Play Store is a lot of work (ashishb.net)

Coventry Very Light Rail (coventry.gov.uk)

FAA to eliminate floppy disks used in air traffic control systems (tomshardware.com)

BorgBackup 2 has no server-side append-only anymore (github.com)

Installing Microsoft Windows 98 in DOSBox-X (dosbox-x.com)

Louis Rossmann: We've started a foundation to bring back ownership [video] (youtube.com)

Discovering a JDK Race Condition, and Debugging It in 30 Minutes with Fray (aoli.al)

Why Understanding Software Cycle Time Is Messy, Not Magic (arxiv.org)

What was Radiant AI, anyway? (blog.paavo.me)

Field Notes from Shipping Real Code with Claude (diwank.space)

Researchers develop ‘transparent paper’ as alternative to plastics (japannews.yomiuri.co.jp)

Why We're Moving on from Nix (blog.railway.com)

Knowledge Management in the Age of AI (ericgardner.info)

Low-Level Optimization with Zig (alloc.dev)

A tool for burning visible pictures on a compact disc surface (2022) (github.com)

Washington Post's Privacy Tip: Stop Using Chrome, Delete Meta Apps (and Yandex) (tech.slashdot.org)

Getting Past Procrastination (spectrum.ieee.org)

How we decreased GitLab repo backup times from 48 hours to 41 minutes (about.gitlab.com)

A year of funded FreeBSD development (daemonology.net)

I read all of Cloudflare's Claude-generated commits (maxemitchell.com)

The FAIR Package Manager: Decentralized WordPress infrastructure (joost.blog)

Musk-Trump dispute includes threats to SpaceX contracts (spacenews.com)

You need much less memory than time (blog.computationalcomplexity.org)

OneText (YC W23) Is Hiring a DevOps/DBA Lead Engineer (jobs.ashbyhq.com)

The time bomb in the tax code that's fueling mass tech layoffs (qz.com)

Why are smokestacks so tall? (practical.engineering)

Reinforcement Learning to Train Large Language Models to Explain Human Decisions (arxiv.org)

An innovative superfamily of fonts for code (2023) (monaspace.githubnext.com)

Math Symbol Frequencies (leancrew.com)

The Illusion of Thinking: Understanding the Limitations of Reasoning LLMs [pdf] (ml-site.cdn-apple.com)

Hate Radio (2011) (rwandanstories.org)

Dolphin Emulator Progress Report: Release 2506 (dolphin-emu.org)

Reverse Engineering Cursor's LLM Client (tensorzero.com)

The AI Tool Used by Doge to Review Veterans Affairs Contracts (propublica.org)

Should I Use a Carousel? (2013) (shouldiuseacarousel.com)

Sandia turns on brain-like storage-free supercomputer (blocksandfiles.com)

Sharing everything I could understand about gradient noise (blog.pkh.me)

A masochist's guide to web development (sebastiano.tronto.net)

Highly efficient matrix transpose in Mojo (veitner.bearblog.dev)

Log-Linear Attention (arxiv.org)

Wendelstein 7-X sets new fusion record (heise.de)

Maintaining an Android app in Google Play Store is a lot of work

Comments (34)