That's amazing, it took them 3 months to kill a scam app, but they proactively shutdown smaller apps that break no rules constantly. I swear someone in Google's exec team is going out of their way to make Google products suck. They've all been getting worse for the past several years. Search gives bad results, search qualifiers only work in "verbatim" mode, GMail sucks at spam filtering now, Android is becoming a PITA, Chrome is shoving in new bad features while killing old good features, etc. There was even a big thing about Google Voice having some massive change where lots of features were going away, so I pulled GV out of my life expecting it to go away, and literally nothing changed.
It's almost like Google is suicidal and these are calls for help.
There is a specific reason for this.
The scammers are repeat players. They have a thousand accounts, three quarters of them get shut down, they look at the other 250 to see what's different, make 1000 more accounts that look more like the ones that didn't get shut down, now only half of them get shut down and they get even more data on how to avoid getting banned.
Meanwhile the ordinary user has only one account, maybe two or three for small businesses and things. If one account gets shut down their life is disrupted and they have no idea why it happened or what to do about it or how to avoid it happening again.
Google have to shut down 1000 accounts for this one scammer and if they get 999 of them right and 1 of them wrong, the scammer still has an account and the honest user doesn't.
The real problem here is that we're expecting Google to do this instead of law enforcement. Is there a scammer? Arrest them. They can't make 1000 more accounts from prison and then Google don't have to play whack a mole while clobbering tons of innocent people.
How can a scammer make 1000 accounts? Don't they need to give Google Store some gov ID, credit card number? If this are too easy for scammers to get then ask for more documents that a legit company or developer would have. And you can make this more strict stuff optional, if you do not provide this documents your activity and reports are treated 100x more seriously.
My suspicion is that companies are using AI crap to handle user reports, some devs very exited to work on this cool new tech where they can replace even more people in support and QA with scripts.
As a user, I've had to jump through a lot of hoops like captcha, credit card number, phone number check, dns domain check etc. I've been told these are to prevent scammers making 1000 accounts. Now they tell me "well we can't prevent scammers, because they make 1000 accounts".
I am beginning to think someone is not 100% truthful to me.
Yeah, some companies are happy to let the bots thrive, I use reddit a lot and I would prefer to have 2 tiers of account,s, validated as real humans and not validated, then I would prefer if developers could do their job and put limits on non validated accounts with bot like activity. Bu they are happy with bots, I see people getting banned and getting back with a new account with same name just a small change there.
We had the case with Elon Musk complaining about bots and after the took over I read that he is fine with bots now,especially the ones that pay for the blue check mark.
I also wish police would do more in the cases of impersonation, where scammers impersonate people or institution, if this people are from a different country and that country does not collaborate then sanction them.
There is a cost to breaking captcha.
Stolen credit cards and other stuff.
People also complain that creating an account of arduous (especially in developing markets) if you have to do too much to create an account.
The complaint is from early 2023. I suspect that whatever anti-abuse systems exist on Google Play hadn't deeply integrated LLMs at this point, as this is just like a few months after the initial launch of ChatGPT.
Google had an AI before ChatGPT, remember that there was some Google developer that made a lot of noise that Google created artificial live and enslaved it or something like that ? And I said AI not LLM
That would be ideal, but getting 195 countries on the same page on cybercrime just isn't going to happen. As it is we have multiple countries where the government actively sponsors internet scammers.
It would be a lot simpler if cyberspace was declared a sovereign territory and Google became the official government of it, answerable to no other government on questions of digital affairs. That way they'd have the power to put all the spammers and ransomware gangs in their goolag for a very long time. Think this is a bad idea? Great for you. Keep letting people like Donald Trump be your digital government. Heck, make Google the government of meatspace too. If every neightborhood in America was run as well as a Google office, we'd all be living in paradise. Even in Google's currently evil debased declined state, it's still infinitely more competent and better than your corrupt compromised legacy government institutions.
Corporations are only efficient when they have corporate responsibilities. Corporations do only efficiency and can select customers. Government must guarantee equality and rights for everyone. Even criminals are citizens with rights.
Let me demonstrate. This is how Google would do it:
(1) Algorithm captures 90% of all criminals (it's a good algorithm)
(2) 5% (1/20) change that flagged account is a criminal (95% false positives)
(3) 0.01% (1/10000) of all accounts are flagged.
There are around 246 million unique Google users in the US. Closing just 24,600 accounts removes 90% of criminals. 90% change of capture is a good deterrent.
Google also removes 23,370 innocent accounts.
GOOGLE DOES THIS ALREADY. It's efficient and well-run (actual numbers may vary) but also brutal and unjust. Legacy government institutions do their job better than Google would.
Do you really believe the government is what gives you your rights?
Government maintains a system that enables you to protect your rights, and process to participate. That system can't be very efficient, because you need to have paper trail, and bureaucratic process. It's the process that gives you change to seek justice and protect your rights.
With Google you can only post complaint to HN and wish that someone working in Google notices, or that there is enough publicity to shame them.
At this point, Google should accept new sign-ups for critical products ONLY from countries that have a functioning law enforcement system when it comes to this - and check based on ID card/passport.
So if you have 1000 accounts, doesn't that mean you've submitted 1000 apps to the store or something?
I guess you make the same app and tweak it slightly 1000 times, since it's a low quality app probably it doesn't matter
Why can't they do deduplication of the same apk code being submitted and map all those accounts to a known history of shutdown accounts. Seems like a simple way out?
Might be true but at the same time if it takes you three months to process/verify a complaint from the Consumer Financial Protection Bureau you probably are doing a crap job.
Which in turn make it that much easier for scammer.
What a joke how can you believe that international justice will be fast enough to handle the issue of scammer spamming apps ...
In the end those app are probably against the store TOS and if Google can't manage to correctly enforce their own TOS you can argue it's partially on them.
They killed my Play Store account even after I had fulfilled the eligibility of not getting the account killed in time and never refunded the $25 (had no apps yet). I know this was nothing compared to losses others might have faced but they literally took/stole that $25 from me. They never responded to anything after the last email where they said "it is final.. something policy…" and all that. Nothing, no response at all. They had asked me to add a bank account while I was appealing this so they could refund and I could not add a bank account, there was no way, there was no documentation. They did not reply for 17-18 days and that was also denied and they just closed it saying "since I had not added an account in time… final.. no further response.." etc.
No no. They are fine.
Companies like Google, Apple, Microsoft, Amazon etc could they all this because they know the game is rigged in their favour in this world where everything is "legal" and not "justice" and with their resources they can legally take on many countries put together, let alone individuals. That's why they do what they do and they don't do what they don't do.
If it was via a credit card, consider doing a charge back. Sounds like you have plenty of evidence that they didn't provide the service they claimed they should have. Even for a small amount it hurts them much more with the CC processor.
If you plan to do a charge back on Google, better be prepared to lose access to your entire Google account [1] including Gmail.
[1] https://news.ycombinator.com/item?id=34016389
Don't forget mobile unless you are firmly in Apple camp with iPhone and iPad devices. You can switch to Apple ecosystem but then the overall cost in the end may be more than the chargeback amount.
It is a pain to install apps and use an Android phone with play services installed but not logged in.
Aurora Store should help a lot. (And also F-Droid!)
...or just create another Google account in a fake name.
And that's why Google/Alphabet ought to be split up.
You can screw over a small business with chargebacks, but not like a CC processor is going to drop Google over one, or tens of thousands of chargebacks.
Nobody is going to drop Google. Google is going to drop YOU. From everything.
What would you say about something like this? > https://news.ycombinator.com/item?id=41281628
Oh thank you for saying this about the spam I thought it was just me!
I’ve noticed a huge uptick in spam emails getting through to my mailbox over the last year
I get about 10 fake order confirmations a week. This can't be that hard to detect, right?
Wow, that is scary. Can I assume these are phishing emails? My point: They get you to "confirm" the fake order and harvest some personal information. I worry most about my parents. There is no way, at their advanced age, that they can distinguish between real and phishing emails. The Internet has gone to crap, again. Sigh.
I haven't invested a lot of time in them. They -always- have a PDF attached. It appears to be an invoice but never has my personal details, other than email address.
The subject is always either 'Order Confirmation' or 'Payment Confirmation.'
They always have a number at the bottom of email or the PDF to call for support/order cancellation. My best guess is that they want people call in rightly claiming they didn't make an order, then the phishing begins?
I've pasted one below, sans PDF. This one is a phone, but it seems to often be an antivirus subscription .
Notice it always comes from a personal name that doesn't even match the email address, not some fake company. That's why I don't understand why Gmail isn't blocking these!
--
From: Mark Kiehn <stevendouglas8689@gmail.com> Subject: Payment Confirmation
Need Help? (815) X (570) X (9159) Congrats on getting your new device! We trust you're enjoying your purchase and exploring all its amazing features.
Invoice ID: INV//#<8 digit number>
Product: OnePlus 10T Ref: #<8 digit number> Purchase Date: AUGUST 15, 2024 Total Amount: $397.24 Return Policy If you're not satisfied with your device, you can get a full refund within 48 hours of purchase. For assistance or to start a return, contact our support team.
Need Help? (815) X (570) X (9159)
It’s always the order confirmations
To be clear, I assume that modern, sophisticated spam operations are "leading the league" in LLM usage. It must be much harder to stop spam when each email can be individualized by an LLM. And let's be real: LLMs are already very, very good at producing text that sounds believable. I, myself, have been fooled many times already by recent spam, that is so much more believable than two year ago.
If GMail is getting worse, I can imagine that other, smaller mail services are getting much worse. The best explanation that I have read about why Google (and other major providers) are so good at spam filtering: They can observe a huge portion of the world's email, so they have the best training sets.
It is interesting that we never hear from GMail folks on HN. You see all kinds of Googlers pop-up into discussions with interesting insights about how the sausage is made. However, I cannot recall anyone from GMail appearing on HN to share some interesting behind-the-scenes stories.
SpamAssassin seems to work for me.
There’s a big uptick in one particular type of spam email for me. These ones have a huge amount of nonsense “words” at the end of it, which appear to be random strings of letters of random length. Their purpose seems to be to trick the spam filters that have no idea how to classify “witwicshmniss” as spam or not spam.
I blame Sundae Pichai. I don’t know how. But it has to be him.
If you believe what Wiki says, he has been involved in many of the Google products that have shaped our digital lives in the last 20 years:
That is quite a list. I have not accomplished even 1% as much!Product guys becoming CEOs is like someone focused on the technicals is pushed to marketing. I bet he is good at both.
This is a interesting point. Do you know if Satya Nadella's career at Microsoft was similar? (Personal note: I feel like he really turned it around. Microsoft is so much less combative that it used to be. Yeah, HN, I know: Not perfect, but much better than the original gang.)
Msft was hated before for its closed-ness. Google was loved for its service to the user. Both moved into the direction of marketshare. The end result is what we see today which is a drive for market share with less innovation. Or at least all innovation on the shelves put out for integration.
I've overseen the construction of several highway expansions and overpasses, and shouldered only the accusation of being a drive-by manager.
urgh - from google's pov the scam app was making 30-40M in rev and they get a nice 15-30% cut
they kill off smaller apps because they make little money for them
scam apps need to be proven they're a scam for them to be remvoed.
This sounds like HSBC’s relationship with drug cartels
It's exactly like that, even the top grossing "legal" apps are casino games anyways.
There's a reason Google is paying radio ads in the EU to convince everybody that they are helping small businesses, anybody who ran the figures on the mobile store knows that it wouldn't survive scrutiny.
But Google Search does surface a lot of small and local business.
Compare their search results with this: https://wiby.me
The scam app was having people send crypto to a personal wallet. No actual in app purchases. No cut for the store.
It's almost as if both false positives and false negatives exist!
Agree. I'm no fan of Google but when you are in the business of enforcing what amount to fuzzy (some would say arbitrary) rules you're going to let some crap slip by, and reject some innocent apps. It's these two tails though that will get the headlines.
To be sure, they should be called out for abuses on both sides of the equation, but it's understandable that it's going to happen.
The criticism seems to not be that they make mistakes, but rather that when they do, they don't care about or deal with the fallout.
Everybody is fallible, and that's okay, but only if you own up to it and fix it and make the victims of it whole. If you don't do that, you're fallible and an asshole.
Google also financially incentivized to be laxer with revenue generating apps and critical of low revenue noisemakers
Exactly
I have a lot to be thankful for personally because of google. In my bubble, Gmail gave me a solid free email client since the days my parents had AOL dialup. YouTube has been a literal magical experience for its video delivery service all these years, nothing came close to its reliability. Vimeo? (Please). Let's then talk about the first Android phone the G1 and the other early flagships like Nexus. They set the bar in so many ways (yes, Apple did too). The landscape has changed though, and Google has changed. I've always bought the latest phone direct from Google. I'm waiting on the P9 though. They to show they got what it takes still, like very much improving their spam detection in gmail. They have the capability, I believe. Google needs more than good leadership- they need to try to set the standard.
This is true of my experience with Google as well. I know it's fashionable to hate Google but Google's search was better than what was there before (altavista, webcrawler or those godforsaken screen cluttered portals). Gmail was/is vastly better than the alternatives. And even though I've always used Firefox it was Chrome that broke Microsoft's monopoly on web browsers. I suspect that a lot of their policies end up being that way to cope with any % of the whole world's population trying to cheat/scam/beat any system or rule.
I don't hate them, but like you I'm getting frustrated. I had to remove a link to my personal website from my personal gmail account because gmail would mark it as spam in everyone else's inboxes, including gmail boxes where gmail knows this email came from within gmail! I tried paying for GSuite but even then they still spammed my emails. Remove that single link, everything goes through. Absurd.
There's a verbatim mode?! That sounds incredible!
Yeah, it's not as good as google used to be, but at least it won't ignore your quotes and -exclusions. Click Tools and then All Results and click Verbatim.
This computing model generates profit for Google but doesn't result in a pleasant computing experience.
Everyone short of those capable of practically building portable devices from scratch is stuck with it.
While this may juice short term revenue, it's a long term plan for failure as you can't both survive AND drive your customers away.
What would you say about this? > https://news.ycombinator.com/item?id=41281628
i think with the amount of data that google has on its hand, they should be easily able to pinpoint the location of the scammer and let the law handle the rest. i suppose they must have a law team with them for all these types of issues.
They just pulled up another lie on my app that I record some forbidden device id and I just hesitate to shut everything down this time. Building a mobile app isn't worth the effort. The play store and the appstore are better suited to casino games and scams than real apps.
This may be closer to the truth than many people think. In an analysis from 3 months ago [1,2] it was alleged that Google search sucks so badly not just because of AI and whatnot, but because control of the search division was finally handed to the revenue people in 2019, who promptly rolled back important spam filtering in an effort to drive up searches. Deliberate use of dark patterns to increase "user engagement" is nothing new, of course, but I was still surprised that Google would sink this low. Don't be evil, bwa-ha-ha-ha.
[1] https://www.wheresyoured.at/the-men-who-killed-google/ [2] HN discussion: https://news.ycombinator.com/item?id=40133976
Why does nobody think that it may be plain corruption? It’s a single app that makes $2m. Imagine how many apps like that there are. Imagine if each gave 20% to certain key managers at Google.
We know it happens at governments. Why don’t we think it can happen at corporations?
Hubris
What's really exciting is that this suit is the type of thing that will only make the situation worse for smaller apps. More and more rules have been working so well for the Play Store I bet doubling them will really help.