• Thread Author
A quiet but consequential battle has been unfolding in the realm of mobile cloud storage, as Android users of Nextcloud—the European open-source cloud platform—found themselves abruptly losing a fundamental feature: the ability to upload all file types from their devices. While photos and videos remained accessible, essential non-media files like documents and archives could no longer be seamlessly saved to Nextcloud using the Android app. This fracture in user experience drew a wave of backlash from Nextcloud’s community and raised uncomfortable questions about platform fairness, regulatory oversight, and Google’s dominance in the mobile ecosystem.

Two smartphones show cloud data transfer, one with unlocked access and the other secured with encryption.
The Crux of the Conflict: A Key Android Permission Withdrawn​

At the heart of this controversy is the “All Files Access” permission on Android. Traditionally, this permission allowed approved apps to read and write any file on a device’s shared storage, not just those classified as media. For privacy-conscious users and businesses relying on end-to-end control of their files, this type of unfettered access is not just a “nice to have”—it’s a non-negotiable. Nextcloud’s Android client had leveraged this capability since 2011, aligning with user expectations of how a cloud tool should work.
Yet, seemingly overnight, Google revoked this vital permission for Nextcloud, citing “security concerns.” As a result, Nextcloud was forced to disable universal file upload from its app, truncating its utility and rendering it less competitive with both Google’s own cloud offerings and those of dominant U.S. tech firms. According to Nextcloud, this move was less about security and more about ensuring Google’s ecosystem retained its competitive edge.

Google’s Security Argument: Scrutiny and Skepticism​

Google’s rationale hinges on Android’s evolving security model. The “All Files Access” permission is powerful, and there’s an obvious risk of abuse if malicious actors gained deep access to user storage. Since Android 11, Google has significantly tightened the ability for apps to request this permission, citing the need to “keep users safe by minimizing exposure” to potential data breaches or harmful behaviors.
Proponents of this stance argue that such restrictions are overdue. Too often, spyware, unauthorized data collection, and malicious apps have taken advantage of broad storage permissions to siphon off personal data or execute exploits unseen by the average user. From a privacy-by-design perspective, limiting this capability is a logical step.
However, the application of these restrictions is where criticism intensifies. Google’s own apps—including Google Drive, Files by Google, and Photos—appear to retain broad storage access. Likewise, other “Big Tech” companies such as Microsoft and Dropbox allegedly continue enjoying similar exemptions. This “platform privilege” is not well-substantiated in Google’s public documentation, but complaints from smaller developers and rivals suggest a pattern. The question becomes: are security considerations being used as a pretext to stifle competition?

Nextcloud’s Argument: Level Playing Field or Gatekeeping?​

Nextcloud is blunt in their assessment: “All of you as users have a worse Nextcloud Files client because Google wanted that,” the company stated in a recent press release. They argue the new restrictions are not about improved safety, but about carving out market share and thwarting privacy-centric alternatives.
To replace the lost functionality, Google recommended the use of alternative frameworks—namely, the MediaStore API and the Storage Access Framework (SAF). However, Nextcloud claims these options fall short for its core use cases:
  • MediaStore API: Designed primarily for organizing and managing photos, videos, and audio files, but not general-purpose data like PDFs or ZIPs.
  • Storage Access Framework (SAF): While offering broader access, this framework requires per-file, user-initiated navigation—disrupting background or automated cloud backup workflows where user intervention shouldn’t be necessary for each transaction.
Nextcloud’s developers assert that these “solutions” are no solution at all for anyone needing robust, frictionless file sync. In their view, the current policy entrenches the status quo—favoring proprietary platforms and undermining both user freedom and technological diversity.

The Regulatory Perspective: Antitrust Parallels and Inertia​

This is not the first time a dominant platform holder has been accused of leveraging technical restrictions to sideline competitors. Nextcloud itself has made the comparison explicit, likening the situation to Microsoft’s infamous limiting of WordPerfect’s access to Windows APIs in the 1990s. Then, as now, platform owners justified their decisions as technical progress or necessary system hygiene; but in practice, critics saw these moves as self-interested gatekeeping.
In frustration, Nextcloud and 40 other organizations lodged a formal complaint with European antitrust regulators in 2021 regarding unfair restrictions and disproportionate requirements for obtaining core Android permissions. To date, however, they report scant progress—underscoring how slowly the regulatory gears can turn, even in the face of coordinated, cross-continental stakeholder pressure.

A Rapid Backtrack After Outcry​

In a noteworthy twist, broad criticism and sustained media attention appear to have pried open a temporary solution. Following mounting pressure, Google reportedly reached out to Nextcloud with an offer: reinstate the critical “All Files Access” permission, subject to successful testing. In a blog post, Nextcloud signaled cautious optimism, projecting the restoration of full file upload functionality within the following week, pending checks and final approval.
This U-turn is notable for several reasons. It suggests that user outcry and media scrutiny can still sway the strategic decisions of tech giants, at least when the dispute plays out in public. It also raises an awkward question for Google: if the removal of this permission was so essential for user safety, why restore it under pressure? Was the risk perhaps overstated, or did a more nuanced, case-by-case review of which developers truly “need” such access all along make more sense?

User Impact: Broken Workflows and Defensive Downgrades​

For the end user, the impact during the period of lost functionality was direct and disruptive:
  • Undermined cloud backups: Users who relied on Nextcloud to back up critical work documents, manuals, e-books, or coded scripts found only media files eligible for upload.
  • Broken automation: Those with automated file sync systems—where Nextcloud operated in the background to ensure 24/7 redundancy—faced breakdowns, as user-initiated, per-action file selection became the only way forward.
  • Push towards less secure practices: Some users, desperate to regain lost workflows, resorted to older app versions, APK side-loading, or unapproved file explorer apps that still held the necessary permissions, exposing themselves to potential risks.
From a community standpoint, the incident sowed mistrust. Users and admins adopting Nextcloud precisely out of a desire to escape U.S.-centric megacorporations now faced an ecosystem that felt just as closed, just as subject to the whims of a remote overlord. For privacy advocates and those managing regulated data, this was a significant setback.

Technical Analysis: Why “All Files Access” Still Matters​

Google's intentions to protect ordinary users from intrusive or predatory apps are not, in themselves, without merit. But “All Files Access” fills a functional gap in Android's security and usability model—one that generic solutions such as SAF or the MediaStore API do not close, especially for niche or power users:
  • Automated Data Synchronization: Businesses need regular, unattended, bidirectional synchronization of sensitive records. Forcing user prompts breaks automations and can cause version conflicts or even accidental data loss.
  • Custom File Types: Media-centric APIs do not cater to formats outside of images, audio, and video—which excludes many mission-critical enterprise and creative data types (CAD files, databases, code repositories).
  • Privacy-First Scenarios: Ironically, security-minded users who want control over how and where their information synchronizes (sidestepping U.S. cloud providers) are most affected by loss of this permission.
Careful vetting, audits, or graduated levels of file access could offer a balanced middle path. Many observers argue a more transparent and equitable policy—applying consistent standards to all apps, large and small—would protect users without ossifying the market in favor of incumbents.

The Competitive Context: Platform Power and the Problem of Privilege​

The Nextcloud episode is emblematic of a larger tension rippling through the software industry: the consolidation of power by platform gatekeepers, and the risk that policies intended for user safety become vectors for anti-competitive behavior.
Google’s tight control over Play Store app permissions, Apple’s vertical ecosystem, Amazon’s preferential treatment of its own brands—all are iterations of the same playbook. When a platform operator is also a competitor in key service markets (in this case, cloud storage), the temptation to tilt the playing field is ever-present.
Critics, including open-source developers and digital rights groups, see this pattern as a threat to innovation. The pace of technological progress, they argue, depends on interoperability, competition, and the freedom for new entrants to chase ambitious use-cases—even if doing so means taking on incumbents or challenging prevailing business models.

Potential Risks: Precedent, Lock-In, and Diminished Trust​

While this incident may be resolving in the short term for Nextcloud, it sets an uncertain precedent for others. What recourse do smaller organizations have if their ability to serve users is suddenly revoked by an opaque, centralized review process? How do we ensure that regulatory scrutiny keeps pace with new forms of platform power?
There’s also the risk of increased lock-in. As authorities in Europe and elsewhere deliberate over Digital Markets Acts and antitrust lawsuits, ongoing attrition of functionality in independent apps subtly nudges users back into default Google or Apple services—not necessarily because those are best, but because alternatives become impractically hobbled.
Finally, incidents like this can erode trust in the “permission economy” of major app stores. If users perceive that privileges are handed out or revoked for political or competitive reasons—not strictly for user safety—they may resort to circumventing official channels, potentially exposing themselves to privacy and malware risks.

Notable Strengths: Community Resilience and the Power of Public Scrutiny​

Despite the frustrations, this episode highlights some notable strengths within the wider digital ecosystem:
  • Vocal User Community: The speed and volume of user feedback, amplified by media coverage and social sharing, demonstrated that users expect and will defend the features that make their tools useful—even against major industry players.
  • Transparency and Advocacy: Nextcloud’s willingness to speak publicly, explain technical trade-offs in plain language, and coordinate with other affected organizations helped place the issue on the public agenda.
  • Regulatory Momentum: While slow-moving, coordinated action from digital rights groups and European regulators signals that platform privilege is subject to oversight—a dynamic that will shape future digital competition policies.

The Path Forward: Opportunities for Reform and Cooperation​

If this controversy is to have a silver lining, it may serve as a wakeup call that improvement is both necessary and possible. Some potential reforms and solutions include:
  • Granular Permission Models: Rather than a blunt yes/no gatekeeper model, Android and its store could evolve toward more nuanced, context-specific permissions with robust auditing and transparency for all participants.
  • Leveling the Playing Field: Subjecting all apps, regardless of origin, to the same scrutiny and approval criteria—preventing platform owners from quietly exempting their own products or partners.
  • User Education and Empowerment: Empowering users to make informed decisions and manage app permissions with fine granularity, while ensuring clear disclosures about the implications of those choices.
  • Open Standards and Interoperability: Fostering APIs and frameworks that empower both end users and developers to experiment, without unnecessary constraints—provided privacy and security are respected.
  • Clearer Regulatory Oversight: Ongoing engagement between regulators, advocacy groups, and industry to prevent the digital marketplace from calcifying in favor of a handful of incumbents.

Conclusion: More Than Just a Technical Glitch​

What began as a technical dispute over file permissions has blossomed into a microcosm of modern platform politics. The Nextcloud-Google conflict illustrates the fragility of competition, the importance of transparent rulemaking, and the enduring need for balance between user safety and technological innovation.
As the digital world grows ever more complex—and as users become simultaneously more dependent on, and wary of, the infrastructure that underpins daily life—these questions will only grow in urgency. If the lesson from this saga is that vigilance, transparency, and collective action can still effect change at the highest levels, it is also a reminder of how quickly valuable freedoms can be lost or restored at the stroke of a policy update.
For Android users looking to control their own data and destiny, the episode is also a signal: Pay attention to platform policies, support the tools and communities that empower rather than enclose, and never underestimate the power of making your voice heard.

Source: TechRadar Android users lose key Nextcloud feature because Google said so, and the reason doesn’t add up
 

Back
Top