Almost no apps need this permission, so being skeptical makes a lot of sense. File managers and other such apps are routinely permitted to use this permission, so it's not like Google is locking out utility apps or anything.

The current state of Google Play is the result of years of Google being too permissive by default and trying to patch things later while desperately trying to remain backwards compatible. Give advertisers a finger and they take the whole hand. Your average Android phone's internal storage used to be full of dotfiles, hidden directories, not-so-hidden directories, all full of identifiers and cross-identifiers to break the cross-app tracking boundary enforced by the normal API.

As far as I know, Google has made an API available for picking a directory to sync with. I'm not sure why NextCloud needs to see every file on my SD card when it can ask for folders to sync into and can use a normal file picker to upload new files without going through a file manager, but there's probably a feature somewhere hidden in their app that necessitates this permission.

The policy itself makes a lot of sense and I'd argue is beneficial for Google Play's user base. NextCloud's problem seems to be that Google isn't letting a human with common sense review their upload. Because of Google being Google, outcry is the only way to get attention from an actual human being when it comes to app stores (Apple has had very similar issues, though they claim their reviews are all done by humans).

EDIT: NextCloud states "SAF cannot be used, as it is for sharing/exposing our files to other apps, so the reviewer clearly misunderstood our app workflow." as a reason for not being able to use the better APIs, but I'm not sure if that's true. SAF has a dedicated API for maintaining access to a folder (https://developer.android.com/training/data-storage/shared/d...). I think NextCloud misinterpreted Google here.

File managers Backup and restore apps Anti-virus apps Document management apps On-device file search Disk and file encryption Device-to-device data migration

This Nextcloud app seems to be an app that mirrors your Nextcloud storage to your device, and I cannot understand why it would need all access to any other data stored on the external device -- with the enormous risk that entails -- much less that can't be selectively picked by the user. It isn't a file manager, it isn't a backup utility, it's a cloud provider with local mirroring. I get why Google told them to do things otherwise.

Another comment mentions this is "bad faith" security and that's just overly cynical. Android and iOS both suffered from basically trusting app developers, and both were burned for it. Hardening down and making apps only request precisely what they actually need seems to be a massive user positive.

[1] - https://developer.android.com/training/data-storage/manage-a... - the exclusions can be found at the bottom.

File sync tools need to go through scoped storage where you as a user select directories which they sync and then they can read them at will as well.

And perhaps using GrapheneOS while at it.

As long as Google doesn't remove the ability to sideload apps, Android users are fine.

Note that Google's and other American Big Tech apps do not have this issue, because Google only cares about taking permissions away from "small" players.

Spotify did this all the time where they would complain about Apple not allowing them access to some private API and then when they did didn't even bother to use it.

> Google allows Android apps to just demand access to all private photos

Your own words betray that you are probably confused about what the problem actually is. From my perspective, I think people generally want the same thing on both platforms: the user be in charge of which files the OS gives access to applications.

chroot was added to Unix in 1979.

But like anything so ambitious in scope, it doesn’t take much before you begin to push up against its boundaries (even as generous as they are). This is the kind of software that the biggest players in the industry devote armies of highly paid developers and billions of capital to. The accomplishments of the OSS community should not be diminished. I personally will continue to use and support these tools in my own capacity. But it’s kind of inevitable that, while they offer lots of cool major features, they won’t ever be quite as polished or refined as competing solutions from industry giants, or even other OSS apps that take a narrower, more uni-tasked approach.

Having read through most of these comments, I think the truth is probably somewhere between competing ideas, and everything else is subjective and context-dependent.

If you leave the beaten path it tends to break.

It's free and it feels wrong to complain but it's not good software IMHO.

They just didn't put in the work in 10 years despite repeated deprecation warnings.

This seems modus operandi from many OSS developers (syncthing is the other one that had the exact same issue) - ignore warnings, ignore migration guides, ignore API changes and then scream their heads off 6 YEARS later about how evil people are that they don't get unfettered access to users data anymore. And conveniently ignore that the migration path was available for longer than their product exists.

Google made it so painful and unreasonably expensive to get that access, they gave up. Now it's a Windows, Mac and iOS exclusive, no Android app anymore, despite it existing and having for over a decade been fully functional.

edit: next cloud is available from the app store, soooo, have fun on the otherside. And from the author:

> Apple gave zero fuss, we have had both versions on the store since day one.